Give my background, introduce Mark Precious, Humor, tell Happy to be here when we get a chance to get away from our computer screens and monitors we welcome the opportunity. I don't get a chance to get in front of such a large group so I pulling out my old speech 101 training to help calm me down. I can’t use the old everyone is in their underwear, always seems to throw me so I have a twist I image all of you dressed as superman and super women. If I see any pulling capes over their head I will know to spike up my speech. Thank you for the opportunity to speak toady. I work for VirtualArmor, we are primarily a MSSP provider. And although we support many business we do monitor and manage about 80 hospitals and medical facilities across NA. I am so impressed with the people and the healthcare vertical. The headlines daily. BW Microsoft wants your health record Oct 15 th .Cigna, Aetna, Kaiser, Google. They are all moving in to provide PHI or records, You have the RHIO, NHIN, and other industry sponsored activities. Tremendous activity in thus market. Al driving to increase patient care and hopefully reduce and streamline medical cost. Well with all that is going on and all the Data that could potential reside on servers somewhere we need to make sure we have security in place to protect that valued health information. Thank you for the opportunity to speak. What a great time to be in Health Care IT. Exciting announcements almost Daily. HER embraced by many companies such as , Microsoft, ETC..
How has the network industry adapted to the increase threat, More products to answer expanding threats, more products to allow advanced communications
Explain Riches simples virus, how he spread it and how the nature of attacks have changed.
Make note of the FBI speaker John.
As you can see exposure certainly is not going down and the number of threats continue to increase so the internet security solutions must be doing something to address these expanding threats.
This is a high level architectural slide to speak to the applications under pressure within healthcare and how these application pressures are coupled to the demands of the network. The network must support existing and emerging applications within healthcare while improving performance, lowering cost, and increasing security. How does a CIO or CSO determine were and how to spend his critical IT budget.
THIS SLIDE IS ANIMATED. The day when you did not have to worry about internet criminal activity is over. If you are a large hospital with a large IT staff or a single point Health care professional if you have one or two computers and you are connected to the internet you have the same target rich Data base as the largest hospital. You have a data base of clients, you have personal information, you have financial information, and you have insurance and medical records. With the growth of the Internet enabling e-commerce and electronic transactions, many healthcare institutions and HIPAA covered entities have migrated to electronic payment processing. Use of the Internet for processing of private health information (PHI) and the emergence of Electronic Health Records (HER) ignited grave concerns over privacy and personal information rights. HIPAA does not excuse employee error, ignorance, or network attacks. Talk about how migrating to SSL VPN agent loaded at the remote site? Impossible to handle
Talked about the ever changing landscape and how the various hardware and software network security companies have responded with every changing and more complex products.
THIS SLIDE IS ANIMATED. The need to connect mobile workers, access to critical medical files from various locations, integration and communication to several industry Now that we have all this increase communication we have increase our exposure level and with the increased sophistication we need more tools. Idp If we are to build a national health information network “NHIN” we will need to make sure that we have secure communications to protect patients, healthcare professionals and health care payers. The amount of activity in this area is astounding and with the largest companies world participating. A workable solutions can’t be far off.
All the increased communications comes at a price. Increase level of spam, Trojans, worms . The industry answered with IDP to help protect valuable web servers and web applications that have led to advanced security threats.
