This post was originally published on this site

healthcare internet of medical things IoMT medical device security KLAS

By Jessica Davis

– The latest KLAS research around the early internet of medical things (IoMT) market shows Zingbox and Ordr are considered the most in competitive deals.

KLAS interviewed 47 healthcare organizations that recently selected an IoMT vendor to assess the range of vendors they considered, as well as the one they ultimately chose. The aim was to determine what factors contributed to their decision and how they leveraged third-party service firms during the process.

“As healthcare IT has become increasingly interconnected, securing medical devices – many of which were not purpose built for usage on a computer network – has become a top priority for healthcare security professionals,” researchers wrote.

“In response, a plethora of IoMT software has emerged, creating high purchase energy, especially among larger organizations,” they added.

Notably, nearly half of the interviewed providers have enlisted a service firm to help with their medical device security needs. Medical device security has been a key concern in recent years, given many were not designed with security in mind. But awareness has been steadily increasing, and the new KLAS report reveals just what organizations are looking for when selecting an IoMT vendor.

READ MORE: SMB, IoT Attacks Rapidly Increasing, while Mirai Malware Dominates

According to the report, Zingbox was considered more than any other vendor assessed in for the report (79 percent), which researchers attributed to its first-to-market advantage and its technical capabilities, such as accurate identification of devices and actionable insights obtained from granular device data.

However, organizations that considered Zingbox and ultimately chose another vendor cited incongruency in the vendor’s pre-sales process, including “overly aggressive resources.” Others said they were disinterested or that the wrong personnel gave the demo.

Another one-third attributed their choice of another vendor to Zingbox’ pricing model. The vendor has been addressing the issues, and researchers noted that decisions made more recently were less likely to mention this concern. What’s more, Palo Alto Networks announced their intent to acquire Zingbox.

Ordr (CloudPost) was the second-most considered IoMT vendor (59 percent), which researchers attributed to the vendor’s culture resonating with customers. But customers also struggled with pre-sale challenges, such as high-pressure sales tactics and hard-to-follow demos.

“In this environment, Ordr – another cross-industry early market entrant that has seen rapid growth and high consideration – is frequently chosen for their company culture, which includes strong Cisco roots, speedy and responsive turnaround on customer requests, a willingness to share knowledge, and strong investment in customer success,” researchers wrote.

READ MORE: 82% IoT Devices of Health Providers, Vendors Targeted by Cyberattacks

“While technology factors are the most common reason organizations cite for choosing a specific vendor, many IoMT solutions offer similar core capabilities,” they added. “Thus, organizations look for vendors that can deliver more than just technology.”

Medigate (44 percent) and CyberMDX (38 percent) were the third- and fourth-most considered vendors, which was attributed to the vendors’ healthcare focus. Researchers noted these vendors have seen an increasing interest in the market as they are considered unique for their internal device-vulnerability researcher teams.

Healthcare organizations that chose CyberMDX were drawn to their data accuracy and willingness to partner, while welcoming the opportunity to codevelop the product with the vendor. They also cited the vendor’s responsiveness, frequent touch points, flexibility, and speed of product adaption.

Those that went with another vendor cited product-maturity concerns.

Organizations that chose Medigate overwhelmingly pointed to integration as the main factor, “something that is not the case for other vendors.”

READ MORE: Microsoft Warns Hackers Targeting IoT Devices to Breach Networks

“Medigate’s integration with key security solutions enables customers to create and enforce security policies, exchange critical information, and quickly secure at-risk devices,” researchers wrote. “Customers also highlight a knowledgeable, energetic staff that is hands on in addressing customer needs.”

However, nearly half of those organizations that considered but did not choose Medigate, said they felt the vendor was not ready to cover all devices – like non-medical devices – at the time they made their decision.

On the other hand, 20 percent of health organizations first considered Armis. Those that did not choose the vendor noted the lack of healthcare reference sites fueled that decision. Those that did choose Armis, however, cited cost, partnership, and broad IoT capabilities.

According to the report, these are some other vendors considered but not chosen: Aruba, Cisco, Conventus, Forcepoint, Fortified Health Security, GKPI Digital, LogRhythm, MedCrypt, Observable Networks, Qualys, Securolytics, Securonix, Splunk, and WootCloud.

“Looking for creative ways to manage IoMT security, organizations also considered a slew of other cross-industry vendors who were ultimately deemed to lack the needed core capabilities or healthcare depth, researchers wrote. “A handful considered Forescout Technologies, but decided the NAC functionality didn’t meet their core device-discovery/asset-management needs.”

KLAS did not asses how these vendors actually perform, but researchers said a future report will assess those elements.