Cyber Protection | Network Protection

We provide network security solutions that protect and enforce KP policies and ensure regulatory compliance. This includes technology engineering and support for firewall rule changes, intrusion/malware prevention, internet content filtering, VPN B2B network connections, network segmentation, etc.

Network Security Planning and Consulting

We help customers achieve the highest degree of protection from security threats as the technology landscape changes and business needs evolve.

Our consultants are experienced network security professionals and product specialists. Our consulting services address the specific needs of our customers to deliver successful outcomes. The consultant reviews business needs and discusses important design principles to fully understand and document  requirements. Once the consultant has finished executing the initial review, an update will be provided outlining our findings and next step recommendations.

Service Level Agreement (SLA)

Work Orders that provide all specific details will be acknowledged within two business days of submission, followed by appropriate consulting resource assignment. Timelines will be worked out with the project team.

Getting Started

You have three ways to request this service:

  1. Create a Directed Service Request
  2. Provide a brief description
  3. Select “Cyber Network Security Consult” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security Consult” from the dropdown
  4. Provide a detailed description. State your needs and provide project name/ID if applicable.
  5. Attach additional details and supporting documents by clicking “Add attachments”
  6. Click “Add to Cart”
  7. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Jeff Chaffin, Chief Infrastructure Engineer, 951-270-5583, jeff.g.chaffin@kp.org

New B2B / Alliance VPN Connection

This service provides for the implementation of new external business connections, either via internet VPN or dedicated circuits for high availability or patient care requirements. Business partner connections to KP are protected by dedicated network firewalls.

Service Level Agreement (SLA)

We will implement the new external business connection two weeks after all required information has been provided and the risk assessment is at an acceptable level of risk for KP.

Getting Started

  1. Review the Risk Assessment Questionnaire – B2B – Instructions document to help determine the responses you will provide in the Risk Assessment Questionnaire
  2. Download the zip file containing the Risk Assessment and VPN Forms and complete them
  3. Create a Directed Service Request
  4. Provide a brief description
  5. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  6. Provide a detailed description. State your needs and provide project name/ID if applicable.
  7. Attach the Risk Assessment Questionnaire – B2B by clicking “Add attachments”
  8. Click “Add to Cart”
  9. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Richard E. Peraza, Director, Network Protection, 951-549-7124, richard.e.peraza@kp.org

B2B / Alliance VPN Changes

Technology, security, and care delivery are ever evolving, so connectivity and applications used by our vendors will change with them. This service provides for requested changes to the existing network firewall / virtual private network (VPN) policies that provide connections to external business partners.

Service Level Agreement (SLA)

Changes that don’t impose undue security risk to KP will be completed within 14 days after all required information is provided on the Firewall Change Request Form. Firewall/VPN policy changes are deployed on Wednesday evenings. Users are requested to test during the evening change window (9 p.m. PT to 5 a.m. PT) to ensure their change is working as desired.

Getting Started

  1. Document your requirements on the Firewall Change Request Form
  2. Create a Directed Service Request
  3. Provide a brief description
  4. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  5. Provide a detailed description. State your needs and provide project name/ID if applicable.
  6. Attach the Firewall Change Request Form by clicking “Add attachments”
  7. Click “Add to Cart”
  8. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Michael Halstead, Senior Manager, Cyber Network Protection, 301-904-3943, michael.k.halstead@kp.org

Firewall Management and Design

Next-generation firewalls ensure Kaiser Permanente has visibility and control of the applications, users, and content traversing its network. As firewalls are the most strategic component of our security infrastructure, they require continuous non-stop operation. Next generation firewalls are deployed at the internet, DMZ, B2B or anywhere segmentation and firewall capabilities are required.

Service Level Agreement (SLA)

Changes that don’t impose undue security risk to KP will be completed within 14 days after all required information is provided on the Firewall Change Request Form. Firewall policy changes are deployed on Tuesday and Thursday evenings. Users are requested to test during the evening change window (9 p.m. PT to 5 a.m. PT) to ensure their change is working as desired.