THIS SLIDE IS ANIMATED Now let’s go a little deeper into how the solution works, and what’s going on at each step CLICK The Infranet Controller is the access control decision point. It will automatically provision the dynamic download of the Infranet Agent, if that is required – the IA only needs to be downloaded the first time that a user logs in. The Infranet Controller provisions enforcement policy both at login and throughout the session, and can also provide remediation support if a user is non compliant. CLICK The Infranet Controller is fully integrated with virtually all authentication methods and schemes, which allows the enterprise to leverage their existing investments. The Infranet Agent software comes with the Controller appliance. CLICK The Infranet Agent actually consists of several components. The first is Host Check, which assesses the endpoint’s security state. This can include inspection of a number of different attributes, including ports, processes, and verification. It can also determine if the endpoint is running a variety of best-of-breed security applications, which are provisioned using open-standards-based APIs. The second element is the Host Enforcer. The Host Enforcer provides firewall policy if endpoint is accessing a network segment not protected by an Infranet Enforcer, and can provide optional Microsoft IPSec enforcement for authenticated and encrypted transport on Windows machines. The agent can also be configured to provide Windows Single SignOn for a seamless user experience in Active Directory environments. CLICK Unified access control can also be deployed with agentless enforcement. This is particularly critical for Mac and Linux platforms. Agentless enforcement binds endpoint assessment and user identification for source IP-based enforcement. CLICK The Infranet Controller then sends this information to the enforcement point. CLICK Phase one enforcers are any of Juniper’s market leading firewall/VPNs running ScreenOS version 5.3. This is available via a simple software update. CLICK The Infranet Agent continues to assess the endpoint state at administrator-configured intervals. If that state changes; for example, if a security application is disabled for any reason, this information goes to the controller, who will push the changed policy to the enforcement point. This allows real-time reaction to changing network elements. 4/19 Layer Odyssey on the switch and then layer UAC. Odyssey provides 802.1x on the switch. In 2H06, these solutions come together..enforcement is provided at layer 2 and layer 3. You can sell both today and the solution will converge, investment is protected with a service support contract. Standards based method of working with other devices (firewalls) and to provide enforcement. Standards are not yet defined, yet once defined, we plan to support these standards from withing the Trusted Computing Group (TCG).
Healthcare has been an early adopter of WiFi 802.11. As such, they've also been an early adopter of 802.1x and the Odyssey Client is well represented here. Making the right choice with the Odyssey client, we can show Siemens an the healthcare market how our UAC solution merges with the 802.1x solution to provide layer 2 and layer 3-7 network access control.
A stronger play and benefit enabled by the WAN Acceleration is data storage replication. The large amount of data to be backed up on a regular basis can consume many hours and significant bandwidth. Because much of the data is repetitive, significant savings can be had to justify the WAN acceleration product in health care application.
Add information about % of features in each layer, different views We’ll look in more detail at the benefits of the LAN platforms in the data center 1 – Simplify architecture – rather than several discrete boxes all performing different functions, IT can deploy a single integrated platform, with optional N+1 redundancy 2 – double server capacity – IT can redeploy the servers for other functions or, if the company is still in the planning phase, they can spec out half the servers as they originally thought they needed 3 - cut page download times in half, dramatically increasing response times 4 – scalability – the LAN platform also enables companies to support a much larger user population per server 5 – availability – one data center element can fail and the LAN ACEL will re-route the user’s transaction to another web server, application server, or database to complete the transaction 6 – dynamic application adaptation enables IT to define rules on the fly that can redirect lookups or perform other functions – this kind of capability enables the platform to return the desired web page content instead of just the “file not found” error
By helping the CIO to spend their IT budget appropriately in the telecom and WAN/network area, we can help to improve performance and reduce cost in the data center, helpdesk, application development and application maintenance areas. This reduction of cost can help the IT department to assume new initiatives and improve the overall profitability of the company at the end of the day. The past was IT as an operational overhead, the 01/02/03 focus of IT on cost reduction through operating efficiencies ( supply chain, consolidation), now behind us. CIOs are focused linking IT priorities with business priorities. We could extend the value chain to vendors? Naturally this leads to the a need to measure, and the use of IT metrics and quantifying business benefit. In prior years the business saw security and data protection as high priority business issues. However these priorities have lowered, and given way to broader business issues. Looking at Business spend Capital spend. IT is a (relatively) small part of expense allocation yet it impacts top line, and all other costs. IT has high leverage… 3% spend on network – yet it is critical glue between devices (users incl increasingly ‘knowledge workers’), apps (Intellectual property as content in datacenter). The network is touching every packet – and can affect the user experience, and the efficiency of investments in other areas eg servers, clients and software apps. No longer only “forwarding” network capital spend is on Increased intelligence and control for delivery, security, optimization = traffic processing infrastructure. In summary. Traffic processing is a small part of IT capital spend. And IT capital spend is a small part of business spend. However the impact is felt IT spend often split 67% operations 33% Capital Packaged software split ERP 28% (trend down), Directory services 14% (trend up), 11% CRM (ZDnet survey)
As you can see the industry has added products to match the Bad Guys but at an increasing level of cost and complexity
Converged platforms: will reduce cost while increasing coverage and protection. Give examples of new products release buy a few vendors.
