Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

5 minutes with Motti Sorani - What is Device Centric Risk Management (DCRM)?

By Maria Henriquez
5 minutes with Sorani
April 22, 2021

Device Centric Risk Management (DCRM) is a layered approach to cybersecurity that protects each device, driving remediation and mitigation directly on medical and IoT assets. To find out more about how this paradigm helps with regulatory compliance and helps mitigate cyberattacks, we speak to Motti Sorani, Chief Technology Officer at CyberMDX. 

 

Security: What is your background? 

Sorani: Currently I’m the Chief Technology Officer at CyberMDX, but I’ve spent most of my 20 year career in the cyber domain — both in startups and governmental units where my experience has included both the offensive and defensive sides of the space. Most recently, I worked in Israel’s Prime Minister's Office (PMO) where I established and led a department focused on what we saw as cutting-edge cyber capabilities. In the role I managed groups of skilled security researchers, software engineers and dev-ops, and I think this work in particular prepared me well for the nature of the medical space where lives are at stake.

 

Security: What is Device Centric Risk Management (DCRM)?

Sorani: Device Centric Risk Management is what we see as a layered approach to cyber secure unmanaged devices across the healthcare delivery organization’s (HDO) ecosystem. Unmanaged devices, or agentless devices, are the kind of devices that don’t have a management/security agent on them. This includes critical devices such as medical devices, facility devices and other IoT devices that participate in operational or clinical workflows.

DCRM is focused on creating layers of protection around each device that work together to remediate, mitigate or prevent cyber risks. It does this by leveraging on-device, on-network and on-perimeter security controls in a way that is tailored to each device. It allows security professionals to ask fundamental questions that drive the risk management process. For example: What vulnerabilities impact an asset? What is the severity? What are the factors that could impact patient safety or other business objectives? First you need to consider your on-device remediation options – including patching or applying configuration changes, and understanding what the expected risk reduction is in each case. Next, network based access policies and on-perimeter policies are engaged to maximize security. The DCRM approach also includes kickoff workflows and security orchestration to help security teams effectively manage the risks.

Doing so at scale, in organizations that have hundreds of different device families, and thousands of devices overall, is the core value of DCRM. This answers two fundamental questions in any on-going risk management process: 1. What should I handle next?; and What are my options? (i.e., all the ‘fix’ options).

 

Security: How can the paradigm help decrease the major increase of cyberattacks, such as ransomware, against hospitals and medical networks?

Sorani: Let’s use  a fleet of radiology machines as an example here. These devices take part in many clinical workflows, from ER to patient discharge, and some, such as MRI machines are major sources of profit for hospitals that help offset the costs of other less profitable, but no less important, clinical activities. Due to outdated operating system exposed network services (e.g., SMB, RDP, SSH, etc.), many of these devices carry worm-able vulnerabilities. Because the impact on care availability is huge, yet the security fences are low, this combination makes these machines a typical target for ransomware threat actors. The worm-able vulnerabilities are exploited by the attackers to compromise these machines. As part of the lateral movement phase, they move from the penetration point to the targets - where the ransomware impact is maximized.

While the game plan of ransomware gangs is to move laterally, exploit vulnerabilities, and maximize the potential ransom, the DCRM game plan is to reduce the likelihood this attack will succeed by remediating/mitigating vulnerabilities and limiting the access to these devices. With the rising sophistication of today’s hacker, you can no longer stop cyberattacks solely by focusing on one issue. Putting up strong perimeter protection and hoping nothing gets by is no longer a viable strategy, and the same goes for any one faceted security strategy. DCRM synchronizes the security actions on multiple layers to ensure that even if something gets by one aspect, it will be stopped at the next checkpoint. The system utilizes domain specific knowledge to translate the technical vulnerabilities into business impact to help hospitals and HDOs prioritize vulnerabilities based on severity. Worm-able vulnerabilities will be at the top; then all possible mitigation/remediation options on all layers will be presented. These options include: 1. identifying whether there is a patch available 2. installing a security agent (AV/EDR) that is supported by the vendor, 3. using allowlist or blocklist policies to reduce the attack surface, and 4. limiting the vendor access or the device access to the internet. Once implemented, the chances that an attacker could laterally move into the device are significantly reduced.

 

Security: How does it compare to the current architectures in place? How is it different from a people-centric security framework?

Sorani: Most architectures are network-centric. In fact, traditional enforcers are generally not aware of the function of devices, their criticality level for patient safety, or risk level from a business perspective. By being device centric, DCRM bridges this gap - prioritizing actions on a device-centric basis. Some of these actions are carried by network enforcers, yet the policies derived are fine-tuned to secure these devices while still letting them function properly.

Similar to the way people-centric security frameworks consider people as the attack surface, DCRM considers the unmanaged devices as the attack surface used by attackers to create their malicious impact on patient data confidentiality, patient safety, or care continuity. DCRM calculates the risk exposure related to these aspects to prioritize security actions. It directly impacts the security benefit of these devices. Because of that, it also benefits the people connected to and receiving care from these same devices.

 

Security: Can the DCRM framework help achieve regulatory compliance?

Sorani: Absolutely. DCRM’s layered approach induces a policy per each device group. All the actions taken could be directly mapped to HIPAA regulatory citations and the security controls of the corresponding cybersecurity frameworks such as NIST CSF, HITRUST and CIS. It actually streamlines the compliance posture and tracks the remaining violations so you can demonstrate the actions taken and the progress made along time. HDOs can leverage DCRM to demonstrate their security best practices, as part of the HIPAA Safe Harbor, HR 7898.

KEYWORDS: compliance tools cyber security device security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 5mw Tim Danks

    5 minutes with Tim Danks - Global collaboration in cyber risk management is needed

    See More
  • 5 mins with Omri Kletter

    5 minutes with Omri Kletter – COVID-19, cybersecurity, crime, and fraud management

    See More
  • 5 m with Shneider

    5 minutes with Tehila Shneider - Authorization policy management in the enterprise

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing