Transcript
Page 1: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

SESSION ID:SESSION ID:

#RSAC

Nick H. Yoo

Cybersecurity Roadmap: Global Healthcare Security Architecture

TECH-W02F

Chief Security Architect

Page 2: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

No affiliation to any vendor products

No vendor endorsements

Products represented here are just examples

References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies

Disclosure

Page 3: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACHealthcare IT Challenges

3

Healthcare Industry is Increasingly Difficult to Protect

&Is becoming a Rich Target

Patients and ConsumersPayers

ProductInnovation

Pharmacies

Hospitals

Labs

PhysicianPractices

Industry Certifications

OperationsAnd Support

ProductDevelopment

Regulatorsand legal

Cybersecurity

Public Cloud

Ransomware

Mobile & IoT Big Data

24/7Always On

Web Trust

HealthcareIT

Compliance

Page 4: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACCybersecurity Journey

4

Compliance-Driven

Solutions-Driven

Vulnerability-Driven

Threat Modeling & Detection-Focused

“Perimeter Security”

“Layered Security”

“”Identity as New Perimeter”

Page 5: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACSecurity Technology Landscape

5

Network App/Data IAM Endpoint Msg & Collaboration

Monitoring

Page 6: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACTechnology Overview

6

Total # of Vendors70Most # of Products by Domain: IAM20

130 Total # of Products

Least # of Products by Domain: Monitoring, Analytics & Audit8Approximate # of Products: EOL, Obsolete in 12 – 24 Month30

Most # of Capabilities covered by one Vendor10Total # of Capabilities covered by Product160

Page 7: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACThreat Landscape

7Source: Verizon Data Breach Report

Page 8: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACNIST Cybersecurity Framework

8

Recovery Planning Improvements Communications

Asset Management Business Environment GovernanceRisk Assessment Risk Management Strategy

Anomalies and Events Security Continuous MonitoringDetection Processes

Access Control Awareness and Training Data Security

Information Protection Process & Procedures

Maintenance Protective Technology

Protect

Identify

Recover

Response Planning Communications AnalysisMitigation Improvements

Detect

Respond

Page 9: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACCybersecurity Architecture Framework

9

Protect

Identify

Recover

Detect

Respond

Monitoring,Audit, Analytics

App/Data

Endpoint

IAM

Network

IntegratedSolutions

Continuous Feed

Architecture Domains

Page 10: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACArchitecture Development Approach

10

CurrentCapabilities Current State

Direction

GapAnalysis

Projects &Initiatives

BusinessVision & Needs

Key Trends & Emerging

Technologies

Regulatory Compliance

Requirements

Guiding PrinciplesArchitecture Framework

ArchitectureVision

Future-State & Roadmap

Policies, Standards, &

GuidelinesThreat& Risk

EmphasisFoundational

SecurityControls

Page 11: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

• From blocking and detecting attacks to detecting and responding to attacks

• Rapid breach detection using endpoint threat detection and remediation tools

• Aggressive segmentation of the network

• Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification

• Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized.

• Use and contribute to shared threat intelligence and fraud exchange services.

11

Key Trends

Source: Gartner

Page 12: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACCybersecurity Roadmap Development Process Network Example

12

Current StateCapabilities Gap Analysis

Roadmap

Risk Analysis

Threat Analysis

Maturity Analysis

Future StateKey Trends

OverallSecurity

Architecture

Initiatives

Network

SSL/IPSEC VPN

Network Intrusion Prevention

DNS, DHCP, and IPAM Security

Firewall/Next Gen

Secure Web Gateway

Network Access Control

Web Application Firewall

SIEM

DDOS Protection

Advanced Persistent Threats

Data Loss Prevention

Network Behavior Anomaly Detection

Network Policy Management

Network Sandboxing

Wireless IPS

Network Segmentation

SSL Inspection

Threat and Network Deception

Threat Intelligence

Network Forensic

Network Pen Testing

Reverse Proxy Services and LBPhysical and virtual DMZ

Public Cloud Security

Vulnerability Assessment

Unified Threat Management

Software-Defined Security

DE

TE

CT

PR

OT

EC

TR

ES

PO

ND

Page 13: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

13

Threat Modeling

Source: Lockheed Martin

Page 14: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACCurrent Network Architecture

14

HQ & Branches

Corp Data Centers

MPLS

Internet

BU Data Centers,

Co-Los

BUSites

WAF

Cloud

Wireless

Wireless

SIEM

Email

DLP

NBA

NGFW

CoreSecurity

Rev. Proxy/LB

Proxy

VPN

Customers

Teleworkers

MobileUsers

Page 15: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACFuture State Network Architecture