Example of spoke location that we manage that is taking advantage of the newer converged platforms. Single platform, multi-function, lower investment, greater protection.
Why we need to continually review and update our security positions. Why we need to be vigilant to protect patient information, financial info, and medical professionals. Health care is a target rich environment.
THIS SLIDE IS ANIMATED. If you’re familiar with HIPAA, you’ll recognize this chart as Appendix A to Subpart C of Part 164 – Security Standards: Matrix of the HIPAA Security Rule. These security standards are not our interpretation, but taken directly from the final HIPAA security standards ruling. Network and Security are not interpreting the final rule within this presentation, but rather providing commonly used solutions where Juniper is well equipped to assist covered entities in developing a solid HIPAA compliance solution. If you are not familiar with the final rule, we recommend that you obtain a copy and use it as your reference for establishing HIPAA compliance. While this presentation addresses many HIPAA compliance requirements, it is not comprehensive in providing a complete HIPAA compliance policy for the covered entity. As you may be aware, there are required and addressable implementation specifications. With addressable implementations specifications, you may find alternative methods to meet the standard or in the limited exception that they may not apply to your situation, bypass the standard with appropriate documentation. However, addressable does not imply “optional” in terms of the requirement to meet HIPAA security standards but provides greater flexibility in how these standards may be met. Juniper, with our wide ranging secured and assured networking and security solutions, is well equipped to help HIPAA covered entities by addressing many of the HIPAA security standards. We have three primary solutions to address HIPAA security standards: They are Secure Remote Access, HIPAA Security Zones, and HIPAA Threat Mitigation with Network-based Compliance Auditing. Outlined here, you can see specifically how many of the implementation specifications can be met with many network solutions. . In some cases, multiple solutions combine to help address the implementation specification. In addition, these tools support the HIPAA auditing requirements, providing excellent auditing capabilities with user access logs (secure access), Firewall Logs, Unified Access Control (UAC) Logs, and IDP logs. When combined through the enterprise audit source (syslog, etc.), most network can provide a great amount of detail for user access and compliance verification. For example: Frequent idle timeout events for remote access by particular users would tend to indicate that the user may have a habit of leaving their station unattended. This enables a proactive response to ensure HIPAA compliance policies are being met.
1. Colorado HIMSS Fall Security Conference The Evolution of Threat Management Solutions: Countering Today’s Sophisticated Attacks Mark Precious and Harold Stokes VirtualArmor VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237
2. Changes in Network Threats Agenda <ul><li>Review history and changes in network threats </li></ul><ul><li>Healthcare regulations and expanding network communications needs </li></ul><ul><li>Introduction of advanced network security products </li></ul><ul><li>Future direction of solutions: converged products, single hardware platform and unified threat management </li></ul><ul><li>Healthcare example: Carlsbad Regional Medical Center </li></ul><ul><li>Security threats in the news </li></ul>
3. Review History and Changes in Network Threats <ul><li>High School Prank Starts 25 years of Security Woes! </li></ul><ul><li>1982: 9th grader Rich Skrenta releases first computer virus, “Elk Cloner,” on friends </li></ul><ul><li>Mid-to-late 90s: Corporate reliance on internet/email makes viruses a global security threat </li></ul><ul><li>1999 – 2003: Melissa, Love Bug, and SoBig bring down networks and cause massive productivity losses. Companies expend significant resources to contain/remove these viruses and repair damaged computers and networks. </li></ul><ul><li>No real criminal intent – virus creators motivated by notoriety/fame </li></ul>
