This article summarizes which IoMT device attributes can be enriched from our connector with Medigate, and the benefits of using that enriched data in policy.
Our integration with Medigate by Claroty is intended to allow customers to use the most accurate medical device classifications in policy decisions. Medigate’s collector sniffs, filters and parses traffic in order to analyze medical device protocols over time. Elisity leverages our own rapid device discovery mechanisms along with the Medigate analysis so that our customer’s medical devices get the most appropriate policies applied in a timely manner.
When a new device is discovered by any Elisity methods, CCC queries Medigate using the following parameters to identify the device using:
- MAC + IP Address if both available
- MAC Address
- IP Address
Mapping of Medigate data objects to Elisity
For the other device genres, IT, OT and IoT, we currently suppress device data from Medigate to ensure that non-medical device classifications are always consistent across Cognitive Trust deployments independently of whether a Medigate Collector is present at all locations.
Latency and timing considerations:
As Medigate analysis involves extensive protocol analysis there are situations where a new medical device classification may change or additional device attributes are gleaned over an extended period of time.
In the absence of a notification mechanism for Medigate to indicate changes to us, CCC will query Medigate multiple times for new devices over a 14-day period to ensure that we render the most accurate info in CCC.
The integration is designed such that Elisity and Medigate functions can be deployed in any order.
Admin-initiated refresh of device info from Medigate:
Customers should not normally need to use this function, but device classification info retrieved from Medigate can be refreshed on demand for any specific device.