ISE ® SOUTHEAST EXECUTIVE FORUM Change Healthcare Project TITAN: Threat Intelligence Tactical Analysis Network Haddon Bennett, CISO Nominee Showcase Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ISE® SOUTHEAST EXECUTIVE FORUM
Change HealthcareProject TITAN:
Threat Intelligence Tactical Analysis Network Haddon Bennett, CISO
Nominee Showcase Presentation
ISE® Southeast Executive Forum #ISEawards
Company Overview• 6500+ experienced, diverse, passionate and creative team members with a shared vision:•• Our Intelligent Healthcare Network™ is the single largest financial and administrative healthcare network in the United States• $1B+ in revenue• Nationwide • Formally Emdeon; we changed our name to reflect our companies goals
ENABLING SMARTER HEALTHCARE
750,000 Physicians
105,000 Dentists
60,000 Pharmacies
5,000 Hospitals
1,200 Payers (Government & Commercial)
600 Vendor Partners
450 Labs
ISE® Southeast Executive Forum #ISEawards
Have we seen it before?
When and in what context?
The Problem StatementPhishing Emails
Suspicious Files
Parse email headers
Who is the actual sender?
Extract URLsDownload attachments
VirusTotalPassiveTotalTotalhashWHOIS
Submit files & URLs to sandbox
CuckooMalware Analysis
DNS Server
SIEM Monitoring
Intrusion Prevention Systems
Network Advance Malware
Endpoint DLP Product
Web Proxy Server
DETECTIONSIR Process Indicators
from IR
NH-‐ISAC &Hitrust Intel
Trusted Partners &Other Intel Feeds
ISE® Southeast Executive Forum #ISEawards
Have we seen it before?
When and in what context?
The Solution: TITANPhishing Emails
Suspicious Files
Parse email headers
Who is the actual sender?
Extract URLsDownload attachments
VirusTotalPassiveTotalTotalhashWHOIS
Submit files & URLs to sandbox
CuckooMalware Analysis
DNS Server
SIEM Monitoring
Intrusion Prevention Systems
Network Advance Malware
Endpoint DLP Product
Web Proxy Server
DETECTIONSIR Process Indicators
from IR
NH-‐ISAC &Hitrust Intel
Trusted Partners &Other Intel Feeds
Central ThreatIntelligence System
All threat intel feeds back into process
Contextualization
Block Rules
SIEMAlerts
TITAN
ISE® Southeast Executive Forum #ISEawards
What’s Under the Hood
API
Purpose built using open standards and technologies
ISE® Southeast Executive Forum #ISEawards
Benefits and Results• Able to process several thousand threats a day
without human interaction
• Allows our various security tools to share threat intelligence with context and confidence
• Automated model to analyze threats regardless of method received, network attack, malicious email, bad website, etc
• Processed 242K indicators of compromise (IOC’s) in the last 30 days
• Automated actionable intelligence
ISE® Southeast Executive Forum #ISEawards
Thank you and Questions
Questions?
Contact Info: • Haddon Bennett• [email protected]
• John Fellers (Cyber Threat Hunter)• [email protected]
Related Documents
