Why PTP Chose FLUENCY for Security Detection for our Life Sciences and Healthcare Customers
We based our business in the Greater Boston area to focus on delivering high-growth and secure cloud computing for biotechnology and life sciences companies, where Boston is the #1 city in the US in both biotech jobs and square footage of office/lab space.
Our charter is simple: To unlock the potential of the cloud for today’s most innovative companies. The execution of our charter is much more complicated.
We work with early-stage startups that have seed funding and are working with pre-trials data, more mature companies working through clinical trials, and companies that are through approvals and are into manufacturing. The cloud architecture and services needs vary, but one of the key commonalities is the need to secure sensitive and patient information.
While there is much to be said about architecting a protected cloud environment, in this piece I explore why PTP chose to partner with FLUENCY to deliver an automated, scalable, and cost-effective security detection and analysis platform that provides the enterprise-class efficacy needed to secure sensitive personal data.
Research & Trials = Big Data
The biotech companies we work with that leverage Amazon Web Services (AWS) are processing large amounts of data through compute (EC2) and storage (S3) (Glacier for archiving) services, while tying into data warehousing (Redshift) and then analyzing that data (Athena).
Managing large data sets across the cloud and network environment requires solutions that can scale. With the FLUENCY security detection solution that we deploy in AWS, we are able to process up to 12 million events per second, far beyond most traditional SIEM platforms. Just as important as the ability to consume a massive number of events is the machine learning to normalize activity. With the machine learning window of between 7 and 30 days, our FLUENCY platform auto-determines expected behavior and alerts on anomalies that can then be validated and triaged by PTP’s trained SOC engineers.
The Compliance Conundrum – HIPAA, GxP, GDPR, HITRUST…
The unique compliance requirements vary by stage of company, geographic distribution (GDPR if there is a European presence) and whether the data has Patient Health Information (PHI).
Regardless of the unique area of compliance, many of the frameworks are derivatives of the NIST Cybersecurity Framework or the SANS CIS Critical Security Controls and contain similar elements to support the policies, processes and systems needed for data protection, event detection, and incident remediation.
With a base of customers across life sciences and healthcare, PTP looked to a platform that delivers the compliance imperatives of security data analysis and retention, doing so at costs 25-50% less than a comparable solution like Splunk, while delivering key privacy requirements. With FLUENCY we can maintain live data for 90 days on AWS EBS, keep warm/searchable data on AWS S3 for a year, and then archive long-term to AWS Glacier and maintain it for up to 6 years.
Accelerate Security Event Scoping and Notification
As described, we can process large data sets and maintain the data for long periods of time for compliance purposes. But where our service leveraging FLUENCY really separates are the features of scoring/rating an incident, doing reputation look-ups before the incident gets to an analyst, the digestion of event and network flow data, and the ability to translate an IP to a user to help the remediation team do their job faster.
With regards to reputation look-ups, why not automate a function that a SOC analyst/engineer has to do on every incident and provide that information when the case is created? The capabilities and integration are native in the FLUENCY platform.
Turning to identifying the affected user, FLUENCY can ingest Active Directory feeds, correlating that information back to the source, allowing our team to deliver actionable information back to our customer’s helpdesk or security response team. All of this minimizes the efforts of our customer and speeds the time to resolution. This is of particular importance in the early-stage life sciences environment because they lack the systems and resources compared to their more mature counterparts.
As our strategic partner, AWS, outlines: AWS is responsible for security of the cloud; the user is responsible for security in the cloud. Approached properly, this requires layers as outlined in the NIST framework. PTP and our PeakPlus services deliver numerous security services to aid in the compliance, data protection, configuration best-practices, end-user security and the detection of possible threats. www.ptp.cloud.