Check Point Email Security | Blog

Capital Caring: Avanan Cloud Security for Healthcare

Written by Michael Landewe | March 6, 2018

Since 1977, Capital Caring has improved care for those facing life-limiting illness through public education, advocacy, and direct support of patients and their families. Over 650 employees and 850 volunteers offer hospice, palliative care, and counseling to more than a thousand patients and their families each day.

The Daily Email Challenge

For Hershell Foster, Capital Caring’s CIO, email security was a constant worry. Like so many healthcare organizations, employee inboxes were inundated with hundreds of phishing and other malicious messages each day, confusing users and potentially putting patient data at risk. Even with aggressive training, it was difficult for employees and volunteers to filter out the increasingly sophisticated attacks.

"We knew we had a problem with email, but felt that perhaps the only solution was end-user education. After seeing Avanan and what it was able to catch, we knew there were more protective measures we could take."
- Hershell Foster, CIO, Capital Caring

 

They Are Not Alone

Email-based attacks continue to plague healthcare organizations. A recent HIMSS Analytics survey revealed that 78% of providers experienced a ransomware or malware attack in the last year. U.S. healthcare providers overwhelmingly rank email as the number-one source of a potential data breach with 93 percent rating email as mission critical to their organization. Because of the regulatory issues of exposing patient information, a compromised account could lead to even more expensive compliance fines, even after the initial threat has passed.

 

The Microsoft Solution Was Not Enough

As an Office 365 customer, Foster turned to Microsoft for help, upgrading every account with Advanced Threat Protection (ATP) sandboxing and SafeLink protection. While this did provide more tools with which to monitor malware and phishing attacks, it left a lot to be desired. Users immediately noticed the increased delay to receive email and IT discovered that malware and phishing emails were still landing in users' mail boxes, many of them highly targeted and some seemingly from within the organization itself.

 

The Search for Additional Security

Instead of replacing Microsoft’s security, Foster looked to add an additional layer of protection. In his research, he learned an important lesson about Email Security Gateways. These external proxies require a company to update their DNS to reroute incoming email and, surprisingly, bypass Microsoft’s own layers of defense. When deployed, Office 365 must be configured to categorically trust the mail proxy and accept all incoming email without filtering. In this way, adding an external mail gateway actually reduced the level of protection. Worse, external mail security solutions were blind to the internal messages that Foster worried might be coming from compromised internal accounts.

 

"What attracted us to Avanan initially was the ability to add additional layers of security for Office 365 without the need to reroute our email. This was critical for us as the other gateway options introduced additional hops in front of Office 365 and amounted to a total remove-and-replace of Microsoft’s security."
- Hershell Foster, CIO, Capital Caring

 

The Avanan Solution

Avanan is the only security solution that protects from within Office 365. Avanan offers a cloud-based platform that includes the combined technology of over 60 best-of-breed security vendors to provide zero-day malware, phishing and ransomware protection, data leak prevention, encryption, file sanitization, account takeover protection, shadow IT management, and other categories of security for the cloud. Because it does not use a proxy or reroute traffic, it can be deployed in just a few minutes and has no effect on the end user experience.

“What attracted us to Avanan initially was the ability to add additional layers of security for Office 365 without the need to reroute our email. This was critical for us as the other gateway options introduced additional hops in front of Office 365 and amounted to a total remove-and-replace of Microsoft’s security features.” After a five-minute deployment, Avanan began scanning all new email—inbound, outbound, and internal. At the same time, it began analyzing historical messages, going back in time to discover previous malware and phishing attacks that might have been missed over the previous year.

 

Multiple Layers of Protection

“We knew we had a problem with email, but felt that perhaps the only solution was end-user education. After seeing Avanan and what it was able to catch, we knew there were more protective measures we could take.” The true value of the Avanan platform was the ability to add multiple layers of additional protection at a cost that was much less than adding the single MTA solution. The email scanning tools could identify zero-day threats much faster, with a higher catch rate and, more importantly, the Avanan antiphishing capabilities caught the attacks that Microsoft missed.

 

More Than Just Email. More Than Just Malware and Phishing

Ultimately, Capital Caring selected Avanan to not only help secure email but provide full cloud security across all of Office 365. “We certainly liked the catch rates we saw with Avanan, but their solution went well beyond that. Avanan helped us extend data security controls to OneDrive and SharePoint such that we were able to identify and control confidential patient data.” Avanan scans every file to both quarantine malware and actively control HIPAA-sensitive data.

 

Post-breach Protection

Because the Avanan platform integrates with the entire Office 365 environment, it protects more than email messages and files. It monitors every user event and configuration for signs of a compromised account or other insider threat. Using months’ worth of historical event data, the machine-learning algorithms create user and organizational profiles to understand both roles and behavior. This makes it possible to stop a potential threat as it happens, or find an historical breach that might have gone unnoticed.

 

Conclusion

Capital Caring deployed the Avanan platform to protect their email users, but very quickly expanded its service to the entire Office 365 environment, applying both advanced zero-day protection and data leak prevention for file sharing and the other Office apps. More importantly, Avanan was able to look through the last year’s worth of email and user activity to identify potential security concerns and, at the same time, confirm that no confidential data was compromised. Ultimately, they were able to determine that with the multiple layers of Avanan security, they could eliminate the additional costs of Microsoft’s Advanced Threat Protection, saving money without reducing security.


Download this case study (PDF)