Successfully reported this slideshow.
Your SlideShare is downloading. ×

How to Determine Your Attack Surface in the Healthcare Sector

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 25 Ad

How to Determine Your Attack Surface in the Healthcare Sector

Download to read offline

Do you know what an asset inventory is, why it's important, and how it can protect you from cybersecurity vulnerabilities?

In this webinar, you can expect to learn:
- How to prepare yourself and your staff against cybersecurity threats
- What an asset inventory is and why it's the next big thing in information security
- How to identify all your company's Internet-connected assets and which need to be defended
- Why keeping an up-to-date asset inventory is important
- How to obtain your own attack surface map

Do you know what an asset inventory is, why it's important, and how it can protect you from cybersecurity vulnerabilities?

In this webinar, you can expect to learn:
- How to prepare yourself and your staff against cybersecurity threats
- What an asset inventory is and why it's the next big thing in information security
- How to identify all your company's Internet-connected assets and which need to be defended
- Why keeping an up-to-date asset inventory is important
- How to obtain your own attack surface map

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to How to Determine Your Attack Surface in the Healthcare Sector (20)

Advertisement

More from Jeremiah Grossman (20)

Advertisement

How to Determine Your Attack Surface in the Healthcare Sector

  1. 1. HOW TO DETERMINE YOUR ATTACK SURFACE IN THE HEALTHCARE SECTOR JANUARY 14, 2021 BIT DISCOVERY
  2. 2. BIT DISCOVERY Attack Surface Management that discovers, learns, and (finally) lets you secure everything. Secure everything.
  3. 3. •CEO, Bit Discovery •20 years in Information Security •Founder of WhiteHat Security •Black Belt in Brazilian Jiu-Jitsu JEREMIAH GROSSMAN
  4. 4. ASSET ATTACK SURFACE From the network perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset. • a domain name, subdomain, or IP addresses and/or combination thereof, for a device connected to the Internet or internal network. • (an asset) may include, but not limited to, web servers, name servers, IoT devices, or network printers.
  5. 5. •Shadow Asset: The specific asset, as defined by a hostname/IP-address, that’s unknown or uncontrolled by the organization. •Shadow Service: Unknown or uncontrolled services (i.e., open ports) that are actively listening on an asset. •Shadow Software: Unknown or uncontrolled software stack information (i.e., list of installed software and versions) of a listening service on an asset. SHADOWS WITHIN SHADOW-IT
  6. 6. IMPORTANCE ATTACK SURFACE MANAGEMENT BIT DISCOVERY
  7. 7. Bit Discovery 2020 FEDERAL TRADE COMMISSION, Plaintiff, v. EQUIFAX INC., Defendant.
  8. 8. Bit Discovery 2020 USE-CASES ATTACK SURFACE MANAGEMENT • Vulnerability & Patch Management • Third-Party Risk Management • Mergers & Acquisition • Cyber-Insurance • Policy & Compliance • Security Ratings • Incident Response • Sales & Marketing Enablement • Investments
  9. 9. YOU CAN ONLY SECURE WHAT YOU KNOW YOU OWN. BIT DISCOVERY
  10. 10. •Collect a list all registered IP-ranges and domain names: Most organizations will not have a ready up-to-date list. •Find and scan all subdomains: Assets located on-premise, in the cloud, hosted applications, labelled under of subsidiaries, physically located across distributed data centers, and across non-contiguous IP-ranges. •Collect all meta-data for every asset: software stack, version info, TLS cert info, programming language, open ports, IP geo-location, hosting provider, CDN, etc. •Maintain an up-to-date attack surface map: The asset data for most organizations change between 1-5% monthly. THE ATTACK SURFACE
  11. 11. ABOUT BIT DISCOVERY BIT DISCOVERY’S DATA
  12. 12. Bit Discovery 2020 INTERNET “COPY” OF THE • Generated by Bit Discovery and 400 data sources. • WHOIS databases, domain names, ASN, ports, service banners, technology stack, website index page(s), full TLS certificate info, email addresses, password dumps, etc. • Each asset has potentially 115 unique data points. • Each data point updated daily-to-monthly. • Hundreds of snapshots collected over 5 years. Largest Data-Set Of It’s Kind *missing ~30% of the Internet* 4.5 BILLION DNS ENTRIES 200+ INTERNET SNAPSHOTS 515 DATA SOURCES 115 DATA COLUMNS 150 YEARS OF CPU TIME
  13. 13. BIT DISCOVERY HOSPITALS & HEALTH ATTACK SURFACE MAP ANALYSIS
  14. 14. The total number of Internet-connected assets. TOTAL ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10,000 20,000 30,000 40,000 2,839 237 39,956 38 1,752 18 36,639 479 25 22 44 5,293 77 80 22,972 1,010 2,271 795 172
  15. 15. The total number of registered domain names. DOMAIN NAMES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 350 700 1,050 1,400 93 3 1,400 2 53 1 444 44 1 2 3 312 5 2 8 37 128 30 6
  16. 16. The percentage of cloud-hosted assets including Amazon Web Services, Microsoft Azure, Google App Engine, and others. CLOUD ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 13 25 38 50 14.76 19.41 26.66 7.89 5.31 11.11 20.70 11.69 0.00 0.00 0.00 46.91 0.00 0.00 0.06 1.19 6.16 3.52 1.74
  17. 17. The percentage of Internet-accessible assets served by a well-known Content Delivery Network including Akamai, Cloudflare, and Fastly. CDN ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 0 0 3 24 0 0 0 0 24 0 0 0 0 0 0 4 1 0 0
  18. 18. The number of unique Certificate Authorities seen across the Internet- accessible assets. CERTIFICATE AUTHORITIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10 20 30 40 22 4 39 3 18 2 26 12 1 2 2 37 3 6 5 10 29 9 5
  19. 19. The number of expired TLS Certificates seen across the Internet- accessible assets. EXPIRED TLS CERTS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 50 100 150 200 77 3 110 0 16 0 110 2 0 0 0 196 0 0 0 21 90 9 5
  20. 20. The number of countries hosting Internet-accessible assets. COUNTRIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 4 7 11 14 4 6 14 1 5 1 12 6 2 1 1 8 1 1 3 4 9 3 2
  21. 21. The number of Internet-connected assets where the hostname resolves to non-route-able RFC-1918 internal IP-addresses. PRIVATE IP-SPACE SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 10 0 8 0 2 0 1 0 0 0 0 1 0 0 0 27 8 0 0
  22. 22. Extremely popular free and open-source CMS. Wordpress assets scanned with WPScan, which includes vulnerabilities in plug-ins. WORDPRESS VULNS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 45 90 135 180 21 0 172 0 0 0 65 0 0 0 57 0 0 0 0 1 0 0 0
  23. 23. 2021 SECURITY GUIDANCE
  24. 24. Every security program must begin with an attack surface map. Jeremiah Grossman CEO, Bit Discovery • Attack Surface Map • Multi-factor Authentication • Email Security • Routine Backups • Wire Transfer Verification • Password Management
  25. 25. BIT DISCOVERY

×