Happy new year! We brought you a present. Today we're open-sourcing Tapirx, our tool to passively discover and identify medical devices on clinical (or any) networks.
Skip ahead to download and start using this tool in less than 5 minutes, or read on to learn why we're doing this and what the future holds.
2018 was a banner year for medical device cybersecurity. We lost count after about 15 events centered on this theme. Hotel rooms blurred together. Healthcare delivery organizations (HDOs) and their CISOs tell us they've lost track of vendors too, with new companies waving proofs of concept left and right, and everyone's AI marketing competing to make the biggest claims. (Meanwhile, the "AI" might or might not work, depending on how you define work — but that's for another blog post. One snake-oil vendor said their customers would "become impenetrable to save money." Not a good look.)
The uptick in interest, and the community around it, is great, but we've been paying attention for more than a decade, and one worrisome trend line carried right on over from previous years: HDOs fretting about inventory, particularly medical device discovery and identification.
Poor inventory practices can stymie even the most basic security efforts, including risk assessment, incident response, vendor accountability, patching, vulnerability scanning, and deployment of necessary controls. (Yes, all the things BlueFlow helps mature HDOs do.)
The solution presented to HDOs by entrants to the medical device cybersecurity market is roughly: give us all your network traffic, including any ePHI, and our black box will tell you what you have and whether anything's amiss.
This solution isn't great for a few reasons:
- You end up entrusting your most precious data (i.e., the stuff you can get fined for mishandling) to a black box you can't look inside. Some of these may be connected to "the cloud." Are they ignoring all the ePHI? Can you audit the code? Oops.
- Companies offering black boxes (read: AI) for discovery/identification/monitoring have learned to overclaim because under-resourced HDOs don't ask the right questions. HDOs tell us they feel held over a barrel: "We paid well over $100K for a fancy box, we can't tell whether it's actually working, and I need to justify this expenditure to my managers." Oops.
- You miss devices that are sometimes offline, moving, or just hard to classify based on their network traffic. Gaps are inevitable if you're depending entirely on network monitoring for inventory, but vendors saying they can identify every single device that matters are simply misleading their customers. Every vendor and service provider knows this, but the proofs of concept proceed anyway because HDOs don't see other options. Oops.
It doesn't have to be this way.
In 2019, the healthcare cybersecurity community will have a chance to leave this uncomfortable reality behind.
Introducing Tapirx: Free, Open-Source Passive Medical Device Discovery & Identification
We're open-sourcing Tapirx (pronounced \taper ecks\) to cut through the nonsense and give every HDO — and the people who support them — a fast, scalable, easy-to-use solution to the problem of medical device discovery and identification.
Here's how it works: deploy as many Tapirx nodes as you want, on your own hardware, on as many network segments as you want. Each node processes traffic in real time, extracting identifiers from medical device traffic and optionally sharing those identifiers (but just the identifiers) with other systems, including BlueFlow. Or leave an instance of Tapirx running temporarily to produce a CSV file full of identifiers. Or record a pcap file from a network segment and hand it to Tapirx for the same processing. Or build your own use case and share it with the community.
You retain complete control over your devices' data. You don't have to shell out thousands of dollars per network segment. You don't have to rearchitect your network for visibility. Tapirx works on today's — and, let's face it, yesterday's — networks, and it scales.
How does Tapirx make your life easier? By removing stumbling blocks.
- Discover medical devices on your networks, from live or recorded traffic.
- Fill gaps in your inventory with make, model, and ePHI tagging.
- Deploy discovery & identification wherever you want, without paying a dime.
- Integrate with asset-management or security tools including BlueFlow.
- Avoid vendor lock-in and expensive mystery boxes; run on your own infrastructure.
Tapirx currently supports extracting identifiers from HL7 and DICOM traffic. Support for other protocols is underway.
Let's Do It!
Since Tapirx runs on every major platform (Windows, Linux, macOS) and is entirely open source, it takes only a few minutes to get started with the Quick Start guide.
Finally: We'll offer commercial support for Tapirx soon, including full details on how to integrate it with BlueFlow, but we wanted to share it with the community as soon as it was production ready. Get in touch with us if you'd like to learn more, and watch this space!
With our affection and support in this new year,
P.S.: What's a Tapir?
Tapirs (family Tapiridae, genus Tapirus) are large, herbivorous land mammals that are sometimes referred to as "gardeners of the forest" because of their constant foraging. They perform an essential function (they "move a lot of seeds") while peacefully sharing their habitat with other creatures. Like software should.
Here's what a baby Malayan tapir looks like. May our logo do it justice!
(photo: Wong Maye-E/Associated Press via Los Angeles Times)