Three years ago, when Greg Hopke walked into his job at Liberty Behavioral Management, an undetected virus brought the organization's remote network to a grinding halt for three days. The company's security software just wasn’t doing its job.

Not long after that memorable first day, Greg and his team made the decision to switch to McAfee. And, ever since, McAfee has become the focal point of Liberty's ongoing security risk management (SRM) strategy. In fact, as Hopke points out, before making the changeover to McAfee, he rated Liberty's security as a "5" on a scale of 1 to 10. Now, he says, it’s an "8" or a "9."

Since then the managed health care organization's security concerns have evolved, and preventing downtime and fighting viruses are only part of the picture now. As the company's business and technology needs changed, Hopke and his team began taking a more strategic approach to security. They started looked at issues like management efficiency, data loss prevention, network access control, and compliance to internal policies and external regulatory requirements. And, there’s the ever-present issue of safeguarding highly sensitive patient records. As a healthcare provider, Liberty must meet the stringent privacy controls required by the Health Insurance Portability and Accountability Act (HIPAA).

For a company of its size, Liberty has established a solid foundation for flexible, sound, and efficient security risk management based on McAfee solutions. To maximize uptime, protect sensitive information, and keep users safe from spam and malware, Liberty needed a way to manage desktops, defend network resources, and rigorously monitor email systems for spam, viruses, and transmission of confidential content. McAfee’s integrated solutions appealed to Liberty because it meant that the company would benefit from comprehensive protection without investing in new hardware. And most importantly, centralized enterprise-class management tools have lightened the load on the busy IT staff and resulted in operational efficiencies

With 1200 employees and 17 locations spread across three states—New York, New Jersey, and Massachusetts, Liberty is now in the throes of going paperless. By 2008, all paper patient records will be converted to electronic documents, which will be accessible online to doctors, nurses, and staff.

Going paperless means that the current computer user base of 500 will grow to almost 800, with more computers available at clinics and hospitals. All users will be connected to the data center in Glenville, NY, where Hopke and his small IT staff keep the operation humming. To respond to the growing demands on IT, Hopke plans to add two to three additional staff members, and he’s looking at some additional McAfee solutions to fortify the organization’s defenses.

McAfee supplies the nuts and bolts of SRM
Liberty recently upgraded to McAfee Total Protection™ for Enterprise—Advanced, which includes comprehensive threat protection for servers, email servers, and desktops; host intrusion prevention; and network access control for noncompliant systems. This enhanced suite works with McAfee GroupShield®, which uses the same McAfee scanning engine to analyze email messages and attachments on Liberty’s Microsoft Exchange servers. Liberty also relies on McAfee IntruShield® to monitor network traffic and safeguard Liberty's growing user population and its distributed network from exploits and malware.

McAfee ePolicy Orchestrator at the hub
At the core of Liberty’s SRM strategy is McAfee ePolicy Orchestrator® (ePO™)—the centralized management and reporting console that integrates with many McAfee solutions and simplifies the job of overseeing remote networked locations. Hopke and his team run reports on ePO every Monday morning after monitoring DATS, agent levels, viruses in quarantine, and computers that haven't checked in for more than a week. Within ePO, Hopke has set up a notification system for McAfee Network Access Control, so if someone were to plug a noncompliant system into the network, the IT team would instantly receive an alert on their cell phones. Then they can immediately check the system to see if it's compliant with internal security policies and make sure it has the latest protection before it connects to the network. Hopke also uses ePO to generate high-level reports to prove to his management team and to auditing agencies that all of the necessary security measures are in place.

"The amount of information housed by ePO is impressive, but the information is easy to parse," Hopke says. "I can create custom queries to see who’s logged onto a machine. I can run executive-level McAfee IntruShield reports for my manager. And I can create documentation for the audits conducted once or twice a year by external organizations."

McAfee IntruShield makes patching easier and more efficient
Another driver of operational efficiency is McAfee IntruShield, which identifies and blocks the most relevant threats and attacks targeting network assets. According to Hopke, before Liberty installed the IntruShield network security appliance, one of the biggest headaches was staying current with patches.

"With our implementation of IntruShield, McAfee has allowed us to decrease our patch cycle to quarterly rather than monthly," he says. "This allows us more time for testing, decreased our downtime, and increased our success in patching. It also allows our IT staff to focus more time on other issues and projects."

Down the road?
So what’s on tap for Liberty in the near future? Hopke says the company is seriously evaluating McAFee Foundstone® Enterprise for vulnerability management—another key building block in its SRM strategy. The Foundstone Enterprise scanner uses threat intelligence and correlation to immediately determine how emerging threats and vulnerabilities affect an organization’s risk profile, so that resources can be deployed where they’re needed most. Hopke is pleased to see the integration with ePO, which feeds asset and system protection data into Foundstone for risk assessment. Foundstone also provides threat intelligence to IntruShield, so that timely scans can be launched only when needed. As a result, the volumes of alerts are reduced to only critical attacks. Hopke likes the fact that Foundstone automatically generates tickets for vulnerabilities.

Hopke's security wish list includes whole disk encryption, email-enabled cell phone access control, and a way to lock down USBs, floppy drives, CD burners, and every port on the computer to prevent data loss.

With the challenges of transitioning to a paperless office while maintaining day-to-day security, Hopke and the Liberty IT team have their work cut out for them. But there’s no reason to doubt that Liberty can raise its security score to a "10." It has all the ingredients: a dedicated and aware IT team, a solid SRM foundation, a vision for the future, and a partnership with the worldwide leader in security.