A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Similar documents
Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Copyright 2011 Trend Micro Inc.

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Best Practices in Securing a Multicloud World

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Maximum Security with Minimum Impact : Going Beyond Next Gen

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Symantec Ransomware Protection

AT&T Endpoint Security

What It Takes to be a CISO in 2017

Synchronized Security

Changing face of endpoint security

CipherCloud CASB+ Connector for ServiceNow

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

ANATOMY OF AN ATTACK!

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Cyber security tips and self-assessment for business

ISE North America Leadership Summit and Awards

From Managed Security Services to the next evolution of CyberSoc Services

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Security Audit What Why

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

K12 Cybersecurity Roadmap

Compliance Audit Readiness. Bob Kral Tenable Network Security

Carbon Black PCI Compliance Mapping Checklist

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

SHS Annual Information Privacy and Security Training

CIS Controls Measures and Metrics for Version 7

CYBERSECURITY RISK LOWERING CHECKLIST

CIS Controls Measures and Metrics for Version 7

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Mobile Devices prioritize User Experience

Tripwire State of Cyber Hygiene Report

Personal Cybersecurity

Information Governance, the Next Evolution of Privacy and Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

CompTIA CSA+ Cybersecurity Analyst

Building Resilience in a Digital Enterprise

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Cyber Security. Our part of the journey

Trend Micro and IBM Security QRadar SIEM

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

Ultimate. Security Guide

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Monthly Cyber Threat Briefing

Mapping BeyondTrust Solutions to

Un SOC avanzato per una efficace risposta al cybercrime

Introduction to Information Security Dr. Rick Jerz

Evolution Of Cyber Threats & Defense Approaches

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Critical Hygiene for Preventing Major Breaches

CloudSOC and Security.cloud for Microsoft Office 365

Built-in functionality of CYBERQUEST

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Securing Your Most Sensitive Data

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Mobile County Public School System Builds a More Secure Future with AMP for Endpoints

Too Little Too Late: Top Reasons Why You Got Hacked

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Tips for Passing an Audit or Assessment

Personal Physical Security

How NOT To Get Hacked

DEEP FREEZE CLOUD FOR HIPAA COMPLIANCE

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Cyber, An Evolving Ecosystem: Creating The Road For Tomorrows Smart Cities

Splunk. Plataforma de Datos. Denise Roca / Gerente de Software

Artificial Intelligence Drives the next Generation of Internet Security

A General Review of Key Security Strategies

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

How Cyber-Criminals Steal and Profit from your Data

T22 - Industrial Control System Security

Securing Health Data in a BYOD World

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Security by Default: Enabling Transformation Through Cyber Resilience

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

locuz.com SOC Services

A Comprehensive Guide to Remote Managed IT Security for Higher Education

RSA Security Analytics

Transcription:

SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat Analytics MedImpact Healthcare Systems, Security @larrybiggs

HIPAA Compliance Framework Healthcare data is governed by HIPAA, the Health Insurance Portability and Accountability Act *Not a female HIPPA as it turns out The HIPAA Privacy Rule is deeply concerned about Personal Health Information (PHI) 2

HIPAA & PHI 18 key elements to focus on HIPAA Privacy rule protects individually identifiable health information of deceased individuals for 50 years HIPAA/HITECH have a punitive side as well something to watch for Don t get us started on GDPR! 3

MedImpact approach to securing information A balanced approach (work vs fun) with HIPAA in mind: No end user administrator access on laptops/desktops Security Awareness training for users Patching of endpoints, servers, and devices Web content filtering both on and off premises Mobile device management to protect data Interconnected security solutions to increase herd immunity Trend Micro OfficeScan, Control Manager, Smart Protection Server Trend Micro TippingPoint IP Reputation, filter-based blocking Trend Micro Deep Discovery on internal networks for anomaly detection Protecting the business Network Access Control to prevent random machines from popping up on the network All tools feed into the ATT TMLA SIEM, props to Kevin Wessel and team for supporting us Individual freedoms 4

A Layered Approach Risks vs. Controls Hardware (Appliances) Tools Internet IPS Advanced Persistent Threat VPN Firewall Next Gen Firewall Firewall Security Manager Web Content Filter Hybrid Web Services Firewall Network Access Control Smart Protection Services Anti-Virus & Endpoint Mgmt Identity & Access Mgmt Virtual Private Database Secure File Transfer Vulnerability Assessment Social Engineering (Employees) 5 Phishing (Email) Web Content Filtering SPAM Filtering Secure email IPS Advanced Persistent Threat Security and Compliance Anti-Virus Policies & Endpoint Procedures Management Internal & External Audit Reporting Social Media (Malware, Personal & Corp Data) Web Content Filtering IPS Advanced Persistent Threat Anti-Virus Smart Protection Services Endpoint Management Administrative Management File Integrity Mgmt Mobile (Personal & Corp Data) Wireless Controller Web Content Filtering IPS Wireless Access Management Mobile Device Management 2 Factor Authentication

A Layered Approach Risks vs. Controls Training & Education Third Party Services Internet Security & Compliance Training Vulnerability Assessment Reports Educational Articles Intranet Secure Coding Techniques 7x24 SOC and Security Event & Threat Analysis Managed Security Services Threat Management Services URL/IP Reputation Services Social Engineering (Employees) Security & Compliance Training Phishing Awareness Social Engineering Training Background Checks Phishing (Email) Security & Compliance Training Educational Articles for Intranet Phishing Awareness Social Engineering Training 7x24 SOC and Security Event & Threat Analysis Threat Management Services Social Media (Malware, Personal & Corp Data) Security & Compliance Training Phishing Awareness and Social Engineering Training 7x24 SOC and Security Event & Threat Analysis Threat Management Services Mobile (Personal & Corp Data) Security & Compliance Training Security Event & Threat Analysis Threat Management Services URL/IP Reputation Services 6

No User Level Admin Access No end user admin access, regular users cannot install software You need a compensating mechanism to install software (whitelist) You can use rights elevation software that allows the users to install software that has already been vetted This can be a political battle in the beginning, once you can show results, things will calm down 7

Security Awareness Training Raise awareness of social engineering patterns and schemes Phishing training helps users recognize phishing attempts Password hygiene and multifactor authentication training Personal accounts and sites need to be protected just like work accounts 8

Web Content Filtering We deploy web content filtering on, and off premises to support remote users Web content filtering: Blocks access to sites based on categorization and reputation Blocks access to recently registered domain names If the user is remote, web traffic is sent to a cloud proxy If at work, traffic is sent through a local proxy The same filter profile is applied both on, and off premises 9

Mobile Device Management Mobile device management to protect corporate assets and data We use company issued idevices to reduce attack surface and management overhead MDM can be used to isolate and protect company data and whitelist/blacklist applications MDM also supports the usual functions: find my device, wipe company data, stolen phone wipe everything, etc 10

Patching is critical to your survival Endpoints BIOS, operating system, drivers Appliances routers, switches, security gear Application servers BIOS, operating system, drivers, database, application server software ICS Building management systems, security systems, access control systems IOT coffee machines talking to toasters becoming DDOS bots Software and Mobile they re everywhere! Have an inventory of your assets 11

AntiVirus and Endpoint Detection Response Trend Micro OfficeScan, Smart Protection Server, Control Manager Herd immunity, one device detects something, it is communicated to the rest Suspected files from endpoints or the security gear are sandboxed, malicious files are flagged and updates sent to the herd OfficeScan on the endpoint has web reputation based blocking, USB port blocking Leverages Trend s robust cloud Smart Protection Network 12

REAL WORLD USE CASE EXAMPLES

User Security Awareness In addition to our various security systems and so forth We have people paying attention! 14

Web filtering and Trend Micro OfficeScan reveal CoinHive Web filtering blocks CoinHive Trend Micro OfficeScan detects CoinHive 15

Mobile Device Management Enforcing Policy User installs a blacklisted application MDM detects and schedules remediation 16

A Good Patching Program For The Win! Wannacry hits the streets May 2017 Microsoft had already patched for the exploit in March MalwareTech begins working on WC, finds and registers the sinkhole domain, stopping spread Environments with good patching hygiene slept well! Automated patching allows rapid deployment when needed May 2017 WannaCry 17

Trend Micro Deep Discovery detects bad rep repository Machines check repo for updates Trend alerts based on bad reputation Security reaches out to Systems Systems removes bad repo from approved list 18

Trend Micro TippingPoint constrains Sudoku TippingPoint 3/7/17 2:29:01 PM PST Low RepDV-Cleanup: (matched 69.172.201.217) Reputation Block ATT TMLA case, multiple machines with possible proxyback infection Investigation begins, nothing detectable on machines reaching out Additional machines reaching out Interview users of machines, they all play Sudoku at lunch www.uclick.com/client/sut/fcx/ contains malware loaded print button Block URL in web filtering, flatten machines for good measure 19

Closing Thoughts Things you can apply when you get back to the office No end user admin access on workstations start the discussion Security Awareness Training raise awareness of both personal accounts and corporate accounts, multifactor auth, password hygiene, social eng Web content filtering on and off premises Mobile device management to protect data Inventory assets, Develop good patching hygiene 20

QUESTIONS? REFERENCE TO WANNACRY - HTTPS://WWW.MALWARETECH.COM/2017/05/HOW-TO- ACCIDENTALLY-STOP-A-GLOBAL-CYBER-ATTACKS.HTML

SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat Analytics MedImpact Healthcare Systems, Security @larrybiggs

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback