Cybersecurity Roadmap: Global Healthcare Security Architecture

Transcription

1 SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect

2 Disclosure No affiliation to any vendor products No vendor endorsements Products represented here are just examples References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies

3 Healthcare IT Challenges Pharmacies Patients and Consumers Payers Ransomware Public Cloud Hospitals Physician Practices Labs Mobile & IoT Healthcare IT Big Data Cybersecurity Healthcare Industry is Increasingly Difficult to Protect & Is becoming a Rich Target Product Innovation Web Trust Regulators and legal 24/7 Always On Industry Certifications Operations And Support Product Development Compliance 3

4 Cybersecurity Journey Threat Modeling & Detection- Focused Vulnerability- Driven Solutions- Driven Compliance- Driven Perimeter Security Layered Security 4 Identity as New Perimeter

5 Security Technology Landscape Network App/Data IAM Endpoint Msg & Collaboration Monitoring 5

6 Technology Overview Total # of Products Total # of Vendors Most # of Products by Domain: IAM Most # of Capabilities covered by one Vendor Total # of Capabilities covered by Product Least # of Products by Domain: Monitoring, Analytics & Audit Approximate # of Products: EOL, Obsolete in Month 6

7 Threat Landscape Source: Verizon Data Breach Report 7

8 NIST Cybersecurity Framework Identify Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Protect Access Control Awareness and Training Data Security Information Protection Process & Procedures Maintenance Protective Technology Detect Anomalies and Events Security Continuous Monitoring Detection Processes Respond Response Planning Communications Analysis Mitigation Improvements Recover Recovery Planning Improvements Communications 8

9 Cybersecurity Architecture Framework Identify Network Architecture Domains Protect IAM Endpoint App/Data Integrated Solutions Detect Monitoring, Audit, Analytics Continuous Feed Respond Recover 9

10 Architecture Development Approach Business Vision & Needs Regulatory Compliance Requirements Key Trends & Emerging Technologies Direction Projects & Initiatives Architecture Vision Architecture Framework Guiding Principles Gap Analysis Future-State & Roadmap Current Capabilities Current State Threat & Risk Policies, Standards, & Guidelines Emphasis Foundational Security Controls 10

11 Key Trends From blocking and detecting attacks to detecting and responding to attacks Rapid breach detection using endpoint threat detection and remediation tools Aggressive segmentation of the network Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized. Use and contribute to shared threat intelligence and fraud exchange services. Source: Gartner 11

12 Cybersecurity Roadmap Development Process Network Example Capabilities Current State Key Trends Future State Gap Analysis Risk Analysis Network DETECT Network Forensic Network Pen Testing SSL Inspection Network Behavior Anomaly Detection Data Loss Prevention Network Sandboxing Roadmap Threat Analysis PROTECT Wireless IPS DDOS Protection Network Access Control Secure Web Gateway Vulnerability Assessment DNS, DHCP, and IPAM Security Public Cloud Security Network Segmentation Network Intrusion Prevention Web Application Firewall Firewall/Next Gen Advanced Persistent Threats Overall Security Architecture SSL/IPSEC VPN Physical and virtual DMZ Reverse Proxy Services and LB Initiatives Maturity Analysis RESPOND Unified Threat Management Network Policy Management Threat and Network Deception Software-Defined Security SIEM Threat Intelligence 12

13 Threat Modeling Source: Lockheed Martin 13

14 Current Network Architecture HQ & Branches Corp Data Centers NBA Rev. Proxy/LB SIEM Cloud WAF Wireless Proxy Core Security VPN NGFW DLP BU Sites Wireless MPLS BU Data Centers, Co-Los Internet Customers Mobile Users Teleworkers 14

15 Future State Network Architecture HQ & Branches Rogue AP Detection Corp D/C Core Security Controls Secure Wired Secure Wireless Other Sites Controls Hybrid WAN Controls Improved Segmentation BU D/C Controls SIEM IDPS VPN Proxy NAC WAF Internet Hybrid WAN DLP Internet APT Customers Mobile Users NGFW CASB 15 SSL Intercept Teleworkers

