Request a Demo

back to blog

BLOG

How Nagomi and ClarotyTurn Device Visibility Into Closed Exposures

Katie Teitler

Modernizing Healthcare Exposure Management with Nagomi and Claroty xDome

For healthcare sector SecOps engineers, the challenge of securing the clinical environment has shifted and expanded. Ensuring the confidentiality, integrity, and availability of Electronic Health Records (EMRs) remains critically important, but that’s now only the tip of the spear.

Like everything else in our society, healthcare now runs on digital infrastructure and connected devices. From IV pumps to heart rate monitors, ultrasounds to defibrillators, anesthesia workstations, injection pumps, and more (not to mention the power grids that allow hospitals and clinics to keep the lights on and the machinery running) the Internet of Medical Things (IoMT) is essential to modern-day patient care. And like all other Operational Technology (OT), the convergence with IT carries a certain set of challenges requiring new methods of detection, investigation, response, and business enablement.

The OT-IT Convergence Problem Clinical Security Teams Still Haven’t Solved

Integrating OT and IT systems is known to be complex. When it comes to medical devices, distinctive challenges apply.

  • Patient safety: First and foremost, human lives are at stake. Unlike IT systems, medical devices cannot go offline unexpectedly.
  • Interconnectivity and visibility: The sheer number of connected medical devices creates an enormous, interconnected web of exposure. Hospital IT teams often struggle with visibility alone, much less have the ability to identify suspicious device behavior.
  • No “Security By Design” : Despite their criticality, connected medical devices are built for functionality. Foundational security controls like encryption and strong authentication are often absent, rendering the devices inherently insecure.
  • Complex Supply Chains: Device hardware is sourced globally, typically encompassing numerous components from individual suppliers. This makes it difficult to effectively track and verify the integrity of each part.

Integrated Exposure Management for Healthcare Organizations

If you know Nagomi, you know that our Agentic Exposure Ops Platform doesn’t just identify issues; it closes the loop on exposures. Nagomi connects to users’ security tools to unify vulnerabilities, controls, assets, and threat intelligence onto a single view. AI agents autonomously investigate every change, validate toxic combinations against true control state, drive remediation with clear ownership, and re-validate that closure holds..

For healthcare companies, it’s imperative that our platform integrates with top-tier, healthcare-specific solutions to ensure healthcare security teams have the views and controls to optimally operate a safe and secure digital ecosystem.

For this reason, Nagomi integrates with Claroty xDome for Healthcare (formerly Medigate) . To level set, xDome has long been the gold standard for providing deep visibility into healthcare cyber-physical systems (CPS). Via a native integration with the Nagomi platform, healthcare organizations can transform that visibility into a continuous, automated loop of exposure elimination.

The Technical Foundation: Seamless SaaS Integration

The Nagomi integration utilizes the claroty-xdome-healthcare collector, a variant specifically tuned for clinical environments. Unlike generic IT scanners that can disrupt sensitive medical equipment, this SaaS-to-SaaS integration is agentless and secure.

Using a read-only API connection, Nagomi ingests high-fidelity telemetry, including device categories, insecure protocol usage, and clinical context. For instance, the integration pipeline automatically reclassifies medical devices with proprietary operating systems as “embedded” assets to ensure that risk models accurately reflect the hardware-specific nature of life-saving equipment.

The Steps HealthCare SecOps Has Been Missing

Claroty’s deep intelligence is fed into Nagomi’s exposure operations platform, allowing SecOps teams to operationalize defense across four critical stages of cybersecurity:

  1. Detect: Exposure, Not Vulnerabilities: An isolated CVE is noise. And it distracts busy security teams from protecting critical assets. With Nagomi, an exposure exists only when a known vulnerability is paired with a missing control, a critical asset (like an MRI machine), and an active exploit. The result?
    • Noise Reduction: By ingesting suppression data directly from xDome, Nagomi cuts vulnerability noise by 98%, surfacing only the 2% of findings that represent real, exploitable risk.
  2. Investigate: Agentic Triage at Machine Speed: When the risk profile of a medical device changes (like a legacy ultrasound suddenly trying to connect to the external internet) Nagomi’s autonomous agents open a case. This triage mirrors the steps a senior analyst would take (without the manual tedium) to correlate threat intelligence and control validation.
    • AI-speed Insights: While a manual correlation could take <30 minutes, Nagomi’s agents deliver a verdict in under 4 minutes. The output is an actionable case that tells the engineer exactly which controls failed and illuminates the attack path.
  3. Remediate: Results- Driven Action: Remediation in a healthcare environment must respect operational reality. A ventilator can’t be patched when it’s in use, and the facility may not have enough ventilators to rotate them out regularly. Nagomi + xDome enables context-aware remediation and prioritizes fixes based on asset criticality and compensating controls rather than static scores.
    • Efficiency: Nagomi groups remediation tasks for efficiency. For example, one network policy update fixes 23 CVEs across 3,100 assets. This results in a single routed ticket, not 71,300, saving time and effort.
    • Eliminates Unnecessary Disruption: Patching isn’t the only answer when an isolated vulnerability is identified. Using data from xDome, Nagomi identifies compensating controls that eliminate an attack path on a vulnerability. For instance, if a network segment effectively isolates a device, the risk score drops, and the team can avoid a risky patch.
  4. Verify: Closure that Holds: In traditional security, a ticket is “closed” when a fix is reported. Nagomi verifies fixes with continuous control monitors to ensure the defense holds.
    • Drift Detection: Validations runs on eery rescan.If an exposure resurfaces, for example, due to a configuration drift in a network switch or a misconfigured firewall, a new case is agentically triggered. This evidence-based assessment ensures that remediation efforts are not reverted by the next configuration change.

Remediation That Respects Clinical Reality

The integration of Claroty xDome and Nagomi is more than a technical link; it’s a force multiplier for healthcare SecOps. Coordination between IT security and clinical engineering is easy and straightforward, taking teams out of the business of manual triage and allowing agentic orchestration to speed investigations and remediation.

Further, Nagomi’s exposure operations platform, bolstered by Claroty xDome (along with 100+ additional integrations), gives SecOps teams the power to fully understand and, more importantly, manage the risk imposed by exposures in their healthcare ecosystem.

Automated, continuous validation of every security control; coverage mapping; evidence-based scoring; and prioritized remediation guidance are just the start. Event-driven control change management and verified closure with automatic overlay of real control state ensure vulnerability regression doesn’t occur. This all adds up to safe and secure healthcare in the digital age.

See Nagomi in action at nagomisecurity.com

More like this

Operationalizing Threat Intelligence: A CISO’s Guide to Turning Threat Noise into Action

Learn More

Emanuel Salmona

This Week in Cybersecurity News – 2/26/24 – Lockbit ?.0 Edition

Learn More

CISO Reporting: 7 Tricks for Leaving Them Speechless 

Learn More