Cybersecurity Roadmap: Global Healthcare Security Architecture

Similar documents
Security Readiness Assessment

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Security Diagnostics for IAM

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cylance Axiom Alliances Program

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

SYMANTEC DATA CENTER SECURITY

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Mapping BeyondTrust Solutions to

Strategies for a Successful Security and Digital Transformation

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Building a More Secure Cloud Architecture

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Security. Made Smarter.

SIEM: Five Requirements that Solve the Bigger Business Issues

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Security Terminology Related to a SOC

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

MEETING ISO STANDARDS

THE IDENTITY DEFINED SECURITY ALLIANCE

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

CloudSOC and Security.cloud for Microsoft Office 365

Agile Security Solutions

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Verizon Software Defined Perimeter (SDP).

Designing and Building a Cybersecurity Program

How to Apply a Zero-Trust Model to Cloud, Data and Identity

Architecting Microsoft Azure Solutions (proposed exam 535)

The Common Controls Framework BY ADOBE

MITIGATE CYBER ATTACK RISK

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Unlocking the Power of the Cloud

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Compliance Audit Readiness. Bob Kral Tenable Network Security

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

What It Takes to be a CISO in 2017

Build a Software-Defined Network to Defend your Business

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Vendor Overview This is is the go to value-added distributor that accelerates market entry and growth for innovative cybersecurity, networking and inf

Security

Integrated, Intelligence driven Cyber Threat Hunting

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

locuz.com SOC Services

Security Challenges and

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

BUILDING AND MAINTAINING SOC

Security+ SY0-501 Study Guide Table of Contents

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

NW NATURAL CYBER SECURITY 2016.JUNE.16

Cisco & IBM Security SECURING THE THREATS OF TOMORROW, TODAY, TOGETHER

ISE North America Leadership Summit and Awards

Securing Your Most Sensitive Data

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Defensible and Beyond

CipherCloud CASB+ Connector for ServiceNow

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Transforming Security Part 2: From the Device to the Data Center

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

Managed Endpoint Defense

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Building a Resilient Security Posture for Effective Breach Prevention

Why you should adopt the NIST Cybersecurity Framework

PT Unified Application Security Enforcement. ptsecurity.com

Deception: Deceiving the Attackers Step by Step

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Security by Default: Enabling Transformation Through Cyber Resilience

K12 Cybersecurity Roadmap

Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

Crash course in Azure Active Directory

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

CompTIA CSA+ Cybersecurity Analyst

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

A Risk Management Platform

RSA NetWitness Suite Respond in Minutes, Not Months

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

The NIST Cybersecurity Framework

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Critical Hygiene for Preventing Major Breaches

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Transcription:

SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect

Disclosure No affiliation to any vendor products No vendor endorsements Products represented here are just examples References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies

Healthcare IT Challenges Pharmacies Patients and Consumers Payers Ransomware Public Cloud Hospitals Physician Practices Labs Mobile & IoT Healthcare IT Big Data Cybersecurity Healthcare Industry is Increasingly Difficult to Protect & Is becoming a Rich Target Product Innovation Web Trust Regulators and legal 24/7 Always On Industry Certifications Operations And Support Product Development Compliance 3

Cybersecurity Journey Threat Modeling & Detection- Focused Vulnerability- Driven Solutions- Driven Compliance- Driven Perimeter Security Layered Security 4 Identity as New Perimeter

Security Technology Landscape Network App/Data IAM Endpoint Msg & Collaboration Monitoring 5

Technology Overview 130 70 20 10 160 8 30 Total # of Products Total # of Vendors Most # of Products by Domain: IAM Most # of Capabilities covered by one Vendor Total # of Capabilities covered by Product Least # of Products by Domain: Monitoring, Analytics & Audit Approximate # of Products: EOL, Obsolete in 12 24 Month 6

Threat Landscape Source: Verizon Data Breach Report 7

NIST Cybersecurity Framework Identify Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Protect Access Control Awareness and Training Data Security Information Protection Process & Procedures Maintenance Protective Technology Detect Anomalies and Events Security Continuous Monitoring Detection Processes Respond Response Planning Communications Analysis Mitigation Improvements Recover Recovery Planning Improvements Communications 8

Cybersecurity Architecture Framework Identify Network Architecture Domains Protect IAM Endpoint App/Data Integrated Solutions Detect Monitoring, Audit, Analytics Continuous Feed Respond Recover 9

Architecture Development Approach Business Vision & Needs Regulatory Compliance Requirements Key Trends & Emerging Technologies Direction Projects & Initiatives Architecture Vision Architecture Framework Guiding Principles Gap Analysis Future-State & Roadmap Current Capabilities Current State Threat & Risk Policies, Standards, & Guidelines Emphasis Foundational Security Controls 10

Key Trends From blocking and detecting attacks to detecting and responding to attacks Rapid breach detection using endpoint threat detection and remediation tools Aggressive segmentation of the network Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized. Use and contribute to shared threat intelligence and fraud exchange services. Source: Gartner 11

