Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybersecurity roadmap : Global healthcare security architecture


Published on

Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)

Published in: Technology

Cybersecurity roadmap : Global healthcare security architecture

  1. 1. SESSION ID:SESSION ID: #RSAC Nick H. Yoo Cybersecurity Roadmap: Global Healthcare Security Architecture TECH-W02F Chief Security Architect
  2. 2. #RSAC No affiliation to any vendor products No vendor endorsements Products represented here are just examples References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies Disclosure
  3. 3. #RSAC Healthcare IT Challenges 3 Healthcare Industry is Increasingly Difficult to Protect & Is becoming a Rich Target Patients and Consumers Payers Product Innovation Pharmacies Hospitals Labs Physician Practices Industry Certifications Operations And Support Product Development Regulators and legal Cybersecurity Public Cloud Ransomware Mobile & IoT Big Data 24/7 Always On Web Trust Healthcare IT Compliance
  4. 4. #RSAC Cybersecurity Journey 4 Compliance- Driven Solutions- Driven Vulnerability- Driven Threat Modeling & Detection- Focused “Perimeter Security” “Layered Security” “”Identity as New Perimeter”
  5. 5. #RSAC Security Technology Landscape 5 Network App/Data IAM Endpoint Msg & Collaboration Monitoring
  6. 6. #RSAC Technology Overview 6 Total # of Vendors70 Most # of Products by Domain: IAM20 130 Total # of Products Least # of Products by Domain: Monitoring, Analytics & Audit8 Approximate # of Products: EOL, Obsolete in 12 – 24 Month30 Most # of Capabilities covered by one Vendor10 Total # of Capabilities covered by Product160
  7. 7. #RSAC Threat Landscape 7 Source: Verizon Data Breach Report
  8. 8. #RSAC NIST Cybersecurity Framework 8 Recovery Planning Improvements Communications Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Anomalies and Events Security Continuous Monitoring Detection Processes Access Control Awareness and Training Data Security Information Protection Process & Procedures Maintenance Protective Technology Protect Identify Recover Response Planning Communications Analysis Mitigation Improvements Detect Respond
  9. 9. #RSAC Cybersecurity Architecture Framework 9 Protect Identify Recover Detect Respond Monitoring, Audit, Analytics App/Data Endpoint IAM Network Integrated Solutions Continuous Feed Architecture Domains
  10. 10. #RSAC Architecture Development Approach 10 Current Capabilities Current State Direction Gap Analysis Projects & Initiatives Business Vision & Needs Key Trends & Emerging Technologies Regulatory Compliance Requirements Guiding Principles Architecture Framework Architecture Vision Future-State & Roadmap Policies, Standards, & Guidelines Threat & Risk Emphasis Foundational Security Controls
  11. 11. #RSAC • From blocking and detecting attacks to detecting and responding to attacks • Rapid breach detection using endpoint threat detection and remediation tools • Aggressive segmentation of the network • Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification • Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized. • Use and contribute to shared threat intelligence and fraud exchange services. 11 Key Trends Source: Gartner
  12. 12. #RSAC Cybersecurity Roadmap Development Process Network Example 12 Current StateCapabilities Gap Analysis Roadmap Risk Analysis Threat Analysis Maturity Analysis Future StateKey Trends Overall Security Architecture Initiatives Network SSL/IPSEC VPN Network Intrusion Prevention DNS, DHCP, and IPAM Security Firewall/Next Gen Secure Web Gateway Network Access Control Web Application Firewall SIEM DDOS Protection Advanced Persistent Threats Data Loss Prevention Network Behavior Anomaly Detection Network Policy Management Network Sandboxing Wireless IPS Network Segmentation SSL Inspection Threat and Network Deception Threat Intelligence Network Forensic Network Pen Testing Reverse Proxy Services and LBPhysical and virtual DMZ Public Cloud Security Vulnerability Assessment Unified Threat Management Software-Defined Security DETECTPROTECTRESPOND
  13. 13. #RSAC 13 Threat Modeling Source: Lockheed Martin