Getting Started

  1. Document your requirements on the Firewall Change Request Form
  2. Create a Directed Service Request
  3. Provide a brief description
  4. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  5. Provide a detailed description. State your needs and provide project name/ID if applicable.
  6. Attach the Firewall Change Request Form by clicking “Add attachments”
  7. Click “Add to Cart”
  8. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Michael Halstead, Senior Manager, Cyber Network Protection, 301-904-3943, michael.k.halstead@kp.org

Internal Secure Zones

Some Kaiser Permanente assets require special protection due to business or regulatory requirements (e.g. biomedical devices and vendor-managed machines).  We provide this special protection with network firewalls that form protected or “secure zones.”  The business owner decides the level of protection and what access is allowed. This service provides the consulting, design, engineering and implementation support required to implement the appropriate firewalls for a new internal secure zone.

Service Level Agreement (SLA)

Work Orders that provide all specific details will be acknowledged within one week of submission, followed by appropriate resource assignment. Timelines will be worked out with the project team.

Getting Started

  1. Create a Directed Service Request
  2. Provide a brief description
  3. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  4. Provide a detailed description. State your needs and provide project name/ID if applicable.
  5. Attach additional details and supporting documents by clicking “Add attachments”
  6. Click “Add to Cart”
  7. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Richard E. Peraza, Director, Network Protection, 951-549-7124, richard.e.peraza@kp.org

Internet / DMZ

KP internet, DMZ, and all perimeter connections require special protection to ensure the safety of our network and our member data. Currently, we provide this protection with network firewalls. Any new data center that will provide internet / DMZ services for KP must implement this technology. This service provides the consulting, design, engineering and implementation support required to implement the appropriate firewalls to provide internet browsing and DMZ.

Service Level Agreement (SLA)

Work Orders that provide all specific details will be acknowledged within one week of submission, followed by appropriate resource assignment. Timelines will be worked out with the project team.

Getting Started

  1. Create a Directed Service Request
  2. Provide a brief description
  3. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  4. Provide a detailed description. State your needs and provide project name/ID if applicable.
  5. Attach additional details and supporting documents by clicking “Add attachments”
  6. Click “Add to Cart”
  7. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Richard E. Peraza, Director, Network Protection, 951-549-7124, richard.e.peraza@kp.org

Enterprise Internet Content Filtering Policies

Internet content filtering provides protection from web-based threats and enforces national and regional content blocking policies across the KP Network. An exception process is provided for situations in which there is a valid business case for an exception to the regional and/or national block policies that provide these protections to KP’s outbound internet traffic.

Service Level Agreement (SLA)

Changes that don’t impose undue security risk to KP will be completed within 14 days after all required information and approvals are received. Exceptions to web content filtering policies are vetted by our Cyber Risk Defense Center to validate the risk of allowing exceptions and garner risk acceptance if needed. Web content filtering exceptions are typically implemented on Wednesday evenings with our other Firewall change requests.

Getting Started

  1. Create a Directed Service Request
  2. Provide a brief description
  3. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  4. Provide a detailed description. List the website/s to which access is desired and the region under which the policy should be changed. State your needs and provide project name/ID if applicable.
  5. Attach additional details and supporting documents by clicking “Add attachments”
  6. Click “Add to Cart”
  7. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Michael Halstead, Senior Manager, Cyber Network Protection, 301-904-3943, michael.k.halstead@kp.org

Network Malware Detection

Network malware detection and forensics appliances are used to detect and identify network security threats and assist in the remediation and forensic investigation related to an incident. They are innovative network security solutions that address rapidly evolving security threats without adding complexity or excessive resource consumption. Appliances are strategically located at all internet points of presence (PoPs).

Service Level Agreement (SLA)

Although this is a core function, any new requirements will be project based in alignment with Network Services efforts. Network Security will complete the design, engineering and configuration and will also provide go-live support based on agreed to project plan dates.

Getting Started

  1. Create a Directed Service Request
  2. Provide a brief description
  3. Select “Cyber Network Security” or click “Select a support group” if you don’t see that option, and then select “Cyber Network Security” from the dropdown 
  4. Provide a detailed description. List the website/s to which access is desired and the region under which the policy should be changed. State your needs and provide project name/ID if applicable.
  5. Attach additional details and supporting documents by clicking “Add attachments”
  6. Click “Add to Cart”
  7. When checking out, confirm that an appropriate KP sponsor is selected in the “Requested for” dropdown

Point of contact: Richard E. Peraza, Director, Network Protection, 951-549-7124, richard.e.peraza@kp.org