U.S. Department of Health and Human Services

 

Industry: Government

Location: Washington D.C., United States

Products Used: Websense Web Security Gateway Anywhere

U.S. Department of Health and Human Services Can Now More Effectively Counter Advanced Malware Attacks and Data Loss with Websense

 

Websense helps us defend against millions of online attacks each month and has significantly reduced malware infections. It’s scalable, reliable, and is providing very effective web security for our systems. It helps us balance security with powerful productivity opportunities on the web and in social media, cloud computing, and mobility.

(Security Official, U.S. Department of Health and Human Services)

The U.S. Department of Health and Human Services (HHS) is the government’s principal agency for protecting the health of all Americans and providing essential human services. It represents almost one quarter of all federal outlays and administers more grant dollars than all other federal agencies combined. The HHS Centers for Medicare and Medicaid programs provide healthcare insurance for one in four Americans. In fact, Medicare is the nation’s largest health insurer and it handles more than 1 billion claims each year.

HHS includes the Office of the Secretary and 11 operating divisions, including Centers for Disease Control and Prevention, Food and Drug Administration, and the National Institutes of Health. Eight are agencies in the U.S. Public Health Service. Three are human services agencies. All told, they represent more than 300 programs and a wide spectrum of activities. This includes providing millions of children, families, and seniors with access to high-quality healthcare and exploring new frontiers of biomedical research.

Challenge

Web security

  • To perform their mission, HHS needs systems and data that are reliably clean of malware.
  • More than two million online attacks per month have been detected trying to infiltrate the systems at large government departments (such as HHS).
  • Because older security tools were not able to effectively examine web content in real time, security staffs in past years spent too much time remediating the harm caused by malicious software.
  • HHS has to balance security with access. Their users need to be able to take advantage of the powerful productivity opportunities on the web and in social media, cloud computing, and mobility. For example, HHS researchers network with other researchers worldwide to collaborate on important national and international health issues. Without the right security, this collaboration is somewhat risky.

Data security and compliance

  • Doctors and researchers from various agencies within HHS handle very sensitive health information. If their systems are breached by data-stealing malware from hackers or hacktivists, it could pose a threat to patient privacy.
  • The department also needs a security solution to prevent outbound data loss and theft. For example, as botnet command and control has migrated to legitimate sites such as Twitter, HHS needed to be able to distinguish between legitimate and illegitimate port traffic.
  • HHS also wants to meet the requirements of the Federal Information Security Management Act (FISMA) and implement the computer systems continuous monitoring security strategy, which allows IT security staff to more rapidly respond to security issues identified by automated tools.

Solution

  • HHS needs security that scales effectively and efficiently to protect more than 150,000 users in multiple departments and locations. These users access billions of sensitive data files and interact with the American public through a variety of websites and other online communication methods.
  • After extensive testing, HHS invested in a Websense Web Security Gateway Anywhere enterprise license, running on 69 high-power Websense security appliances, and supported by Websense Mission Critical Support.
  • Because Websense examines online content in real time, and assesses it for risk, HHS found that Websense provides a better way to protect its systems and data against internet attacks. HHS employees can now more safely use the web to serve the U.S. population.
  • Websense Web Security Gateway Anywhere also provided HHS with granular controls over social media, allowing employees safe access, while blocking only unsafe content.

Results

  • Since implementing the anti-malware portions of the Websense Web Security Gateway Anywhere solution, portions of HHS have experienced a 60% reduction in the number of computers that need re-imaging due to malware infections.
  • HHS network stability and usability increased due to reduced malware.
  • HHS expanded its IT services (based in part on savings gained from awarding an enterprise license).
  • HHS now more safely allows employees to use the social web to network with other researchers, share information, and communicate directly with the general public.