Embed Size (px)
Citation preview
CYBERSECURITY ROADMAP: GLOBAL HEALTHCARE SECURITY ARCHITECTURE
Nick H. Yoo
No affiliation to any vendor products
No vendor endorsements
Products represented here are just examples
References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies
DISCLOSURE
HEALTHCARE IT CHALLENGES
3
Healthcare Industry is Increasingly Difficult to Protect
&Is becoming a Rich Target
Patients and ConsumersPayers
Product
Innovation
Pharmacies
Hospitals
Labs
Physician
Practices
Industry Certifications
Operations
And Support
Product
Development
Regulators
and legal
Cybersecurity
Public Cloud
Ransomware
Mobile & IoT Big Data
24/7
Always On
Web Trust
HealthcareIT
Compliance
CYBERSECURITY JOURNEY
4
Compliance-
Driven
Solutions-
Driven
Vulnerability-
Driven
Threat
Modeling &
Detection-
Focused
“Perimeter
Security”“Layered
Security”
“”Identity as
New Perimeter”
SECURITY TECHNOLOGY LANDSCAPE
5
Network App/Data IAM Endpoint Msg & Collaboration
Monitoring
TECHNOLOGY OVERVIEW
6
Total # of Vendors70
Most # of Products by Domain: IAM20
130 Total # of Products
Least # of Products by Domain: Monitoring, Analytics & Audit8Approximate # of Products: EOL, Obsolete in 12 – 24 Month30
Most # of Capabilities covered by one Vendor10
Total # of Capabilities covered by Product160
THREAT LANDSCAPE
7Source: Verizon Data Breach Report
NIST CYBERSECURITY FRAMEWORK
8
Recovery Planning Improvements Communications
Asset Management Business Environment Governance
Risk Assessment Risk Management Strategy
Anomalies and Events Security Continuous Monitoring
Detection Processes
Access Control Awareness and Training Data Security
Information Protection Process & Procedures
Maintenance Protective Technology
Protect
Identify
Recover
Response Planning Communications Analysis
Mitigation Improvements
Detect
Respond
CYBERSECURITY ARCHITECTURE FRAMEWORK
9
Protect
Identify
Recover
Detect
Respond
Monitoring,Audit, Analytics
App/Data
Endpoint
IAM
Network
Integrated
Solutions
Continuous
Feed
Architecture
Domains
ARCHITECTURE DEVELOPMENT APPROACH
10
Current
CapabilitiesCurrent State
Direction
Gap
Analysis
Projects &
InitiativesBusiness
Vision & Needs
Key Trends &
Emerging
Technologies
Regulatory
Compliance
Requirements
Guiding PrinciplesArchitecture
Framework
Architecture
Vision
Future-State &
Roadmap
Policies,
Standards, &
GuidelinesThreat
& Risk
Emphasis
Foundational
Security
Controls
• From blocking and detecting attacks to detecting and responding to attacks
• Rapid breach detection using endpoint threat detection and remediation tools
• Aggressive segmentation of the network
• Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification
• Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized.
• Use and contribute to shared threat intelligence and fraud exchange services.
11
KEY TRENDS
Source: Gartner
CYBERSECURITY ROADMAP DEVELOPMENT PROCESS NETWORK EXAMPLE
12
Current StateCapabilities Gap Analysis
Roadmap
Risk Analysis
Threat Analysis
Maturity Analysis
Future StateKey Trends
Overall
Security
Architecture
Initiatives
Network
SSL/IPSEC VPN
Network Intrusion Prevention
DNS, DHCP, and IPAM Security
Firewall/Next Gen
Secure Web Gateway
Network Access Control
Web Application Firewall
SIEM
DDOS Protection
Advanced Persistent Threats
Data Loss Prevention
Network Behavior Anomaly Detection
Network Policy Management
Network Sandboxing
Wireless IPS
Network Segmentation
SSL Inspection
Threat and Network Deception
Threat Intelligence
Network Forensic
Network Pen Testing
Reverse Proxy Services and LBPhysical and virtual DMZ
Public Cloud Security
Vulnerability Assessment
Unified Threat Management
Software-Defined Security
DE
TE
CT
PR
OT
EC
TR
ES
PO
ND
13
THREAT MODELING
Source: Lockheed Martin
CURRENT NETWORK ARCHITECTURE
14
HQ &
Branches
Corp Data Centers
MPLS
Internet
BU
Data Centers,
Co-Los
BU
Sites
WAF
Cloud
Wireless
Wireless
SIEM
DLP
NBA
NGFW
Core
Security
Rev.
