Splunk
  • Pricing
  • Training
  • Support
    • Support Portal
    • Support Programs
    • Contact Support
    • Splunk Answers
    • Documentation
    • Product Security Updates
    • Getting Started with Splunk Software
    • Community Support
    • Splunk Services
    • Deutsch
    • Español
    • Français
    • Italiano
    • 日本語
    • 한국어
    • Português
    • Pусский
    • 简体中文
    • 繁體中文
    • Login
    • Sign Up
Splunk
  • IT
  • SECURITY
  • IoT
  • BUSINESS ANALYTICS
  • WHY SPLUNK?
  • EXPLORE
    Products | Overview
    CORE
    • Splunk Cloud
    • Splunk Enterprise
    • Splunk Investigate
    • Splunk Data Fabric Search
    • Splunk Data Stream Processor
    IT OPERATIONS
    • Splunk IT Service Intelligence
    • SignalFx
    • VictorOps
    • Splunk Insights for AWS Cloud Monitoring
    • Splunk App for Infrastructure
    SECURITY
    • Splunk Enterprise Security
    • Splunk Phantom
    • Splunk User Behavior Analytics
    IoT
    • Splunk for Industrial IoT
    BUSINESS ANALYTICS
    • Splunk Business Flow
    Industries
    • Communications
    • Financial Services
    • Healthcare
    • Public Sector
    • All Industries
    Company
    • About Splunk
    • Customers
    • Partners
    • Trek-Segafredo Partnership
    • Pricing
    • Value Calculator
    • Blogs
    • Free Trials and Downloads
    • Resources
  • Free Splunk
Splunk Free Splunk
Login | Sign Up
IT
SECURITY
IoT
BUSINESS ANALYTICS
WHY SPLUNK?
Products
Overview
  • CORE
  • Splunk Cloud
  • Splunk Enterprise
  • Splunk Investigate
  • Splunk Data Fabric Search
  • Splunk Data Stream Processor
  • IT OPERATIONS
  • Splunk IT Service Intelligence
  • SignalFx
  • VictorOps
  • Splunk Insights for AWS Cloud Monitoring
  • Splunk App for Infrastructure
  • SECURITY
  • Splunk Enterprise Security
  • Splunk Phantom
  • Splunk User Behavior Analytics
  • IoT
  • Splunk for Industrial IoT
  • BUSINESS ANALYTICS
  • Splunk Business Flow
Industries
  • Communications
  • Financial Services
  • Healthcare
  • Public Sector
  • All Industries
Company
  • About Splunk
  • Customers
  • Partners
  • Trek-Segafredo Partnership
Pricing
Value Calculator
Blogs
Free Trials and Downloads
Resources
Pricing
Training
Support
  • Support Portal
  • Support Programs
  • Contact Support
  • Splunk Answers
  • Documentation
  • Product Security Updates
  • Getting Started with Splunk Software
  • Community Support
  • Splunk Services
Languages
  • Deutsch
  • Español
  • Français
  • Italiano
  • 日本語
  • 한국어
  • Português
  • Pусский
  • 简体中文
  • 繁體中文
Case Study

Union Hospital Gains Comprehensive Visibility Into Security Landscape and Microsoft Infrastructure

Industry
Healthcare
resource-icon
Download PDF
Splunk at UHCC

Executive Summary

Union Hospital of Cecil County (UHCC) in Maryland is a 122-bed, nonprofit, full-service healthcare facility, nationally recognized for its clinical excellence. Staff members and physicians deliver outpatient, surgical and emergency services, including an average of 20 procedures a day in the hospital's six operating rooms. Like all healthcare providers, UHCC must safeguard its patients' records. Since deploying Splunk Enterprise, the hospital has seen benefits including:

  • A more robust security posture
  • Accelerated application development and testing
  • Extensive operational visibility across infrastructure
SPLUNK PRODUCT
Splunk Enterprise
Splunk App for Microsoft Exchange
Splunk App for Windows Infrastructure
Splunk Support for Active Directory
Google Maps for Splunk
SPLUNK SOLUTION AREAS
Security
IT Operations
Application Delivery
Challenges
    • Wanted to analyze logs from key systems to aid in detecting intrusions
    • Cumbersome manual processes and limited employees resources to monitor security data
    • Needed to correlate large amounts of data from numerous disparate systems
    • Needed visibility into Microsoft Exchange server to monitor how email enters and moves across the infrastructure
Business Impact
    • A more robust security posture with reduced time needed to investigate and resolve security events
    • Accelerated application development and testing
    • Full visibility into Microsoft Exchange environment
    • Extensive operational visibility across entirety of infrastructure
    • Compliance with healthcare regulations
    • Greater IT efficiencies
Data Sources
    • Active Directory domain controllers
    • Firewalls
    • Anti-virus servers
    • Microsoft Exchange server
    • PowerShell data

Why Splunk

Union Hospital relies on firewalls, anti-malware software and Active Directory domain controllers to deter breaches and advanced persistent threats (APTs). But UHCC's many systems generate gigabytes of logs daily, making scrutiny of this data laborious. Its 30-person IT staff lacked the resources to monitor, correlate and analyze logs from security solutions. "For a robust security posture, we had to expedite the tracking and cross-referencing of logs," says the security analyst for Union Hospital. "We can't comb through gigabytes of data looking for needles in the haystack. For added protection, we also wanted visibility into our Microsoft Exchange server to monitor how email enters and moves across our infrastructure."

