Company Overview
VITAS Healthcare, headquartered in Miami, FL, has been a pioneer in the hospice movement since 1978 and is the nation’s leading provider of end-of-life care. With more than 12,000 employees, VITAS provides care to more than 17,000 patients daily across 65 sites throughout the US.
Security has always been a priority for VITAS. The information security team has evolved its defenses over time to adapt to an ever-changing threat landscape and operates a full stack of security products to safeguard the company’s sensitive data and assets.
VITAS CISO Richard La Bella wanted a more robust endpoint security solution — one that could provide real-time visibility into threats and prevent attacks across the kill chain. Importantly, because VITAS operates in the highly regulated healthcare industry, La Bella also needed a platform that could deliver centralized administration and detailed forensic review capabilities.
VITAS’ Journey with Elastic
Reaching the limits of their traditional, signature-based antivirus solution
Until recently, VITAS used a traditional, signature-based antivirus solution to protect its servers and endpoints. “We had reached the limits of the solution that was in place,” explained La Bella. “The incidence of targeted phishing attempts, as well as sophisticated attack trends such as Emotet, are on the rise across healthcare organizations. We had to move away from a signature-based solution to better protect patient data.”
Moreover, he sought a solution that, despite its power, was easy to deploy and simple to use.
The VITAS security organization includes a small team of dedicated security analysts, as well as network engineers and IT operations personnel. Employing the right tools and improving efficiencies through automation is paramount to protecting the organization. In their competitive analysis, the team at VITAS was drawn to Elastic Endpoint Security in part due to its groundbreaking automation technologies that help IT operations staff rapidly triage, investigate, and respond to alerts.
“Institutional knowledge is important to us in candidate selection. Elastic Endpoint Security makes hiring easier thanks to its automated interface and user-friendly dashboard. A few hours of training is all someone needs to begin effectively analyzing data and taking action,” said La Bella.
Enter Elastic Endpoint Security
After conducting an extensive proof of concept evaluation, VITAS selected Elastic Endpoint Security because it combines the highest efficacy preventions with real-time monitoring capabilities that span detection, response, and forensics — ensuring unmatched visibility into the threat landscape.
“We chose Elastic Endpoint Security for its proven ability to stop adversaries in real time, before malicious code execution. Elastic Endpoint Security blocked everything we put them up against and won out against multiple other EPP vendors,” said La Bella. “All of our endpoints and servers are protected with Elastic Endpoint Security. Additionally, its EDR is chock-full of forensic data that enables us to drill down and validate the security posture of certain endpoints and take appropriate countermeasures.”
In La Bella’s opinion, Elastic Endpoint Security is distinguished from its competitors by both its technology and value — combining prevention, detection, and response capabilities in a single, lightweight, autonomous agent. Its small footprint and open APIs enable VITAS to integrate Elastic Endpoint Security throughout their security stack in places like their SIEM, ticketing system, and vulnerability management solutions.
Elastic Endpoint Security’s commitment to transparency and award-winning customer service also allows for synergies between the two companies, according to La Bella. Elastic Endpoint Security employs only Tier 3 analysts as customer support engineers — ensuring that the person who answers a customer call is qualified to solve the issue without escalation.
Elastic Endpoint Security is clearly passionate about what they do. From day one, they have worked hard to become an extension of our internal security team, listening and helping the team address concerns unique to our business.
Mitigating risk through automating threat prevention
Elastic Endpoint Security enables VITAS to better identify and mitigate risk, giving them insight into adversary behavior and techniques across the organization. La Bella notes that the forensic data provided by Elastic Endpoint Security enables them to assess top attacks and malware specimens to ensure they have appropriate protections in place.
“Having Elastic Endpoint Security in place is the most important preventative step; second is understanding how adversaries are targeting our assets. With Elastic Endpoint Security, I have the visibility needed to build a narrative for senior executives and members of our board of directors about what we are doing to protect the organization, the effectiveness and maturity of our security programs, and the most significant cybersecurity risks we are facing.”
Additionally, automated threat prevention controls greatly reduced the need to respond to threats by running third-party virus validation scans and performing cleanups that interrupt employee daily operations, saving VITAS about $62k a year in IT operation costs.