Part of Architecture pattern for connected medical devices - Imaging Pillar

Vendor specific information

Previous Chapter

Imaging specific design principles

Current Chapter

Current chapter – Vendor specific information

Next Chapter

References

The aim of this chapter is to provide NHS network experts with a set of vendor specific network segmentation documentation. This can be referenced when choosing the most appropriate vendor product and tools to assist you with implementing effective segmentation and improving the overall security posture of your network.

The network segmentation method discussed in this guide focuses on a simple VLAN segmentation configuration, supported by applicable zoning and network access control policies. If you are responsible for determining the network segmentation method most appropriate for your organisation, you should review other equally effective network segmentation methods, such as a zero trust model via micro-segmentation or software-defined networking, amongst other segmentation options.

Research shows that NHS organisations have implemented different network segmentation methodologies offered by different network solutions providers and at various maturity levels.

To assist you, a series of consultations were held with the major network solutions providers with a presence in NHS organisations to contribute to this guide.

Below are links to each vendor’s network segmentation reference architecture patterns:

It is important to stress that providing this information in this document is not an endorsement or display of preference for any specific vendor, manufacturer, service provider or product/tool. Rather, the aim is to provide network experts with an array of vendor resources within one document. The vendors are listed in no particular order.

Any other vendors that might wish to provide similar documentation in this manner are most welcome and this pattern will be updated with such information as received.

VMware

Listed below are VMware’s suite of products and implementation guides for network engineers and subject matter experts.

Network Segmentation Architecture for Connected Medical Devices - An NHS Micro-segmentation Solution Brief – March 2023 - Describes how the VMware products can be used to achieve effective Network Segmentation of Connected Medical Devices and improve an organisation’s security posture.

VMware vRealize Network Insight Documentation - Information on VMware’s vRealise Network Insight tool which, according to the vendor, accelerates micro-segmentation planning and deployment, enables visibility across virtual and physical networks, and provides operational views to manage and scale the VMware NSX deployments.

VMware NSX Documentation - Information on VMware’s NSX, which according to the vendor, focuses on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks.

VMware NSX Intelligence Documentation - Information on VMware’s NSX Intelligence product which, according to the vendor, provides a graphical user interface to visualize the security posture and network traffic flows that have occurred in an organisation’s network on-premises NSX-T Data Centre environment.

Palo Alto

Listed below are Palo Alto's suite of products and implementation guides for network engineers and subject matter experts.

Reference architectures - Learn how to use Palo Alto Networks solutions to enable the best security outcomes.

Medical IoT Security - Palo Alto’s design and deployment guidance for the Medical IoT Security solution, which allows you to discover, identify, and inventory your organisation’s deployed IoT devices.

Zero Trust for Healthcare Organizations Overview - How the Palo Alto Networks portfolio can help you implement a Zero Trust strategy in a healthcare environment.

SASE for Healthcare Organizations Overview - An overview of the capabilities of a SASE solution and describes the Palo Alto Networks products that healthcare organisations can use to build a SASE solution.

Securing Applications in a Cisco ACI Data Center - Design Guide - Design guidance for deploying Palo Alto Networks® next generation firewalls within a Cisco ACI software-defined data centre solution.

Securing Applications Deployed in a VMware NSX-T Data Center - Design Guide - Architectural guidance for how to deploy Palo Alto Networks® VM-Series Virtual Next-Generation Firewalls on a VMware NSX-T D.

Fortinet

Listed below are Fortinet’s suite of products and implementation guides for network engineers and subject matter experts.

Internet of Things (IoT) Security Solutions - In addition to supporting 3rd parties, FortiNAC has an inbuilt IOT detection technology.

Supercharge Your Network: Unleash Network Management Automation - Fortinet’s Fabric Management Centre comprising of FortiManager and FortiAnalyzer ingests logs from Fortinet products to identify traffic types and flows across the network.

Zero Trust Access - Fortinet's Zero Trust Access

Intelligent Segmentation for the Healthcare Industry - Fortinet Security Fabric Intelligent Segmentation for Healthcare

Simplifying Operations with the Fortinet Security Fabric and FortiAnalyzer and Improve Security Operations Across the Security Fabric - The Fortinet Security Fabric provides a single integrated security platform with advanced threat mitigation technologies built directly into the components of the fabric.

Integration

For maximum flexibility the Fortinet security Fabric integrates with several Fabric partners. Details of the level of integration can be found below.

Fortinet Cynerio Healthcare IoT Solutions - Cynerio

Fortinet and Medigate Protecting Clinical Networks - Medigate

Reduce Attack Surfaces with Armis + Fortinet - Armis

Fortinet and CyberMDX Healthcare Security Solution - CyberMDX

Fortinet and Ordr Connected Device Visibility and Security Solution - Ordr

Network visibility

To segment and protect the network you must see what it’s comprised of. Fortinet’s Security Fabric has many components that facilitate this visibility. Below is a list of products that perform various security functions across the attack surface and their ability to identify and report on assets for your visibility.

Fortinet device inventory - An administrative guide of the FortiGate security and networking capabilities.

Configuring IoT detection - Configuration guide for configuring FortiGate IOS with focus on IoT device management

FortiAP query to FortiGuard IoT service to determine device details - A configuration guide for the various functions of the FortiAP capability

IoT detection service - The IOT detection capability with its Fortigate product suite

Endpoint Fingerprints - Documentation related to the endpoint fingerprints and its FortiNAC product suite

Profiled devices - Information on profiled devices with its FortiNAC product suite

Device profiling rules - Information related to configuring device profiling rules with its FortiNAC product suite

FortiDeceptor - Information on detection policies with Fortideceptor product

Asset Discovery - Information on asset discovery using its Fortideceptor product

Introducing FortiEDR - Information on the FortiEDR system components, FortiEDR technology and the workflow for protecting your organisation using FortiEDR

Introducing the Inventory - Information on the Fortinet Inventory tab which displays separate pages for Collectors, IoT (devices) and System Components

Cisco

Listed below are Cisco’s suite of products and implementation guides for network engineers and subject matter experts.

Healthcare Secure Infrastructure

Cynerio

Listed below are Cynerio’s suite of products and implementation guides for Network Engineers and subject matter experts.

Cynerio Use Cases: NHS Pillars - An overview of potential deployments of Cynerio’s products within the 5 diagnostic pillars within the NHS.