4. Review History and Changes in Network Threats Today the threat has changed! Criminal intent Well funded Profit driven
5. Symantec Security Report, September 2007 <ul><li>Covered 120 million computers running Symantec Security Response during the first half of 2007 </li></ul><ul><li>With 2 million decoy email accounts designed to attract shady attempts worldwide </li></ul><ul><li>US #1 in underground economy servers at 64%, selling verified credit card numbers, government-issued ID numbers and other personal data, (Germany #2, Sweden #3) </li></ul><ul><li>China #1 in web robot or Bots-software infected computers, performing online tasks without the owners’ knowledge </li></ul><ul><li>212,101 malicious code threats reported, an increase of 185% over the previous 6 months </li></ul><ul><li>Three customizable malicious “toolkits” – costing between $300 and $800 – were responsible for 42% of the 2.3 million “phishing” messages, used to steal personal and financial information. </li></ul>Review History and Changes in Network Threats
6. <ul><li>Healthcare Applications Under Pressure: </li></ul><ul><li>SOA and Application Webification </li></ul><ul><li>Secure Remote Access of Patient Information EHR </li></ul><ul><li>Consolidating Data Center and Expediting Medical Record Storage </li></ul><ul><li>Wireless Security, Remote Patient Monitoring, and Unified Access Control </li></ul><ul><li>Migration to IP Infrastructure </li></ul><ul><li>Network Evolution Coupled to Application </li></ul><ul><li>Changes and Healthcare Requirements </li></ul><ul><li>Increased Security Threats </li></ul><ul><li>Bandwidth Increases for Large Volume & Data Replication/Disaster Recovery </li></ul><ul><li>QoS for Demanding Apps/VoIP </li></ul><ul><li>HIPPA </li></ul><ul><li>Regional Health Information Organization (RHIO) </li></ul>Healthcare Regulations and Expanding Network Communications Needs Insurance Providers, Payment Clearinghouse Partners, Patients, Contractors Hospital Mobile Healthcare Providers Remote Data Center Tele-workers Internet Kiosk Medical Clinic WAN web servers app servers databases databases RHIO
7. <ul><li>HIPAA is concerned about privacy of and access to Private Health Information (PHI) and Electronic Health Records (EHR) that reside in stored (static) areas of the network and are transmitted between “covered entities” </li></ul><ul><li>Firewall alone will not meet </li></ul><ul><li>all security requirements </li></ul><ul><li>Use of the Internet increases productivity and lowers communication costs, but requires compliance with HIPAA Security Standards </li></ul><ul><li>Employee error or ignorance, hackers, worms, and viruses increase risk to PHI or EHR </li></ul>Regular Firewall Healthcare Regulations and Expanding Network Communications Needs
8. Introduction of Advanced Security Network Products <ul><li>Firewall/IPSec (Internet Protocol Security) VPN (Virtual Private Network) </li></ul><ul><li>SSL/VPN (Secure Socket Layer Virtual Private Network) </li></ul><ul><li>IDP/IDS (Intrusion Detection and Prevention Solutions) </li></ul><ul><li>Access control and authentication solutions </li></ul><ul><li>Wireless solutions </li></ul><ul><li>WAN (Wide Area Network) and LAN (Local Area Network) acceleration </li></ul>Multiple Layered Security Solutions Combat Sophisticated Threats
9. Securing Communications for Mobile & Work-at-Home Healthcare Providers via SSL VPNs <ul><li>Extend secure and flexible access to remote offices, partners, work at home, and teleworkers…and accelerate application performance over SSL VPN </li></ul><ul><li>Minimizes the remote management and troubleshooting requirements of VPN configurations to scale easily across the enterprise </li></ul><ul><li>SSL VPN solution scales to provide thousands of VPN connections and minimize operational cost </li></ul>Hospital Remote Clinic #1 Data Center Remote Clinic #2 Healthcare Insurance Provider Healthcare Payment Clearinghouse Introduction of Advanced Security Network Products SSL VPN Blocked