The IT staff worked with BAI Commercial, a provider of network security solutions, to install Splunk Enterprise and link the software to the hospital's firewalls, anti-virus servers and domain controllers. The team also deployed applications that integrate with Splunk Enterprise, including the Splunk App for Windows Infrastructure to monitor and manage UHCC's Windows infrastructure, the Splunk Support for Active Directory app, which offers such functionality as searches of Active Directory for information, and Google Maps for Splunk for delivering geo-visualizations. The team also installed the Splunk App for Microsoft Exchange to gather performance metrics, log files and PowerShell data from the application and related components.

“Correlating a firewall event with Exchange or Active Directory logs used to require so much time. Thanks to our Splunk solution, when I now need to investigate an incident, I have the full story in front of me. Instead of spending days trying to piece together what happened, I do so in minutes.”



Security Analyst, Union Hospital

Full operational visibility into Exchange

Using dashboards and reports from the Splunk App for Microsoft Exchange, UHCC’s IT staff now has full visibility, including performance metrics, into Exchange and its underlying infrastructure such as Active Directory, Windows and OWA. Available dashboards cover IT operations, security, capacity planning and even help desk functionalities. As an example of operational insight, the IT team built a dashboard in response to a request from the director for IT to enable him to track the size and usage of employees' email accounts, allowing the size of mailboxes to be expanded when quotas are exceeded. Analysts can track email traversing the entirety of the hospital's network and can correlate Outlook Web App (OWA) data with firewall and anti-malware logs to determine whether any suspicious files have entered the infrastructure. 

Bolstering security posture with advanced analytics

Splunk Enterprise now serves as a security intelligence platform at UHCC, helping analysts detect both known and unknown threats. Reading and correlating logs from multiple sources in multiple formats was previously challenging, but analysts now access data and correlate events almost instantaneously. Because the Splunk platform can capture and index data over time, they can deploy Splunk dashboards to track historical trends for an array of security metrics and launch investigations when events or actions deviate from baselines or appear abnormal.

To help detect APTs, the Splunk platform alerts IT on attempts to remotely access the hospital's infrastructure from foreign countries in which the hospital does not do business. “Rather than traditional robotic malware, APTs are directed by cunning cybercriminals, which is why we need Operational Intelligence to spot and prevent them,” says the security analyst. ”Splunk software allows us to cross-reference any data at any time, letting us identify attack patterns and unauthorized actions that would otherwise go undetected.”

This awareness also extends to malware that circumvents firewalls and enters the network through employees' laptops. Splunk dashboards for the antivirus server keep analysts apprised of detected infections. They can search for particular virus signatures to determine which devices are infected and take corrective measures promptly.

 

”Rather than traditional robotic malware, APTs are directed by cunning cybercriminals, which is why we need Operational Intelligence to spot and prevent them. Splunk software allows us to cross-reference any data at any time, letting us identify attack patterns and unauthorized actions that would otherwise go undetected.”



Security Analyst, Union Hospital

Covering the entire network

UHCC is planning to use the Splunk solution to gain holistic views of its entire virtualized infrastructure. The hospital is considering indexing logs from its clinical applications to track and audit transactions and patient access. ”Now that we're achieving our core security objectives, we're envisioning using Splunk software for network monitoring, performance metrics and diagnostics,” concludes the security analyst. "Our Splunk solution definitely makes our lives easier not only for compliance but for general troubleshooting. We're getting an excellent return on our investment and that will only improve as we expand into additional use cases.”

PRODUCTS
  • Splunk Cloud
  • Splunk Enterprise
  • Splunk Investigate
  • Splunk IT Service Intelligence
  • Splunk Insights for AWS Cloud Monitoring
  • Splunk App for Infrastructure
  • VictorOps
  • Splunk Enterprise Security
  • Splunk Phantom
  • Splunk User Behavior Analytics
  • Splunk for Industrial IoT
  • Splunk Business Flow
FREE TRIALS AND DOWNLOADS
PRICING
CALCULATORS
  • Splunk Value Calculator
  • Critical IT Incident Calculator
SOLUTIONS
  • IT
  • Security
  • IoT
  • Business Analytics
INDUSTRIES
  • Aerospace and Defense
  • Communications
  • Energy and Utilities
  • Financial Services
  • Healthcare
  • Higher Education
  • Manufacturing
  • Nonprofits
  • Online Services
  • Public Sector
  • Retail
CUSTOMERS
RESOURCES
  • E-books
  • Recorded Webinars
  • Videos
  • White Papers
  • More...
STRATEGY AND BUSINESS INSIGHTS
  • AI Ops
  • Machine Learning
  • Data Insider
  • Data-to-Everything
  • More...
PARTNERS
  • Become a Partner
  • Partner Login
  • More...
SUPPORT
  • Support Portal
  • Contact Support
  • Splunk Services
  • Support Programs
TRAINING
ABOUT SPLUNK
  • Careers
  • Events
  • Investor Relations
  • Leadership Team
  • Locations
  • Newsroom
  • Splunk for Good
  • Splunk Protects
  • Splunk Ventures
  • More...
CONNECT WITH SPLUNK
  • Support
  • Partners
  • Sales
SPLUNK SITES
  • Splunk Answers
  • Blogs
  • Community
  • .conf
  • Developers
  • Documentation
  • Splunkbase
  • SplunkLive!
  • T-shirt Store
  • User Groups
Splunk
Sitemap | Contact | Careers | Privacy | Terms of Use | Export Control | Modern Slavery Statement
© 2005-2019 Splunk Inc. All rights reserved.
Splunk, Splunk> and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.