Proxy/LB
Proxy
VPN
Customers
Teleworkers
Mobile
Users
FUTURE STATE NETWORK ARCHITECTURE
15
HQ &
Branches
Corp D/C
Hybrid
WANBU D/COther
Sites
WAF
DLP
IDPS
Core
Security
Proxy
VPN
Customers
Teleworkers
Mobile
Users
NAC
APT
NGFW CASB
Hybrid
WAN
Internet
Internet
Improved
Segmentation
Secure Wired
Secure Wireless
Rogue AP Detection
Controls
SSL Intercept
SIEM
Controls
ControlsControls
ARCHITECTURE & ROADMAP
16
Years
FY16
FY17
FY18
FY19
WAF
IPDS
Wireless IDPS
Public Cloud
Network
Secure Cloud Exchange
Guest Wireless NAC
Home VPN NAC
Segmentation
APT
NetSec Policy
Management
SSL Interception
Secure Hybrid WAN
NAC
Network Pen Testing
Unified Threat
Management
Threat
Deception
DDOS & DNS Protection
Software Defined
Perimeter
Mobile
Users
Home
Office
Corporate
BUs
DCs/Retails
Data Centers
Proxy
Intrusion
Detection
Network Access
Control
Data Loss
Prevention
VPN
SSL Inspect
Advanced
Threat
Analytics
SIEM
SSL Inspect
MPLS/
Broadband
Hybrid
WAN
Broadband
VPN
Identity &
Access
Cloud Access
Security Broker
(CASB)
Broadband
Illustrative
CYBERSECURITY ROADMAP DEVELOPMENT PROCESS IAM EXAMPLE
17
Current StateCapabilities Gap Analysis
Roadmap
Risk Analysis
Threat Analysis
Maturity Analysis
Future StateKey Trends
IAM
Workflow and Approval Management
Access Request Management
Password Management
User Self Service
PR
OT
EC
TD
ET
EC
T
Monitoring, Audit & Compliance
Monitoring
User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection
Access Recertification Audit, Logging, Reporting
Identity Management
Cloud/On Premises Provisioning
Identity Proofing
Privileged Access Management
Access Management
Web Access Management / SSO
Cloud / Federated SSO
Authentication
Authorization
Risk-Based Adaptive Access
Mobile SSO
Passwordless / MFA
Identity Data Services
Identity Data Storage
Virtual Directory Services (VDS)
Meta Directory
Data Synchronization / Replication
Graph Data Services
API Security
Overall
Security
Architecture
Initiatives
Illustrative
18
IAM TECHNOLOGY ROADMAPYears
FY16
FY17
FY18
FY19
Oauth 2.0Risk Based
Access Control
IDAAS
ID Proofing
Services
Open ID Connect
Protect
Business Risk
High Medium Low Unknown
UAR
UBA
Federated ID Mgt.
MFA
PAM
Biometric
Authentication
High Assurance IDP
SCIM
Mobile SSO
SOD Controls
API
Gateway
IGA
FHIR
Security
Monitoring
Dashboard
Role Lifecycle Mgt.
Virtual Directory
BYOID
UMA
ID
Lifecycle mgt.
Graph
Directory
Block Chain
Technology
Illustrative
19
CYBERSECURITY FRAMEWORK DOMAIN MAPPING
Cybersecurity Framework Network IAM EndpointApp/
DataMonitor
Identify
Protect
Detect
Respond
Recover
Observations
• Sufficient coverage for endpoint
• Network domain lacks detection controls
• Overall lack of detection controls
• Monitoring capability exist mainly in the Protect
Rating Scale Description
Fully Meet
Usually Meet
Partially Meet
Rarely Meet
Does Not Meet
Illustrative
• Multi-factor
• UEBA
• Cloud IDaaS
• User Managed Access
• Identity Governance
• User Access Review
• Federation
• Virtual Directory
Other Domains
20
KEY INITIATIVES
• Intrusion Detection & Prevention
• Network Segmentation
• Wireless Detection
• Cloud Access Security Broker
• Network Access Control
• Network Security Monitoring
• Threat Deception
• DDOS
• Multi-factor
• UEBA
• Cloud IDaaS
• User Managed Access
• Identity Governance
• User Access Review
• Federation
• Virtual Directory
Security Analytics
Adaptive Authentication
(IAM)
AdvancedDetection
Malware protection
system
ThreatIntelligence
Advanced Endpoint
Protection & Detection
Cloud Security
ApplicationSecurity
IAM
Network
Respond
Protect
Detect
CORE SOLUTIONS ARCHITECTURE
21
Network App/Data IAM Endpoint
Monitoring/Analytics
Illustrative
• NIST – comprehensive, risk-based, proactive
• Guideline, flexibility
• Knowing your assets
• Threat actors, method, and appropriate controls (segmentation, encryption)
• Architectural analysis
22
SUMMARY
Source: Gartner
