Case study

Healthcare Technology Company Gains Advanced Security Protection

The company

A leading provider of information technology and mobility applications and services for U.S. hospitals and health systems, including customized application development.

  • Industry:  Healthcare
  • Geography:  US
  • Employees: 1,400
  • Products Supported: ERP

The challenge

The Client offers end-to-end healthcare IT applications, hardware and customization services, including business intelligence, disaster recovery and help desk.

Like most organizations, the Client must address a wide variety of security threats. In today’s world, bad actors use malicious servers running scripts that constantly probe for vulnerabilities to exploit all around the world.

“This particular exploit was a WebLogic deserialization Java vulnerability,” says the Client’s chief information security officer. “Basically, the attackers were attempting to install crypto-miner software that would let them use our servers to mine crypto currencies like Bitcoin. Vendor patches don’t effectively address all vulnerabilities,” the CISO explains. In fact, the Vendor patch released on April 17, 2017 didn’t fully mitigate the threat and systems continued to be breached.

 

“Plus you have to perform regression testing and take your systems down to apply patches before hackers find you. When we discovered a successful attack on some of our servers with a connection to the Internet we immediately placed a call to our third-party support provider, Rimini Street, for assistance.”

The solution

After identifying the nature of the attack, Rimini Street recommended Waratek, a Preferred Solution Provider working side-by-side to mitigate the threat.

“Working with Waratek and Rimini Street, we set up a demo scenario on a non-production server,” the CISO says. “They first used Metasploit to prove the vulnerability could be exploited. Next, we installed the Waratek Patch software, which blocked the exploit and gave us confidence to install in production.”

Because the Waratek virtual patching solution does not touch source code, there is no regression testing and no system downtime required.

 

“This approach protects our software much quicker than vendor patches and without disrupting operations.  Initial installation was easy and took less than a day. Now that we’re familiar with the software, we could now set it up within an hour on a new server.” – Client’s senior security analyst

The results

Time-to-remediate CWE
100ms
Support and maintenance savings
50%
Performance impact
2%

Waratek's Security-as-Code platform not only found the cryptominer we had, but securely removed it within 48 hours, stopping us from having to rebuild our solution from scratch.

Related case studies

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.