cybersecurity roadmap: global healthcare security architecture .cybersecurity roadmap: global...

Download Cybersecurity Roadmap: Global Healthcare Security Architecture .Cybersecurity Roadmap: Global Healthcare

Post on 19-Jun-2018

214 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • SESSION ID:SESSION ID:

    #RSAC

    Nick H. Yoo

    Cybersecurity Roadmap: Global Healthcare Security Architecture

    TECH-W02F

    Chief Security Architect

  • #RSAC

    No affiliation to any vendor products

    No vendor endorsements

    Products represented here are just examples

    References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies

    Disclosure

  • #RSACHealthcare IT Challenges

    3

    Healthcare Industry is Increasingly Difficult to Protect

    &Is becoming a Rich Target

    Patients and ConsumersPayers

    ProductInnovation

    Pharmacies

    Hospitals

    Labs

    PhysicianPractices

    Industry Certifications

    OperationsAnd Support

    ProductDevelopment

    Regulatorsand legal

    Cybersecurity

    Public Cloud

    Ransomware

    Mobile & IoT Big Data

    24/7Always On

    Web Trust

    HealthcareIT

    Compliance

  • #RSACCybersecurity Journey

    4

    Compliance-Driven

    Solutions-Driven

    Vulnerability-Driven

    Threat Modeling & Detection-Focused

    Perimeter Security

    Layered Security

    Identity as New Perimeter

  • #RSACSecurity Technology Landscape

    5

    Network App/Data IAM Endpoint Msg & Collaboration

    Monitoring

  • #RSACTechnology Overview

    6

    Total # of Vendors70Most # of Products by Domain: IAM20

    130 Total # of Products

    Least # of Products by Domain: Monitoring, Analytics & Audit8Approximate # of Products: EOL, Obsolete in 12 24 Month30

    Most # of Capabilities covered by one Vendor10Total # of Capabilities covered by Product160

  • #RSACThreat Landscape

    7Source: Verizon Data Breach Report

  • #RSACNIST Cybersecurity Framework

    8

    Recovery Planning Improvements Communications

    Asset Management Business Environment GovernanceRisk Assessment Risk Management Strategy

    Anomalies and Events Security Continuous MonitoringDetection Processes

    Access Control Awareness and Training Data Security

    Information Protection Process & Procedures

    Maintenance Protective Technology

    Protect

    Identify

    Recover

    Response Planning Communications AnalysisMitigation Improvements

    Detect

    Respond

  • #RSACCybersecurity Architecture Framework

    9

    Protect

    Identify

    Recover

    Detect

    Respond

    Monitoring,Audit, Analytics

    App/Data

    Endpoint

    IAM

    Network

    IntegratedSolutions

    Continuous Feed

    Architecture Domains

  • #RSACArchitecture Development Approach

    10

    CurrentCapabilities Current State

    Direction

    GapAnalysis

    Projects &Initiatives

    BusinessVision & Needs

    Key Trends & Emerging

    Technologies

    Regulatory Compliance

    Requirements

    Guiding PrinciplesArchitecture Framework

    ArchitectureVision

    Future-State & Roadmap

    Policies, Standards, &

    GuidelinesThreat& Risk

    EmphasisFoundational

    SecurityControls

  • #RSAC

    From blocking and detecting attacks to detecting and responding to attacks

    Rapid breach detection using endpoint threat detection and remediation tools

    Aggressive segmentation of the network

    Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification

    Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized.

    Use and contribute to shared threat intelligence and fraud exchange services.

