CYBERSECURITY ROADMAP: GLOBAL HEALTHCARE
SECURITY ARCHITECTURE
Nick H. Yoo
No affiliation to any vendor products
No vendor endorsements
Products represented here are just examples
References to any gaps, product information, and roadmaps are mainly for illustrative purposes and
do not represent any specific companies
DISCLOSURE
HEALTHCARE IT CHALLENGES
3
Healthcare Industry is
Increasingly Difficult to Protect
&
Is becoming a Rich Target
Patients and Consumers
Payers
Product
Innovation
Pharmacies
Hospitals
Labs
Physician
Practices
Industry Certifications
Operations
And Support
Product
Development
Regulators
and legal
Cybersecurity
Public Cloud
Ransomware
Mobile & IoT Big Data
24/7
Always On
Web Trust
Healthcare
IT
Compliance
CYBERSECURITY JOURNEY
4
Compliance-
Driven
Solutions-
Driven
Vulnerability-
Driven
Threat
Modeling &
Detection-
Focused
“Perimeter
Security”
“Layered
Security”
“”Identity as
New Perimeter”
SECURITY TECHNOLOGY LANDSCAPE
5
Network App/Data IAM Endpoint Msg &
Collaboration
Monitoring
TECHNOLOGY OVERVIEW
6
Total # of Vendors70
Most # of Products by Domain: IAM20
130 Total # of Products
Least # of Products by Domain: Monitoring, Analytics & Audit8
Approximate # of Products: EOL, Obsolete in 12 – 24 Month30
Most # of Capabilities covered by one Vendor10
Total # of Capabilities covered by Product160
THREAT LANDSCAPE
7
Source: Verizon Data Breach Report
NIST CYBERSECURITY FRAMEWORK
8
Recovery Planning Improvements Communications
Asset Management Business Environment Governance
Risk Assessment Risk Management Strategy
Anomalies and Events Security Continuous Monitoring
Detection Processes
Access Control Awareness and Training Data Security
Information Protection Process & Procedures
Maintenance Protective Technology
Protect
Identify
Recover
Response Planning Communications Analysis
Mitigation Improvements
Detect
Respond
CYBERSECURITY ARCHITECTURE FRAMEWORK
9
Protect
Identify
Recover
Detect
Respond
Monitoring,
Audit, Analytics
App/Data
Endpoint
IAM
Network
Integrated
Solutions
Continuous
Feed
Architecture
Domains
ARCHITECTURE DEVELOPMENT APPROACH
10
Current
Capabilities
Current State
Direction
Gap
Analysis
Projects &
Initiatives
Business
Vision & Needs
Key Trends &
Emerging
Technologies
Regulatory
Compliance
Requirements
Guiding Principles
Architecture
Framework
Architecture
Vision
Future-State &
Roadmap
Policies,
Standards, &
Guidelines
Threat
& Risk
Emphasis
Foundational
Security
Controls
• From blocking and detecting attacks to detecting and responding to attacks
• Rapid breach detection using endpoint threat detection and remediation tools
• Aggressive segmentation of the network
• Spot abnormal user and session behavior by conducting continuous monitoring,
behavioral analytics and identity verification
• Use big data analytics of transactions, security events and contextual information to gain
faster and smarter correlation of security incidents so they can be rapidly prioritized.
• Use and contribute to shared threat intelligence and fraud exchange services.
