Cardinal Health Secures Essential Healthcare Support with F5

Cardinal Health makes medical and laboratory products and distributes those products and a spectrum of pharmaceuticals globally. Its motto, “essential to care,” expresses its role in the wellbeing of many communities. A variety of F5 technologies have become similarly essential to the wellbeing of the company’s digital apps.

Business Challenge

Healthcare organizations around the world rely on Cardinal Health for products and services ranging from gloves and pharmaceuticals to data solutions. With headquarters near Columbus, Ohio, the publicly owned firm employs nearly 48,000 people worldwide and earns over $200 billion in annual revenues, which rank it in the top 15 U.S. companies by that measure.

Cardinal Health’s scale and high profile make it a frequent target of cyberattacks. It deploys applications both in on-premises data centers and in multiple clouds. For many years, those apps have been served by a number of F5 solutions, including F5 BIG-IP Local Traffic Manager (LTM), F5 BIG-IP DNS, F5 BIG-IP Access Policy Manger (APM), and F5 BIG-IP Advanced Firewall Manager (AFM).

“We had an existing F5 infrastructure and a good percentage of our virtual IPs that were SSL offloaded, so we had the ability to add inspection at that point,” says Roger Bauer, Senior Systems Engineer at Cardinal Health. The company made the decision to perform that inspection by adding a web application firewall (WAF) to its infrastructure. By increasing visibility into web traffic, the IT team could become more aware of active threats and block attacks to enhance app security. They began investigating a variety of WAF vendors and options.

Solutions

Because Cardinal Health was already familiar with F5 and its products, F5 BIG-IP Advanced WAF rose to the top of the list of solutions under consideration. The relative speed of implementing and integrating a solution from a trusted partner appealed. Bauer says, “We were able to quickly move forward with it and show value.”

Once implemented, the latest F5 solution has proven so successful that Cardinal Health is moving forward with other F5 technology, too. In the coming months, the company’s IT teams expect to deploy a variety of F5 Distributed Cloud Services, including F5 Distributed Cloud Web App Firewall and F5 Distributed Cloud DDoS Protection. Distributed Cloud Services are already securing a few Cardinal health websites, and more assets will join them.

“We have identified a series of apps that need increased protection,” Bauer says. “They were behind different firewalls and WAFs and not getting the attention they required.” He’s currently planning that future deployment to suit the company’s hybrid and multi-cloud operations.

Results

Enhance security while gaining threat visibility

BIG-IP Advanced WAF significantly increased the observability of Cardinal Health’s inbound web traffic. Bauer says, “F5 technology brings a lot of visibility into the business and into applications, and moving into the WAF technologies really brought me—on steroids—into the inspection level.”

According to him, the results were eye-opening. “I’m able to see more of what’s going on behind the scenes and inside the encryption. We learned a lot about the malicious nature of the Internet.” For instance, he realized a newly live Cardinal Health IP address starts receiving malicious packets within two or three minutes.

Now, he says, “For the most part we have a comprehensive inspection policy. The inspection really helps us understand the applications better, understand our security risks better. Our journey of getting into the F5 WAF was being able to not only inspect but do something about it.”

Reduce malicious traffic by 40%

BIG-IP Advanced WAF has helped Cardinal Health block a significant amount of malicious traffic. Bauer says, “Once we got the WAF deployed and started blocking the necessary OWASP Top 10 threats and everything else we were finding, we were knocking down probably about 20 to 30% of the traffic—but we were still quite busy.” To address additional attack traffic, Cardinal Health also implemented F5 IP Intelligence Services.

“We should’ve deployed that first,” Bauer says. “After that, we knocked down 40% of our traffic just getting rid of the bad actors with the reputation filter.”

Draw on F5 DevCentral expertise

As a user of various F5 technologies, Bauer praises the F5 DevCentral technical community as a source for solutions and ideas. A nationally recognized volunteer in his spare time, he’s also a recipient of the F5 DevCentral MVP Award for his contributions to other F5 users.

“I learned very quickly that the more I gave into DevCentral, the more I got back,” he says. “It’s always a learning experience for me, and I also see things there I would’ve never thought to do. I like that the community can fill in weaknesses I have, and I don’t have to rely on opening a support ticket—I can ask a question and log on the next day and read through two or three possible solutions.”

Perhaps more often, Bauer is the one offering solutions, but he says, “Teaching and giving back enriches me and makes me better.”

Gain insights needed to lower technical debt

Bauer’s deep expertise with F5 technologies pays off for his company in the reduction of technical debt. Any company in business for as long as Cardinal Health generates that debt, but Bauer says F5 technologies help him reduce it.

“Tech debt is very difficult to get out of an organization, especially one where there’s been some turnover,” he says. “There were applications written a decade ago and the guy who developed it and put it in place isn’t here anymore, and neither is the guy who trained as a backup.”

Fortunately, visibility can sometimes fill that gap. For instance, Bauer can see when the only incoming traffic for a legacy app is from an uptime monitoring tool or certificate inspections. “Then I can try to track down an owner, and if I can’t do that and it’s been that way for 90 days, I can disable it.”

Another example of technical debt cleanup he calls “imperative in the cloud” relates to node building and converting from name and IP address assignments to a fully qualified domain name (FQDN). Bauer says, “The problem we ran into in the cloud is that if they turn a server off and turn it back on, it gets a new IP. So if I hardcode the IP into the node definition, I have to go add another node to the pool. Converting to FQDN solves that problem.”

It also ensures that when apps are abandoned and the server is removed from DNS, it’s obvious and he can disconnect the disabled pool. He says, “That prevents what happened on-prem over the years where somebody would abandon a VIP, at some point somebody would reassign that IP address, and that VIP became live for a different application when it shouldn’t have. Now when they go down it has a unique name, and when it comes back up it has a new name, and I don’t have to worry about it.”

He says the F5 Application Visibility and Reporting (AVR) module in BIG-IP software has been instrumental for technical debt cleanup efforts like this. “I rely a lot on the F5 AVR module, which I think is just wonderful,” Bauer says. “I’ve learned to pull information out of that and identify stuff for cleanup to make our environment more stable and less risky.”

That improves the overall health of the company’s digital estate. In fact, you might say that as Cardinal Health pursues its mission to deliver human wellness, its partnership with F5 helps build the company’s own strength.

Cardinal Health logo
Benefits
  • Enhance security while gaining threat visibility
  • Reduce malicious traffic by 40%
  • Draw on F5 DevCentral expertise
  • Gain insights needed to lower technical debt

Challenges
  • Protect apps from dynamic threats
  • Repel significant attack traffic
  • Secure apps across hybrid and multicloud deployments

Products