Reducing TCO: How a three-person security team saved hundreds of hours every month
By Sally Adam
I recently spoke with Joshua Dostie, Senior Information Systems Security Specialist responsible for cybersecurity for a large healthcare provider in the US.
Like most organizations that hold credit card, social security, and healthcare information, it’s a prime target for cybercriminals.
Josh and his team of two are tasked with protecting the entire organization from attacks.
To do this, they use a Sophos cybersecurity system: Sophos next-gen endpoint and server protection, a Sophos firewall, and Sophos web protection – with everything managed through the cloud-based Sophos Central administrative console.
I asked Josh how this system had impacted his day-to-day work – and his answers blew me away.
Life before Sophos: never-ending management tasks and daily security incidents
Prior to running the Sophos system, day-to-day security management took a full eight hours.
With five separate consoles to manage and the need to map data across multiple data sources, the work was never-ending.
At the same time, they had to deal with, on average, three security incidents every day. This could vary between inappropriate browsing, unapproved download attempts, malicious web traffic or attempts to plug in rogue USB devices.
Each one took around three hours to address, depending on the demographics and impact to patient care, as the team needed to disable the network adapter and then physically get to the affected device to remediate in some instances.
Life with Sophos: hundreds of hours saved every month
The biggest benefit Josh has seen from moving to the Sophos cybersecurity system has been the huge reduction in daily admin workload.
Day-to-day management now takes just 30 minutes per day, with everything controlled through a single console – Sophos Central.
The number of security incidents they need to deal with has also dropped: from three per day to one every three days.
At the same time, it now takes a maximum of 15 minutes to investigate a security incident, down from the previous three hours. Josh’s team can isolate and remediate an affected device directly within the Sophos Central console, so they no longer need to get to the physical device.
Together it adds up to hours and hours of time saved every single week.
In fact, Josh says they would need to double their headcount to maintain the same level of confidence if they didn’t run Sophos.
Josh’s team aren’t the only ones who have benefited from the Sophos security system.
The wider hospital team also benefits, as Josh’s team can deal with issues remotely and no longer need to interrupt their workflows.
For Josh, Sophos Central is their “security operations center”, working 24/7 so his team doesn’t have to. It gives him the peace of mind that things will remain OK when he leaves the office. As he says,
“I’m confident leaving knowing everything’s being monitored.”
He also highlighted the Synchronized Application Control capability, which enables the team to identify all traffic on the network.
With the Sophos system, the firewall and endpoint protection continually share information. If the firewall can’t automatically identify an app, it can instantly get the information it needs directly from the endpoint.
Thanks to this sharing of information, the system has tagged 5,000 application types and 77 uncategorized apps.
See it in action
Watch this demo video to see just how easy day-to-day security management is with a Sophos system.
To try the system for yourself, the easiest way is to start a free trial of one of our products.
And for anything else, or to discuss your own challenges, the Sophos team is here to help.