  14. 14. #RSAC Current Network Architecture 14 HQ & Branches Corp Data Centers MPLS Internet BU Data Centers, Co-Los BU Sites WAF Cloud Wireless Wireless SIEM Email DLP NBA NGFW Core Security Rev. Proxy/LB Proxy VPN Customers Teleworkers Mobile Users
  15. 15. #RSAC Future State Network Architecture 15 HQ & Branches Corp D/C Hybrid WAN BU D/COther Sites WAF Email DLP IDPS Core Security Proxy VPN Customers Teleworkers Mobile Users NAC APT NGFW CASB Hybrid WAN Internet Internet Improved Segmentation Secure Wired Secure Wireless Rogue AP Detection Controls SSL Intercept SIEM Controls ControlsControls
  16. 16. #RSAC Architecture & Roadmap 16 Years FY16 FY17 FY18 FY19 WAF IPDS Wireless IDPS Public Cloud Network Secure Cloud Exchange Guest Wireless NAC Home VPN NAC Segmentation APT NetSec Policy Management SSL Interception Secure Hybrid WAN NAC Network Pen Testing Unified Threat Management Threat Deception DDOS & DNS Protection Software Defined Perimeter Mobile Users Home Office Corporate BUs DCs/Retails Data Centers Proxy Intrusion Detection Network Access Control Data Loss Prevention VPN SSL Inspect Advanced Threat Analytics SIEM SSL Inspect MPLS/ Broadband Hybrid WAN Broadband VPN Identity & Access Cloud Access Security Broker (CASB) Broadband Illustrative
  17. 17. #RSAC Cybersecurity Roadmap Development Process IAM Example 17 Current StateCapabilities Gap Analysis Roadmap Risk Analysis Threat Analysis Maturity Analysis Future StateKey Trends IAM Workflow and Approval Management Access Request Management Password Management User Self Service PROTECTDETECT Monitoring, Audit & Compliance Monitoring User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection Access Recertification Audit, Logging, Reporting Identity Management Cloud/On Premises Provisioning Identity Proofing Privileged Access Management Access Management Web Access Management / SSO Cloud / Federated SSO Authentication Authorization Risk-Based Adaptive Access Mobile SSO Passwordless / MFA Identity Data Services Identity Data Storage Virtual Directory Services (VDS) Meta Directory Data Synchronization / Replication Graph Data Services API Security Overall Security Architecture Initiatives Illustrative
  18. 18. #RSAC 18 IAM Technology Roadmap Years FY16 FY17 FY18 FY19 Oauth 2.0Risk Based Access Control IDAAS ID Proofing Services Open ID Connect Protect Business Risk High Medium Low Unknown UAR UBA Federated ID Mgt. MFA PAM Biometric Authentication High Assurance IDP SCIM Mobile SSO SOD Controls API Gateway IGA FHIR Security Monitoring Dashboard Role Lifecycle Mgt. Virtual Directory BYOID UMA ID Lifecycle mgt. Graph Directory Block Chain Technology Illustrative
  19. 19. #RSAC 19 Cybersecurity Framework Domain Mapping Cybersecurity Framework Network IAM Endpoint App/ Data Monitor Identify Protect Detect Respond Recover Observations • Sufficient coverage for endpoint • Network domain lacks detection controls • Overall lack of detection controls • Monitoring capability exist mainly in the Protect Rating Scale Description Fully Meet Usually Meet Partially Meet Rarely Meet Does Not Meet Illustrative
  20. 20. #RSAC • Multi-factor • UEBA • Cloud IDaaS • User Managed Access • Identity Governance • User Access Review • Federation • Virtual Directory Other Domains 20 Key Initiatives • Intrusion Detection & Prevention • Network Segmentation • Wireless Detection • Cloud Access Security Broker • Network Access Control • Network Security Monitoring • Threat Deception • DDOS • Multi-factor • UEBA • Cloud IDaaS • User Managed Access • Identity Governance • User Access Review • Federation • Virtual Directory Security Analytics Adaptive Authentication (IAM) Advanced Detection Malware protection system Threat Intelligence Advanced Endpoint Protection & Detection Cloud Security Application Security IAM Network Respond Protect Detect
  21. 21. #RSAC Core Solutions Architecture 21 Network App/Data IAM Endpoint Monitoring/Analytics Illustrative
  22. 22. #RSAC “Apply” Slide 22 Next week you should: Begin needs assessment Begin collecting current security controls, tools, and products In the first three months following this presentation you should: Tailor cybersecurity framework, architecture domains, and assessment process Begin documenting current capabilities and gaps Within six months you should: Complete the current capability assessment Begin developing future-state architecture and roadmap