10. IDP Network Monitoring and Auditing <ul><li>Customer Problems </li></ul><ul><li>Network intruders enter secure locations without your knowing </li></ul><ul><li>Spyware is placed on your network </li></ul><ul><li>Viruses spread undetected on the network, potentially resulting in network disruptions </li></ul><ul><li>Intrusion Detection and Preventions </li></ul><ul><li>Identify and act against intruders in real-time while avoiding false positives </li></ul><ul><li>Prevent spyware from entering your network </li></ul><ul><li>Detect and stop the spread of viruses before they have the chance to impact the business </li></ul>3. Event logged and reported by network monitoring tools Introduction of Advanced Security Network Products 2. Dropped from the network Regional Office or Medium Central Site Internet Central Site Servers Admin DMZ Zone 2 Zone 3 Zone 1 Network Security Management tools 1. Threat initiated
11. Network Access Control in Healthcare Infranet Agent (IA) Comprehensive enterprise integration AAA Servers Identity Stores Phase 1 Enforcers Infranet Controller (IC) Unified policy enforcement based on identity, endpoint assessment, and network <ul><li>Host Checker </li></ul><ul><li>Host Enforcer (with firewall policy or optional dynamic MS IPSec enforcement) </li></ul><ul><li>MS Windows Single SignOn </li></ul><ul><li>Agentless enforcement for Windows, Mac and Linux </li></ul><ul><li>IA protects authenticated endpoints from malicious/non-compliant endpoints </li></ul><ul><li>Enforcers –Operating System </li></ul><ul><li>Firewall </li></ul><ul><li>From regional SOHO to Enterprise </li></ul><ul><li>Access control decision point </li></ul><ul><li>Automatically provisions Infranet Agent (if required) </li></ul><ul><li>Dynamically provisions enforcement policy </li></ul><ul><li>Integrated remediation support </li></ul>Introduction of Advanced Security Network Products Access Control
12. Healthcare Wireless Network Security Encrypted Tunnel <ul><li>To make WLAN secure, you need a way to prove that the user is who they say they are, including </li></ul><ul><ul><li>A standard way to pass that information through an Ethernet LAN </li></ul></ul><ul><ul><ul><li>802.1x </li></ul></ul></ul><ul><ul><ul><ul><li>Terms in the standard include: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Supplicant </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Authentication Server </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Authenticator </li></ul></ul></ul></ul></ul><ul><ul><li>A standard authentication protocol, that works with many different authentication systems </li></ul></ul><ul><ul><ul><li>Extensible Authentication Protocol (EAP) </li></ul></ul></ul>Access Access Client Introduction of Advanced Security Network Products LAN EAP over LAN EAP in Authentication Server EAP – tunneled authentication & key sharing Accept/Reject
13. WAN Acceleration: Healthcare Data Replication <ul><li>Minimizes bandwidth requirements </li></ul><ul><li>Speeds data replication process </li></ul><ul><li>Improves application performance across the WAN for many applications </li></ul><ul><li>Increases data transfer speeds for large files </li></ul>Hospital Remote Data Center Medical Clinic SSL VPN IPSec VPN router router WAN Acceleration WAN Acceleration Introduction of Advanced Security Network Products SSL VPN WAN web servers app servers databases
14. LAN Acceleration: Server Load Balancing? web servers app servers databases LAN Acceleration Introduction of Advanced Security Network Products web browser Improve availability Improve application performance Double server capacity Simplify data center architecture Protect against attacks Improve scalability web browser web browser web browser web browser authentication Web acceleration HTTP protocol inspection cache SSL SLB
15. CIO Perspective and Challenges Business Priorities IT Priorities Vendor Solutions Business Growth and Differentiation - Understand and improve business processes through new application functionality <ul><li>Control Costs in IT and business </li></ul><ul><li>Allocate IT capital/cost for maximum value </li></ul><ul><li>Efficiency in supply chain, product development, sales </li></ul><ul><li>Return money into the business </li></ul>Improve end user experience - Internal and external customer Telecom WAN/network Datacenter Helpdesk/ Desktop App Dev App mtce Admin Other Profit Operations Sales and Marketing R&D / Prod Dev G&A Support HR/Legal CoS/ Materials Business Measures IT Spend 2-8% CIO and CSO Investment Considerations Connectivity Difficult Problems Measure benefit Measure Benefit Measure benefit