15

HQ & Branches

Corp D/C

HybridWAN

BU D/COtherSites

WAF

Email

DLP

IDPS

CoreSecurity

Proxy

VPN

Customers

Teleworkers

MobileUsers

NAC

APT

NGFW CASB

HybridWAN

Internet

InternetImprovedSegmentation

Secure WiredSecure Wireless

Rogue AP Detection

Controls

SSL Intercept

SIEMControls

ControlsControls

Page 16: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACArchitecture & Roadmap

16

Years

FY16

FY17

FY18

FY19

WAF

IPDS

Wireless IDPS

Public CloudNetwork

Secure Cloud Exchange

Guest Wireless NAC

Home VPN NAC

Segmentation

APTNetSec PolicyManagement

SSL Interception

Secure Hybrid WAN

NAC

Network Pen TestingUnified ThreatManagement

ThreatDeception

DDOS & DNS Protection

Software DefinedPerimeter

MobileUsers

HomeOffice

Corporate

BUs

DCs/Retails

Data Centers

Proxy

IntrusionDetection

Network AccessControl

Data Loss Prevention

VPN

SSL Inspect

AdvancedThreat

Analytics

SIEM

SSL Inspect

MPLS/Broadband

Hybrid WAN

Broadband

VPN

Identity &Access

Cloud Access Security Broker

(CASB)

Broadband

Illustrative

Page 17: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACCybersecurity Roadmap Development Process IAM Example

17

Current StateCapabilities Gap Analysis

Roadmap

Risk Analysis

Threat Analysis

Maturity Analysis

Future StateKey Trends

IAM

Workflow and Approval Management

Access Request Management

Password Management

User Self Service

PR

OT

EC

TD

ET

EC

T

Monitoring, Audit & Compliance

Monitoring

User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection

Access Recertification Audit, Logging, Reporting

Identity Management

Cloud/On Premises Provisioning

Identity Proofing

Privileged Access Management

Access Management

Web Access Management / SSO

Cloud / Federated SSO

Authentication

Authorization

Risk-Based Adaptive Access

Mobile SSO

Passwordless / MFA

Identity Data Services

Identity Data Storage

Virtual Directory Services (VDS)

Meta Directory

Data Synchronization / Replication

Graph Data Services

API Security

OverallSecurity

Architecture

Initiatives

Illustrative

Page 18: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

18

IAM Technology RoadmapYears

FY16

FY17

FY18

FY19

Oauth 2.0Risk BasedAccess Control

IDAAS

ID ProofingServices

Open ID Connect

Protect

Business Risk

High Medium Low Unknown

UAR

UBA

Federated ID Mgt.

MFA

PAM

BiometricAuthentication

High Assurance IDP

SCIM

Mobile SSO

SOD Controls

API Gateway

IGA

FHIRSecurity

MonitoringDashboard

Role Lifecycle Mgt.

Virtual Directory

BYOID

UMA

IDLifecycle mgt.

GraphDirectory

Block ChainTechnology

Illustrative

Page 19: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

19

Cybersecurity Framework Domain Mapping

Cybersecurity Framework Network IAM Endpoint App/Data Monitor

Identify

Protect

Detect

Respond

Recover

Observations

• Sufficient coverage for endpoint• Network domain lacks detection controls• Overall lack of detection controls• Monitoring capability exist mainly in the Protect

Rating Scale Description

Fully Meet

Usually Meet

Partially Meet

Rarely Meet

Does Not Meet

Illustrative

Page 20: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

• Multi-factor

• UEBA

• Cloud IDaaS

• User Managed Access

• Identity Governance

• User Access Review

• Federation

• Virtual Directory

Other Domains

20

Key Initiatives

• Intrusion Detection & Prevention

• Network Segmentation

• Wireless Detection

• Cloud Access Security Broker

• Network Access Control

• Network Security Monitoring

• Threat Deception

• DDOS

• Multi-factor

• UEBA

• Cloud IDaaS

• User Managed Access

• Identity Governance

• User Access Review

• Federation

• Virtual Directory

Security Analytics

Adaptive Authentication

(IAM)

AdvancedDetection

Malware protection

system

ThreatIntelligence

Advanced Endpoint

Protection & Detection

Cloud Security

ApplicationSecurity

IAM

Network

Respond

Protect

Detect

Page 21: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSACCore Solutions Architecture

21

Network App/Data IAM Endpoint

Monitoring/Analytics

Illustrative

Page 22: Cybersecurity Roadmap: Global Healthcare Security Architecture · Cybersecurity Roadmap: Global Healthcare Security Architecture. ... Lockheed Martin. ... Virtual Directory Services

#RSAC

“Apply” Slide

22

Next week you should:Begin needs assessmentBegin collecting current security controls, tools, and products

In the first three months following this presentation you should:Tailor cybersecurity framework, architecture domains, and assessment processBegin documenting current capabilities and gaps

Within six months you should:Complete the current capability assessmentBegin developing future-state architecture and roadmap


Top Related