New Research Report: What are security leaders saying about their security postures? View the Findings ➞

RELIAQUEST HELPS MOFFITT TREAT REACTIVE SECURITY WOES

Moffitt Cancer Center Achieves Best-In-Class Security Operations Through Partnership with ReliaQuest

Established in 1982, Moffitt Cancer Center is a nonprofit cancer treatment and research center located in Tampa, Florida. As one of the leading cancer centers in the United States, Moffitt has the Southeast’s largest blood and marrow transplant and treatment program, with 10,000+ employees supporting more than 350,000 patient visits a year.

 

Moffitt’s IT security team includes a Threat Analytics Center (TAC) with six analysts focused primarily on threat hunting, analysis, and response; and a Cyber Operations team, which handles day-to-day operations, risk assessments and management, and more. The team, formerly led by Chief Information Security Officer (CISO) Dave Summitt, is dedicated to protecting Moffitt from cyber threats that could interfere with its critical mission “to contribute to the prevention and cure of cancer.”

Diagnosing the elements of best-in-class security operations

Summitt says his organization adopted ReliaQuest’s Open XDR-as-a-Service platform, GreyMatter, to help amplify analysts’ skills and expertise and make better use of IT resources. That includes unifying eight key security tools to increase insights and performance: SIEM, EDR, cloud access security broker (CASB), device discovery platform, IoT discovery tool, and an AI product to supplement threat hunting.

The positive transformation that Summitt and his team at Moffitt have experienced since implementing the ReliaQuest Open XDR-as-a-Service platform has proven that they can condense their threat response time from days to hours. They have found that it will also give them the ability to adopt a more proactive approach to threat investigations and help them achieve their goal of becoming more outcome-driven vs. alert-driven.

Learn about Open XDR-as-a-Service

With ReliaQuest GreyMatter, we’re able to turn an alert into a true catch much faster. And our response, from finding a threat to remediating it, has reduced from days to hours.

The right partner to accelerate security goals

Not only did ReliaQuest help the Moffitt team to optimize their tools, detection, and alerting capabilities, but because ReliaQuest partners with other industry leaders in healthcare, Moffitt can benchmark its program against peers. This insight, delivered via the Security Model Index, helps to show where they’re improving, where they are best-in-class, and where they need to focus additional effort.

These reports armed Summit to have conversations with his team and show his executive staff and Board how they were decreasing risk for the organization. These benchmarks and insights also helped Summit to project the impact of additional security investment—and secure needed funding.

ReliaQuest delivers peace of mind and support that keeps our security operations running smoothly.  

Security outcomes, achieved

One powerful proof point that underscores the efficacy of Moffitt’s security team is their attainment of a 3.5 maturity level for IT governance and information management, based on ISACA’s 5-level COBIT framework. That score is even more impressive when you consider that Summitt essentially built Moffitt’s security team from the ground up when he joined the organization about six years ago.

“Our 3.5 COBIT score places us in the top 51% of all healthcare organizations,” said Summitt. “And I think Level 4 is completely attainable for us now that we have added ReliaQuest’s GreyMatter to our suite of tools, which will help our team to be even more accurate, fast, and efficient in our work. I can’t stress enough how impactful ReliaQuest is. Frankly, we’d have to take a step backward without the expertise and automation we get from GreyMatter coupled with ReliaQuest’s 24/7/365 security operations team.”

Learn more about GreyMatter

Without a partner like ReliaQuest and the ReliaQuest GreyMatter platform, it would be hard for us to deliver the proactive security services of a best-in-class SOC.