16. CIO and CSO Investment Considerations CIO or CSO has to be Superman! Numerous vendor solutions! Best-of-breed products or single-vendor solutions? Limited IT budget vs. increasing threats Constantly changing threats that are criminal, well funded and profit driven Risk of exposure to the court of public opinion due to non-compliance with government and industry regulations!! Recent IRS Ruling!! WAN Acceleration LAN Acceleration SSL VPN Data base
17. Future Direction Converged Security Platform Converged Products with Unified Threat Management <ul><li>Converged Products: Firewall with Increased Functionality: </li></ul><ul><ul><li>Unified Threat Management </li></ul></ul><ul><ul><li>Intrusion Detection </li></ul></ul><ul><ul><li>Wireless Devices </li></ul></ul><ul><ul><li>VoIP Management </li></ul></ul><ul><ul><li>Router Solutions </li></ul></ul><ul><ul><li>Cable/DSP/T-1 modem replacement </li></ul></ul><ul><li>Many major providers have recently introduced products that converge many functions that were previously independent appliances </li></ul>
18. Carlsbad Regional Medical Center Health Care Example A small rural hospital connects all its local physicians to the hospital network Small regional hospital Rural area 30 physician offices integrated to network Secure Services Gateway Router Firewall/IPSec VPN Unified Threat Management Deep Inspection Wireless for physician and patient T1, DSL, Cable, direct connection
19. Security Threats in the News Web Hack Exposes Personal Data of 14,000 At Nature Conservancy Attacker accessed data via malware attached to association Website OCTOBER 2, 2007 I 5:49 PM - Insider Attacks Put IT Security on the Offensive Attackers Kill Anti-Fraud Site Fraudwatchers.org buckles, collapses under weight of month-long den of -service attack SEPTEMBER 28, 2007 , 4:30 PM OCTOBER 8, 2007 | Spammers are hijacking a service on YouTube to send out waves of e-mails that evade spam defenses by hiding under the video Web site's coattails. Alleged hacker used connections at a McDonald's and Best Buy to launch denial-of-service attacks and then heckle his victims Hackers Breaking Up Botnets to Elude Detection Courtesy of Information Week
20. Thank you! Open Questions Mark Precious and Harold Stokes VirtualArmor The Evolution of Threat Management Solutions: Countering Today’s Sophisticated Attacks
21. Thank you G0 Rockies
22. Required HIPAA Security Standards Source: 45 CFR Parts 160, 162, and 164 - Health Insurance Reform: Security Standards; Final Rule, 2/20/2003. IDP assist with Risk Management assessments. SSL VPN ensures authorization for accessed locations of the network. IDP adds supervision on the network. LAN Acceleration to facilitate authorized access of consolidated EHR storage. HIPAA Security Zones limit access to those with authorization. IDP identifies and protects against malicious software. SSL VPN and IDP provide log-in monitoring. IDP provides response and reporting for security incidents. SSL VPN facilitates use of the network when operating under emergency contingency plans at remote locations. When using electronic surveillance to ensure accountability of physical safeguards, Security Zones and SSL VPN to protect the accountability of the surveillance network. HIPAA Security Zones support access control compliance. SSL VPN with dual token authentication and single concurrent login provides unique user identification. Emergency access and automatic logoff is supported with SSL VPN. A wide variety of sophisticated encryption techniques are supported to ensure privacy of information. WAN and LAN Acceleration products to enabled consolidation of “at risk” confidential information while accelerating deliver over WAN access. IDP provides intelligent logs for Audit Control enforcement. Firewall, SSL VPN, and Unified Access Control can be used independently or combined to support integrity, authentication, and transmission security for the HIPAA Compliance process.
23. Healthcare News Recent headlines enterprise. Security Threats in the News