16 Architecture & Roadmap Data Centers Years FY19 Corporate BUs Hybrid WAN MPLS/ Broadband Intrusion Network Access Detection Control SIEM Analytics SSL Inspect VPN FY18 Unified Threat Management FY17 NetSec Policy Management FY16 APT Network Pen Testing Wireless IDPS Threat Deception DCs/Retails Mobile Users Home Office Broadband Broadband Proxy Data Loss Prevention SSL Inspect VPN Advanced Threat Identity & Access Cloud Access Security Broker (CASB) Public Cloud Network WAF Segmentation NAC Illustrative IPDS SSL Interception Secure Cloud Exchange Guest Wireless NAC Home VPN NAC DDOS & DNS Protection Secure Hybrid WAN Software Defined Perimeter 16

17 Cybersecurity Roadmap Development Process IAM Example Capabilities Current State Key Trends Future State Gap Analysis Risk Analysis IAM Monitoring, Audit & Compliance Threat Analysis Maturity Analysis PROTECT DETECT Access Recertification Segregation of Duties Detection Identity Management User Self Service Password Management Access Request Management Workflow and Approval Management Cloud/On Premises Provisioning Audit, Logging, Reporting User and Entity Behavior Analytics Access Management Web Access Management / SSO Cloud / Federated SSO Authentication Authorization Risk-Based Adaptive Access Monitoring Role Mining and Management Identity Data Services Identity Data Storage Virtual Directory Services (VDS) Meta Directory Data Synchronization / Replication Graph Data Services Roadmap Overall Security Architecture Initiatives Identity Proofing Mobile SSO Privileged Access Management Passwordless / MFA API Security Illustrative 17

18 IAM Technology Roadmap Years FY19 Business Risk FY18 High Medium Low Unknown FY17 Monitoring Dashboard UBA UMA SCIM FHIR Security PAM FY16 Role Lifecycle Mgt. SOD Controls Mobile SSO UAR IGA Federated ID Mgt. Virtual Directory High Assurance IDP ID Proofing Services Block Chain Technology Illustrative API Gateway Risk Based Access Control ID Lifecycle mgt. Open ID Connect BYOID IDAAS MFA Oauth 2.0 Graph Directory Biometric Authentication Protect 18

19 Cybersecurity Framework Domain Mapping Cybersecurity Framework Network IAM Endpoint App/ Data Monitor Rating Scale Description Identify Fully Meet Protect Usually Meet Detect Partially Meet Respond Recover Rarely Meet Does Not Meet Observations Sufficient coverage for endpoint Network domain lacks detection controls Overall lack of detection controls Monitoring capability exist mainly in the Protect Illustrative 19

20 Key Initiatives Other Domains Network Multi-factor UEBA Intrusion Detection & Prevention Cloud IDaaS Network Segmentation User Managed Access Wireless Detection Identity Governance Cloud Access Security Broker User Access Review Network Access Control Detect Respond Advanced Detection Security Analytics Advanced Endpoint Protection & Detection Federation Network Security Monitoring Virtual Directory Threat Deception DDOS IAM Multi-factor Threat Intelligence Application Security UEBA Cloud IDaaS User Managed Access Protect Adaptive Authentication (IAM) Identity Governance User Access Review Federation Malware protection system Cloud Security Virtual Directory 20

21 Core Solutions Architecture Network App/Data IAM Endpoint Monitoring/Analytics Illustrative 21

22 Apply Slide Next week you should: Begin needs assessment Begin collecting current security controls, tools, and products In the first three months following this presentation you should: Tailor cybersecurity framework, architecture domains, and assessment process Begin documenting current capabilities and gaps Within six months you should: Complete the current capability assessment Begin developing future-state architecture and roadmap 22