Cybersecurity Roadmap Development Process Network Example Capabilities Current State Key Trends Future State Gap Analysis Risk Analysis Network DETECT Network Forensic Network Pen Testing SSL Inspection Network Behavior Anomaly Detection Data Loss Prevention Network Sandboxing Roadmap Threat Analysis PROTECT Wireless IPS DDOS Protection Network Access Control Secure Web Gateway Vulnerability Assessment DNS, DHCP, and IPAM Security Public Cloud Security Network Segmentation Network Intrusion Prevention Web Application Firewall Firewall/Next Gen Advanced Persistent Threats Overall Security Architecture SSL/IPSEC VPN Physical and virtual DMZ Reverse Proxy Services and LB Initiatives Maturity Analysis RESPOND Unified Threat Management Network Policy Management Threat and Network Deception Software-Defined Security SIEM Threat Intelligence 12

Threat Modeling Source: Lockheed Martin 13

Current Network Architecture HQ & Branches Corp Data Centers NBA Rev. Proxy/LB SIEM Cloud WAF Wireless Proxy Core Security Email VPN NGFW DLP BU Sites Wireless MPLS BU Data Centers, Co-Los Internet Customers Mobile Users Teleworkers 14

Future State Network Architecture HQ & Branches Rogue AP Detection Corp D/C Core Security Controls Secure Wired Secure Wireless Other Sites Controls Hybrid WAN Controls Improved Segmentation BU D/C Controls SIEM IDPS VPN Proxy NAC Email WAF Internet Hybrid WAN DLP Internet APT Customers Mobile Users NGFW CASB 15 SSL Intercept Teleworkers

Architecture & Roadmap Data Centers Years FY19 Corporate BUs Hybrid WAN MPLS/ Broadband Intrusion Network Access Detection Control SIEM Analytics SSL Inspect VPN FY18 Unified Threat Management FY17 NetSec Policy Management FY16 APT Network Pen Testing Wireless IDPS Threat Deception DCs/Retails Mobile Users Home Office Broadband Broadband Proxy Data Loss Prevention SSL Inspect VPN Advanced Threat Identity & Access Cloud Access Security Broker (CASB) Public Cloud Network WAF Segmentation NAC Illustrative IPDS SSL Interception Secure Cloud Exchange Guest Wireless NAC Home VPN NAC DDOS & DNS Protection Secure Hybrid WAN Software Defined Perimeter 16

Cybersecurity Roadmap Development Process IAM Example Capabilities Current State Key Trends Future State Gap Analysis Risk Analysis IAM Monitoring, Audit & Compliance Threat Analysis Maturity Analysis PROTECT DETECT Access Recertification Segregation of Duties Detection Identity Management User Self Service Password Management Access Request Management Workflow and Approval Management Cloud/On Premises Provisioning Audit, Logging, Reporting User and Entity Behavior Analytics Access Management Web Access Management / SSO Cloud / Federated SSO Authentication Authorization Risk-Based Adaptive Access Monitoring Role Mining and Management Identity Data Services Identity Data Storage Virtual Directory Services (VDS) Meta Directory Data Synchronization / Replication Graph Data Services Roadmap Overall Security Architecture Initiatives Identity Proofing Mobile SSO Privileged Access Management Passwordless / MFA API Security Illustrative 17

IAM Technology Roadmap Years FY19 Business Risk FY18 High Medium Low Unknown FY17 Monitoring Dashboard UBA UMA SCIM FHIR Security PAM FY16 Role Lifecycle Mgt. SOD Controls Mobile SSO UAR IGA Federated ID Mgt. Virtual Directory High Assurance IDP ID Proofing Services Block Chain Technology Illustrative API Gateway Risk Based Access Control ID Lifecycle mgt. Open ID Connect BYOID IDAAS MFA Oauth 2.0 Graph Directory Biometric Authentication Protect 18

Cybersecurity Framework Domain Mapping Cybersecurity Framework Network IAM Endpoint App/ Data Monitor Rating Scale Description Identify Fully Meet Protect Usually Meet Detect Partially Meet Respond Recover Rarely Meet Does Not Meet Observations Sufficient coverage for endpoint Network domain lacks detection controls Overall lack of detection controls Monitoring capability exist mainly in the Protect Illustrative 19

Key Initiatives Other Domains Network Multi-factor UEBA Intrusion Detection & Prevention Cloud IDaaS Network Segmentation User Managed Access Wireless Detection Identity Governance Cloud Access Security Broker User Access Review Network Access Control Detect Respond Advanced Detection Security Analytics Advanced Endpoint Protection & Detection Federation Network Security Monitoring Virtual Directory Threat Deception DDOS IAM Multi-factor Threat Intelligence Application Security UEBA Cloud IDaaS User Managed Access Protect Adaptive Authentication (IAM) Identity Governance User Access Review Federation Malware protection system Cloud Security Virtual Directory 20

Core Solutions Architecture Network App/Data IAM Endpoint Monitoring/Analytics Illustrative 21

Apply Slide Next week you should: Begin needs assessment Begin collecting current security controls, tools, and products In the first three months following this presentation you should: Tailor cybersecurity framework, architecture domains, and assessment process Begin documenting current capabilities and gaps Within six months you should: Complete the current capability assessment Begin developing future-state architecture and roadmap 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback