Minnesota HIMMS 2019 Spring Conferencemn.himsschapter.org/sites/himsschapter/files... · 4. Insider, accidental or intentional data loss 5. Attacks against connected medical devices
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Dwell Time (Threat Discovery Time) still high as cyberattacks become more pervasive and are difficult to detect
Average Time to discovery of Threat in 2018: 197 days*
Response Time
Response Time increasing as investigating, neutralizing & recovering from advanced cyberattacks requires specialized CERT teamsAverage Time to contain cyberattack in 2018: 69 days*
Ponemon Institute 2018 Cost of Data Breach Study
Because…you can’t fix what you can’t see!
Logs
Audits
Events
Identity Context
Alerts
Threat Intelligence
Feeds
Social Media
& Email Activity
Full Packet & DNS
Captures
Iot Data
OT Data
Business Process
Data
Web Page Text
Detailed Audit Trails
Traditional Security Operations
Big Data & Analytics
Current Healthcare Cybersecurity Model
Logs Events
focusing on the tip of the iceberg … Not integrating many crucial security events
Time consuming (reactive – too slow in identifying threats)
Prescriptive Security
A “Single Pane” Security Intelligence Platform based on integration, automation and high performance computing that uses data from past threats to interpret and prevent future attacks before they occur.
• Identify Critical Asset Secure cloud and mobile platforms
• SOC integration for entire environment
• Deploy end-point detection and DLP pilot
• Regulatory Compliance gap remediation
• Harden infrastructure
• MSSP monitoring and oversight
• Reduce MHC attack surface
• Security embedded into major transformation activities
• Basic protection for critical assets
Optimize & ExpandFY’18
• Optimize Security Operations Center
• Initiate third party risk management
• Enhance IAM: streamline access and federation
• Expand network visualization and anomaly detection
• Enhanced IAM; improved efficiency
• Enhanced security for critical assets
• Improved protection and coverage
Expand & AccelerateFY’18-19
• Integrate threat intelligence
• Continuous and pervasive monitoring
• Proactive security remediation
• Enhance forensics and containment
• Comprehensive third-party risk management
• Effective cyber detection and response capabilities
• Reasonable level of protection across
PreemptiveFY’20
• Quantify and reduce vulnerabilities
• Security counterintelligence and brand monitoring
• Comprehensive Security data management and analysis
• Continual risk assessments
• Security orchestration and automated response capabilities
• Preemptive and adaptive capabilities
• Leading level of protection
Preemptive Capabilities
► Organizational priority
Understanding impact of a breach – “investment vs. cost”
► Budget/Resource Constraints
► Timing
► Cost
Consistent “blocking and tackling”
Advanced/Integrated Tools/Technology
Analytics and Machine Learning
High Performance Computing/SOC
Additional Resources – qualified security analysts required for 7/24/365 and different skill sets
► Resources
Attaining and retaining qualified resources
Prescriptive Security Inhouse vs. Collaborative Approach Considerations
Prescriptive Security Collaborative Appoach
Vendor Requirements:
► End-to-End Comprehensive Portfolio of Solutions
Healthcare centric
Services/partnership approach
► Unified Technology Architecture
Best of Breed not going away
System integrators working in cooperation on Open Standards
► Automation and Orchestration
Analytics and Machine learning
Threat intelligence is no longer a separate technology but an integrated part of the SOC neutralizing threats in real time and preventing future attacks
Integrated Threat Feeds –discovered malware provides instantaneous learning for other clients
Prescriptive Security Collaborative Approach
Vendor Requirements:
► High Performance Computing
Velocity of response significantly increased
► Changes SOC operational model and the role of the analyst
Detailed malware analysis, advanced threat hunting and research
Reactive to Proactive –no longer burdened with repetitive alert management
► Flexibility
Outsource appropriate functions
▪ Onsite
▪ 3rd Party SOC
▪ Hybrid
Prescriptive Security Collaborative Approach
Benefits of a Prescriptive Security Collaborative Approach
Integrated Scalability
Analytics & Machine Learning
Data Visualization
Automation & Orchestration
One Security Platform –Single Pane Analyzing massive amount of data
Threat Intelligence integrated part of SOCGlobal Threat Backbone
Act Rapidly & Efficiently71% reduction of Manual Effort
Optimized use of resourcesFocusing on Threat Hunting
Proactive Approach, Better Protection, Resolve more risk, faster and with fewer resources
Thank youFor more information please contact:Dan StewartVice President, IT Strategy and Cyber SecurityDigital Health SolutionsAtos – North America Operations (NAO)M+ 1 678 699 [email protected]