Healthcare IoT Security 2022
Moving beyond Device Visibility

Healthcare IoT Market Insights

The majority of respondents report that their vendor is at least moderately involved in risk-remediation efforts. Most respondents say their vendor approaches risk remediation in one of three ways: (1) they remediate risk with their platform’s technology, (2) they remediate risk with their services or support, or (3) they primarily leave risk remediation to the customer and assist when asked.

Palo Alto Networks offers a different approach to healthcare IoT security with their enterprise security solution, which provides IoT security in addition to other security solutions (e.g., firewalls). Customers are generally satisfied with the solution, though a couple report significant concerns. The most and least satisfied Palo Alto Networks customers are those who were originally customers of Zingbox, which Palo Alto Networks acquired in 2019. Many satisfied customers say the solution provides increased awareness of device vulnerabilities. Some say service levels, response times, and staff turnover have been challenges since the acquisition, while others say their service levels have been unaffected. A few dissatisfied respondents report challenges with functionality, such as a high number of unmatched devices, a difficult learning curve, and stagnant post-acquisition development. Respondents also note limited or complicated integration with various systems (e.g., firewalls, scanners, and the ticketing system). Frustration with device-discovery functionality has prompted multiple customers to replace or consider replacing Palo Alto Networks. The vendor’s post-acquisition IoT product is now part of the vendor’s broader security platform; in the last 12 months, KLAS validated one organization that purchased Palo Alto Networks in this way.

A Note about Sensato

Sensato is a cybersecurity company that offers software as well as network-monitoring services, especially for small critical access hospitals (CAHs). Interviewed Sensato customers highlight how beneficial the vendor’s network-monitoring services are, and some are satisfied with Sensato’s integrations and healthcare focus. Two wish they could access their data independently rather than having to go through Sensato. Prospective customers infrequently consider Sensato alongside typical IoT security vendors. When the vendor is chosen, customers consistently report high satisfaction.

Medigate

2021 Best in KLAS winner. Recently acquired by industrial cybersecurity company Claroty (January 2022). Respondents highly praise the platform’s intuitive nature. Vendor consistently improves system and is considered and chosen in many purchase decisions. Customers often midsize or large.

“The interface and the capabilities of Medigate are far superior to the capabilities of other vendors we looked at. The way the product looks is not only more professional, but also well done, easier to use, and more intuitive. . . . What made the difference was the team of people behind the product. We really felt like we were being held by the hand throughout the entire process. That gives us confidence that we are going to be licensing something that we can utilize. If something goes wrong, Medigate is there.” —Security manager

“If Medigate could beef up the support staff they have, that would be helpful during the implementation. The support after the implementation is great, but during the implementation, the vendor could have more people available. Even though the installation is very simple and straightforward, it would still help to have more engineering talent on the vendor’s side. We also don’t have any packaged come-up-to-speed videos or things like that.” —CISO

Ordr

Offers strong technical background with several former Cisco employees. Almost all respondents satisfied. Customers frequently use platform to understand device behavior and information traffic. Mixed feedback on integration—some mention challenges, while others praise available integrations. A few say necessary fixes can take a while to be delivered. Respondents report an improved user interface.

“I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. . . . That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific-device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.” —CISO

“We are looking to dump the information into our asset database and another tool our clinical engineers use. We were supposed to get integration with that through an API, and we ended up getting it, but Ordr took a much longer time to deliver that than we anticipated.” —CISO

Palo Alto Networks

Acquired Zingbox in 2019, and current customers are a mix of long-standing Zingbox customers and customers using the IoT product as part of Palo Alto Networks’ enterprise security offering. Feedback around integration and support is mixed, though a majority are satisfied. Several customers see risk remediation as their own responsibility, with the platform providing assistance.

“The product gives us fast and easy visibility for snap judgments. We can make educated decisions on what is going on in our environment very quickly with the tool. I have no doubt about what is happening because of the feedback I get. It is highly accurate from an IT and security perspective. The product is logical and easily understood. I have a high level of comfort with the feedback that we get.” —IT director

“When we bought a Palo Alto Networks firewall, we expected it to integrate with the other products from the vendor. I can see that Palo Alto Networks borrowed technology between the firewall and IoT Security, but the products don’t integrate directly yet. . . . One should be a module within the other, but that is not the way things are with the recent merger. . . . There are some things that should be intuitive that Palo Alto Networks just hasn’t done yet.” —Security manager

Armis

Cross-industry vendor growing their healthcare customer base. Has received enough funding that customers feel comfortable with their financial viability. Some customers say robust engineering team and available integrations contribute to satisfaction. One customer unsatisfied with decline in service, integrations, and lack of outcomes.

“The Armis system gives our organization visibility into devices on our network that we were lacking. With all the integrations provided, we are about to leverage the platform to effectively identify, investigate, and respond to threats. Since the majority of our tools are integrated with the Armis system, it has become our primary investigation tool for on-network devices, providing data enrichment and context.” —Security manager

“When we started digging into the actual data, we found there were some interesting discrepancies about how the vendor profiled things, like handling IP address changes, that aren’t very visible to the customer. If the IP address of a radiology workstation changes and becomes somebody’s workstation, we don’t have our network segmented properly, but Armis doesn’t necessarily have that information. . . . Now the workstation has a bunch of different vulnerabilities because that is what that workstation had when it came across the network. The data is there, but we can’t trust it; if we can’t trust it, then we can’t act on it.” —Security analyst

Asimily

All respondents very satisfied (on 100-point scale, all rate experience 90+). Customers report responsive, supportive relationships and high value for clinical/biomedical departments. User interface is most commonly mentioned opportunity for improvement.

“Asimily is on top of threats. My contact at Asimily sends me reports about what they are seeing and doing with respect to the medical device, and they give me recommendations. The recommendations are on target. I have a lot of faith in Asimily from a technical perspective to get the contracted job done. The niche is very important to us, and Asimily’s system has been a very good offering for us. I have been able to sleep at night with respect to medical devices. I can hand the work off to somebody who has a medical background and a lot of ins with a medical device database.” —Security director

“Tracking is an area that needs to be improved. Asimily’s inventory was a little stale. We didn’t really have a good inventory, but we do now. We are working on the reporting of the inventory so that we can see where the devices are, where they stand with respect to patching, and what specific attacks or vulnerabilities have been found in the scanning. I can log in to Asimily’s site and grab all of that information, but that takes me a lot of cycles. I want Asimily to give the information to me on a monthly or quarterly basis. . . . We want Asimily to be like a managed service security provider for medical devices where they do everything.” —Security director

Cynerio

All respondents satisfied (on a 100-point scale, most rate experience in 90s, one in 80s). Engaged vendor that helps customers go beyond device visibility to genuine risk reduction. Customers report high value in IT/networking departments. Has small, midsize, and large customer organizations; organizations that have recently chosen to purchase Cynerio validated as mostly large.

“As soon as Cynerio releases a major update, they provide education for our team. In fact, Cynerio has regular meetings where they review with us what they recommend for the next steps for mitigation. . . . They are helping us determine which things we should tackle first to be more productive and effective in our cybersecurity goals. . . . Cynerio can have the best product on the planet and the most innovative technology, but if people don’t know how to use it or how to implement or access it, it will be a complete failure. Cynerio has taken that idea to heart, and they have really stepped up.” —IT director

“At first, Cynerio’s tech support was based out of Israel, and our time zone difference was an issue. But when we meet with the vendor now, we meet with them early in the morning. That works for us. But I don’t know what we would do if we were in another time zone. Maybe I am too nice, but I would hate to make someone work late at night to be able to deal with me. If the vendor gets a little larger, maybe they will be able to put some people in the United States for support. That would be helpful.” —CISO

Sensato

(software-enabled services)

Offers a different approach than other solutions in this report by doing active security monitoring on behalf of health organizations. Customers are most often smaller organizations, and most report being very satisfied with the monitoring and level of service. Most common complaint from two lowest-scoring respondents is a desire for more visibility into their own data.

“Sensato Cybersecurity Solutions is very responsive. . . . Even with emails or an open case online, Sensato Cybersecurity Solutions gets back to us quickly, especially if we mark an issue as high priority. We have frequent meetings where we review the vendor’s recommendations, and they answer any questions that we have. They are proactive. They tell us things before we are aware of them.” —CIO

“The product is a bit like a black box for us, and the vendor has been working toward allowing customers access to certain things. We want to see data in real time instead of having to make phone calls or reach out to the vendor. We want to avoid having to go to the vendor for escalation.” —Security manager

CyberMDX

Not enough customer feedback to be rated. Organizations considered CyberMDX in six purchasing decisions, and one ultimately chose to purchase because of interface and pricing. Forescout recently announced their acquisition of CyberMDX (February 2022).

Cylera

Not enough customer feedback to be rated. Organizations considered Cylera in two purchasing decisions; no KLAS-validated US wins in 2021.