    11

    Key Trends

    Source: Gartner

  • #RSACCybersecurity Roadmap Development Process Network Example

    12

    Current StateCapabilities Gap Analysis

    Roadmap

    Risk Analysis

    Threat Analysis

    Maturity Analysis

    Future StateKey Trends

    OverallSecurity

    Architecture

    Initiatives

    Network

    SSL/IPSEC VPN

    Network Intrusion Prevention

    DNS, DHCP, and IPAM Security

    Firewall/Next Gen

    Secure Web Gateway

    Network Access Control

    Web Application Firewall

    SIEM

    DDOS Protection

    Advanced Persistent Threats

    Data Loss Prevention

    Network Behavior Anomaly Detection

    Network Policy Management

    Network Sandboxing

    Wireless IPS

    Network Segmentation

    SSL Inspection

    Threat and Network Deception

    Threat Intelligence

    Network Forensic

    Network Pen Testing

    Reverse Proxy Services and LBPhysical and virtual DMZ

    Public Cloud Security

    Vulnerability Assessment

    Unified Threat Management

    Software-Defined Security

    DE

    TE

    CT

    PR

    OT

    EC

    TR

    ES

    PO

    ND

  • #RSAC

    13

    Threat Modeling

    Source: Lockheed Martin

  • #RSACCurrent Network Architecture

    14

    HQ & Branches

    Corp Data Centers

    MPLS

    Internet

    BU Data Centers,

    Co-Los

    BUSites

    WAF

    Cloud

    Wireless

    Wireless

    SIEM

    Email

    DLP

    NBA

    NGFW

    CoreSecurity

    Rev. Proxy/LB

    Proxy

    VPN

    Customers

    Teleworkers

    MobileUsers

  • #RSACFuture State Network Architecture

    15

    HQ & Branches

    Corp D/C

    HybridWAN

    BU D/COtherSites

    WAF

    Email

    DLP

    IDPS

    CoreSecurity

    Proxy

    VPN

    Customers

    Teleworkers

    MobileUsers

    NAC

    APT

    NGFW CASB

    HybridWAN

    Internet

    InternetImprovedSegmentation

    Secure WiredSecure Wireless

    Rogue AP Detection

    Controls

    SSL Intercept

    SIEMControls

    ControlsControls

  • #RSACArchitecture & Roadmap

    16

    Years

    FY16

    FY17

    FY18

    FY19

    WAF

    IPDS

    Wireless IDPS

    Public CloudNetwork

    Secure Cloud Exchange

    Guest Wireless NAC

    Home VPN NAC

    Segmentation

    APTNetSec PolicyManagement

    SSL Interception

    Secure Hybrid WAN

    NAC

    Network Pen TestingUnified ThreatManagement

    ThreatDeception

    DDOS & DNS Protection

    Software DefinedPerimeter

    MobileUsers

    HomeOffice

    Corporate

    BUs

    DCs/Retails

    Data Centers

    Proxy

    IntrusionDetection

    Network AccessControl

    Data Loss Prevention

    VPN

    SSL Inspect

    AdvancedThreat

    Analytics

    SIEM

    SSL Inspect

    MPLS/Broadband

    Hybrid WAN

    Broadband

    VPN

    Identity &Access

    Cloud Access Security Broker

    (CASB)

    Broadband

    Illustrative

  • #RSACCybersecurity Roadmap Development Process IAM Example

    17

    Current StateCapabilities Gap Analysis

    Roadmap

    Risk Analysis

    Threat Analysis

    Maturity Analysis

    Future StateKey Trends

    IAM

    Workflow and Approval Management

    Access Request Management

    Password Management

    User Self Service

    PR

    OT

    EC

    TD

    ET

    EC

    T

    Monitoring, Audit & Compliance

    Monitoring

    User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection

    Access Recertification Audit, Logging, Reporting

    Identity Management

    Cloud/On Premises Provisioning

    Identity Proofing

    Privileged Access Management

    Access Management

    Web Access Management / SSO

    Cloud / Federated SSO

    Authentication

    Authorization

    Risk-Based Adaptive Access

    Mobile SSO

    Passwordless / MFA

    Identity Data Services

    Identity Data Storage

    Virtual Directory Services (VDS)

    Meta Directory

    Data Synchronization / Replication

    Graph Data Services

    API Security

    OverallSecurity

    Architecture

    Initiatives

    Illustrative

  • #RSAC

    18

    IAM Technology RoadmapYears

    FY16

    FY17

    FY18

    FY19

    Oauth 2.0Risk BasedAccess Control

    IDAAS

    ID ProofingServices

    Open ID Connect

    Protect

    Business Risk

    High Medium Low Unknown

    UAR

    UBA

    Federated ID Mgt.

    MFA

    PAM

    BiometricAuthentication

    High Assurance IDP

    SCIM

    Mobile SSO

    SOD Controls

    API Gateway

    IGA

    FHIRSecurity

    MonitoringDashboard

    Role Lifecycle Mgt.

    Virtual Directory

    BYOID

    UMA

    IDLifecycle mgt.

    GraphDirectory

    Block ChainTechnology

    Illustrative

  • #RSAC

    19

    Cybersecurity Framework Domain Mapping

    Cybersecurity Framework Network IAM Endpoint App/Data Monitor

    Identify

    Protect

    Detect

    Respond

    Recover

    Observations

    Sufficient coverage for endpoint Network domain lacks detection controls Overall lack of detection controls Monitoring capability exist mainly in the Protect

    Rating Scale Description

    Fully Meet

    Usually Meet

    Partially Meet

    Rarely Meet

    Does Not Meet

    Illustrative

  • #RSAC

    Multi-factor

    UEBA

    Cloud IDaaS

    User Managed Access

    Identity Governance

    User Access Review

    Federation

    Virtual Directory

    Other Domains

    20

    Key Initiatives

    Intrusion Detection & Prevention

    Network Segmentation

    Wireless Detection

    Cloud Access Security Broker

    Network Access Control

    Netwo

Recommended

View more >