Body

 

 

Customer Needs

Isolate and segment PCI environment

Deny traffic from unauthorized systems

Reduce time and cost of audits

Isolate PoS system traffic

Enable PoS communication across any network

Constraints

Flat L2 and Bridged L2/L3 Networks

Shared health systems network

Small staff and outsourced PoS development

Deploy in 3 months before PCI Audit

Results

Isolated and segmented hundreds of PoS systems

Deployed in less than one week

50% faster audit, 30% less cost

Segmented machine-to-machine encrypted access for remote Developers

Instant add and revocation for peer-to-peer WAN network communications

 

Patient Quality, Care, and Safety Realized

Listed among the top 10 hospitals in the U.S, this provider needed to segment their Point of Sale systems and get them off the health systems' shared network. After a failed PCI audit, they needed to comply with PCI requirements but also eliminate the PoS systems from becoming attack vectors. They were on the same networks that were supporting the hospitals' medical devices and patient records with nothing more than VLANs, ACLs, and firewall rules standing between them.

With hundreds of PoS systems spanning gift shops, cafes, parking, and pharmacy sales, the scope was large and affected nearly every network across their campus.

 

Eliminate Internal Firewalls and VPNs

The hospital had used a combination of firewalls, VPNs, VLANs and ACLs to control access and segment their PoS environment but found it too complex and error-prone to maintain. They were determined to find an alternative to the complexity that caused them to fail their PCI audit.

 

Simple, Non-Disruptive Deployment

The hospital selected Tempered Networks after the security team ran a pilot to test the unique claims of IDN’s ability to rapidly isolate, segment, and control access to PCI systems. With no training, it took the team less than an hour to deploy their pilot without having to modify the underlying network or disrupt the PoS systems.

 

Make PoS systems Invisible

Specific PoS systems, like parking kiosks, were grouped into their own encrypted overlay network to allow only authenticated network communication between the kiosks and their settlement servers and gateways. No other systems on the shared network were able to establish communications with these systems let alone discover or see them. The hospital effectively cloaked their entire PCI infrastructure from all other systems. All PCI communications were encrypted, isolated, and ran unimpeded able to communicate only with their whitelisted and authenticated peers. They were able to eliminate their internal firewalls and the use of addresses and ports as a way to allow or deny internal access.

 

Peer-to-Peer WAN communications Made Simple

After their purchase, the hospital now had the recipe for rapid deployment and the creation of WAN overlay segments. In less than one day they had deployed a production IDN for developers using HIPclients for developer devices, the HIPrelay for private IDN routing, and HIPservers on all PoS servers. With just a few steps they grouped these machines into their own overlay network and set trust relationships between the HIPclients and HIPservers, not the whole network as before with VPNs. The ability to instantly add, move, disable, or revoke developer access gave them complete control over who, when, and what could be accessed down to specific clients and servers.

 

 

“Our PoS infrastructure is completly hardened from the inside out, something we were not able to do using our next-gen firewalls and VPNs. Only authorized PoS systems can establish communication with each other via ID network segments in our overlay network."

Manager, Security Architecture
Northeast Healthcare Provider


Fast Deployment with an Even Faster and Successful Audit

Deployment of Tempered Networks took approximately one week from start to finish. Completing early allowed the team to do more penetration testing and to their delight, they frustrated the pen testers who could not find the IP addresses associated with their PCI environment. Because of Tempered Networks built-in PCI audit reports, the audit itself was able to complete in half the time at a third of the cost.

 

 

 

 

 

Experience the same simplicity, security, and cost-savings