11
KEY TRENDS
Source: Gartner
CYBERSECURITY ROADMAP DEVELOPMENT PROCESS
NETWORK EXAMPLE
12
Current StateCapabilities Gap Analysis
Roadmap
Risk Analysis
Threat Analysis
Maturity Analysis
Future StateKey Trends
Overall
Security
Architecture
Initiatives
Network
SSL/IPSEC VPN
Network Intrusion Prevention
DNS, DHCP, and IPAM Security
Firewall/Next Gen
Secure Web Gateway
Network Access Control
Web Application Firewall
SIEM
DDOS Protection
Advanced Persistent Threats
Data Loss Prevention
Network Behavior Anomaly Detection
Network Policy Management
Network Sandboxing
Wireless IPS
Network Segmentation
SSL Inspection
Threat and Network Deception
Threat Intelligence
Network Forensic
Network Pen Testing
Reverse Proxy Services and LBPhysical and virtual DMZ
Public Cloud Security
Vulnerability Assessment
Unified Threat Management
Software-Defined Security
D
E
T
E
C
T
P
R
O
T
E
C
T
R
E
S
P
O
N
D
13
THREAT MODELING
Source: Lockheed Martin
CURRENT NETWORK ARCHITECTURE
14
HQ &
Branches
Corp Data Centers
MPLS
Internet
BU
Data Centers,
Co-Los
BU
Sites
WAF
Cloud
Wireless
Wireless
SIEM
Email
DLP
NBA
NGFW
Core
Security
Rev.
Proxy/LB
Proxy
VPN
Customers
Teleworkers
Mobile
Users
FUTURE STATE NETWORK ARCHITECTURE
15
HQ &
Branches
Corp D/C
Hybrid
WAN
BU D/COther
Sites
WAF
Email
DLP
IDPS
Core
Security
Proxy
VPN
Customers
Teleworkers
Mobile
Users
NAC
APT
NGFW CASB
Hybrid
WAN
Internet
Internet
Improved
Segmentation
Secure Wired
Secure Wireless
Rogue AP Detection
Controls
SSL Intercept
SIEM
Controls
ControlsControls
ARCHITECTURE & ROADMAP
16
Years
FY16
FY17
FY18
FY19
WAF
IPDS
Wireless IDPS
Public Cloud
Network
Secure Cloud Exchange
Guest Wireless NAC
Home VPN NAC
Segmentation
APT
NetSec Policy
Management
SSL Interception
Secure Hybrid WAN
NAC
Network Pen Testing
Unified Threat
Management
Threat
Deception
DDOS & DNS Protection
Software Defined
Perimeter
Mobile
Users
Home
Office
Corporate
BUs
DCs/Retails
Data Centers
Proxy
Intrusion
Detection
Network Access
Control
Data Loss
Prevention
VPN
SSL Inspect
Advanced
Threat
Analytics
SIEM
SSL Inspect
MPLS/
Broadband
Hybrid
WAN
Broadband
VPN
Identity &
Access
Cloud Access
Security Broker
(CASB)
Broadband
Illustrative
CYBERSECURITY ROADMAP DEVELOPMENT PROCESS
IAM EXAMPLE
17
Current StateCapabilities Gap Analysis
Roadmap
Risk Analysis
Threat Analysis
Maturity Analysis
Future StateKey Trends
IAM
Workflow and Approval Management
Access Request Management
Password Management
User Self Service
P
R
O
T
E
C
T
D
E
T
E
C
T
Monitoring, Audit & Compliance
Monitoring
User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection
Access Recertification Audit, Logging, Reporting
Identity Management
Cloud/On Premises Provisioning
Identity Proofing
Privileged Access Management
Access Management
Web Access Management / SSO
Cloud / Federated SSO
Authentication
Authorization
Risk-Based Adaptive Access
Mobile SSO
Passwordless / MFA
Identity Data Services
Identity Data Storage
Virtual Directory Services (VDS)
Meta Directory
Data Synchronization / Replication
Graph Data Services
API Security
Overall
Security
Architecture
Initiatives
Illustrative
18
IAM TECHNOLOGY ROADMAP
Years
FY16
FY17
FY18
FY19
Oauth 2.0Risk Based
Access Control
IDAAS
ID Proofing
Services
Open ID Connect
Protect
Business Risk
High Medium Low Unknown
UAR
UBA
Federated ID Mgt.
MFA
PA
![Threat Intelligence: Shrinking the Cybersecurity Data ... [4] White Paper Threat Intelligence: The Missing](https://img.pdfslide.us/doc/110x75/5f0268507e708231d4042072/threat-intelligence-shrinking-the-cybersecurity-data-4-white-paper-threat.jpg?t=1653590310)