Click here to load reader

CYBERSECURITY ROADMAP: GLOBAL HEALTHCARE ... Unified Threat Management Software-Defined Security T T D. 13 THREAT MODELING Source: Lockheed Martin. CURRENT NETWORK ARCHITECTURE 14

  • View
    3

  • Download
    0

Embed Size (px)

Text of CYBERSECURITY ROADMAP: GLOBAL HEALTHCARE ... Unified Threat Management Software-Defined Security T T...

  • CYBERSECURITY ROADMAP: GLOBAL HEALTHCARE SECURITY ARCHITECTURE

    Nick H. Yoo

  • No affiliation to any vendor products

    No vendor endorsements

    Products represented here are just examples

    References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies

    DISCLOSURE

  • HEALTHCARE IT CHALLENGES

    3

    Healthcare Industry is Increasingly Difficult to Protect

    & Is becoming a Rich Target

    Patients and Consumers Payers

    Product

    Innovation

    Pharmacies

    Hospitals

    Labs

    Physician

    Practices

    Industry Certifications

    Operations

    And Support

    Product

    Development

    Regulators

    and legal

    Cybersecurity

    Public Cloud

    Ransomware

    Mobile & IoT Big Data

    24/7

    Always On

    Web Trust

    Healthcare IT

    Compliance

  • CYBERSECURITY JOURNEY

    4

    Compliance-

    Driven

    Solutions-

    Driven

    Vulnerability-

    Driven

    Threat

    Modeling &

    Detection-

    Focused

    “Perimeter

    Security” “Layered

    Security”

    “”Identity as

    New Perimeter”

  • SECURITY TECHNOLOGY LANDSCAPE

    5

    Network App/Data IAM Endpoint Msg & Collaboration

    Monitoring

  • TECHNOLOGY OVERVIEW

    6

    Total # of Vendors70

    Most # of Products by Domain: IAM20

    130 Total # of Products

    Least # of Products by Domain: Monitoring, Analytics & Audit8 Approximate # of Products: EOL, Obsolete in 12 – 24 Month30

    Most # of Capabilities covered by one Vendor10

    Total # of Capabilities covered by Product160

  • THREAT LANDSCAPE

    7 Source: Verizon Data Breach Report

  • NIST CYBERSECURITY FRAMEWORK

    8

    Recovery Planning Improvements Communications

    Asset Management Business Environment Governance

    Risk Assessment Risk Management Strategy

    Anomalies and Events Security Continuous Monitoring

    Detection Processes

    Access Control Awareness and Training Data Security

    Information Protection Process & Procedures

    Maintenance Protective Technology

    Protect

    Identify

    Recover

    Response Planning Communications Analysis

    Mitigation Improvements

    Detect

    Respond

  • CYBERSECURITY ARCHITECTURE FRAMEWORK

    9

    Protect

    Identify

    Recover

    Detect

    Respond

    Monitoring, Audit, Analytics

    App/Data

    Endpoint

    IAM

    Network

    Integrated

    Solutions

    Continuous

    Feed

    Architecture

    Domains

  • ARCHITECTURE DEVELOPMENT APPROACH

    10

    Current

    Capabilities Current State

    Direction

    Gap

    Analysis

    Projects &

    Initiatives Business

    Vision & Needs

    Key Trends &

    Emerging

    Technologies

    Regulatory

    Compliance

    Requirements

    Guiding Principles Architecture

    Framework

    Architecture

    Vision

    Future-State &

    Roadmap

    Policies,

    Standards, &

    Guidelines Threat

    & Risk

    Emphasis

    Foundational

    Security

    Controls

  • • From blocking and detecting attacks to detecting and responding to attacks

    • Rapid breach detection using endpoint threat detection and remediation tools

    • Aggressive segmentation of the network

    • Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification

    • Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized.

    • Use and contribute to shared threat intelligence and fraud exchange services.

    11

    KEY TRENDS

    Source: Gartner

  • CYBERSECURITY ROADMAP DEVELOPMENT PROCESS NETWORK EXAMPLE

    12

    Current StateCapabilities Gap Analysis

    Roadmap

    Risk Analysis

    Threat Analysis

    Maturity Analysis

    Future StateKey Trends

    Overall

    Security

    Architecture

    Initiatives

    Network

    SSL/IPSEC VPN

    Network Intrusion Prevention

    DNS, DHCP, and IPAM Security

    Firewall/Next Gen

    Secure Web Gateway

    Network Access Control

    Web Application Firewall

    SIEM

    DDOS Protection

    Advanced Persistent Threats

    Data Loss Prevention

    Network Behavior Anomaly Detection

    Network Policy Management

    Network Sandboxing

    Wireless IPS

    Network Segmentation

    SSL Inspection

    Threat and Network Deception

    Threat Intelligence

    Network Forensic

    Network Pen Testing

    Reverse Proxy Services and LBPhysical and virtual DMZ

    Public Cloud Security

    Vulnerability Assessment

    Unified Threat Management

    Software-Defined Security

    D E

    T E

    C T

    P R

    O T

    E C

    T R

    E S

    P O

    N D

  • 13

    THREAT MODELING

    Source: Lockheed Martin

  • CURRENT NETWORK ARCHITECTURE

    14

    HQ &

    Branches

    Corp Data Centers

    MPLS

    Internet

    BU

    Data Centers,

    Co-Los

    BU

    Sites

    WAF

    Cloud

    Wireless

    Wireless

    SIEM

    Email

    DLP

    NBA

    NGFW

    Core

    Security

    Rev.

    Proxy/LB

    Proxy

    VPN

    Customers

    Teleworkers

    Mobile

    Users

  • FUTURE STATE NETWORK ARCHITECTURE

    15

    HQ &

    Branches

    Corp D/C

    Hybrid

    WAN BU D/COther

    Sites

    WAF

    Email

    DLP

    IDPS

    Core

    Security

    Proxy

    VPN

    Customers

    Teleworkers

    Mobile

    Users

    NAC

    APT

    NGFW CASB

    Hybrid

    WAN

    Internet

    Internet

    Improved

    Segmentation

    Secure Wired

    Secure Wireless

    Rogue AP Detection

    Controls

    SSL Intercept

    SIEM

    Controls

    ControlsControls

  • ARCHITECTURE & ROADMAP

    16

    Years

    FY16

    FY17

    FY18

    FY19

    WAF

    IPDS

    Wireless IDPS

    Public Cloud

    Network

    Secure Cloud Exchange

    Guest Wireless NAC

    Home VPN NAC

    Segmentation

    APT

    NetSec Policy

    Management

    SSL Interception

    Secure Hybrid WAN

    NAC

    Network Pen Testing

    Unified Threat

    Management

    Threat

    Deception

    DDOS & DNS Protection

    Software Defined

    Perimeter

    Mobile

    Users

    Home

    Office

    Corporate

    BUs

    DCs/Retails

    Data Centers

    Proxy

    Intrusion

    Detection

    Network Access

    Control

    Data Loss

    Prevention

    VPN

    SSL Inspect

    Advanced

    Threat

    Analytics

    SIEM

    SSL Inspect

    MPLS/

    Broadband

    Hybrid

    WAN

    Broadband

    VPN

    Identity &

    Access

    Cloud Access

    Security Broker

    (CASB)

    Broadband

    Illustrative

  • CYBERSECURITY ROADMAP DEVELOPMENT PROCESS IAM EXAMPLE

    17

    Current StateCapabilities Gap Analysis

    Roadmap

    Risk Analysis

    Threat Analysis

    Maturity Analysis

    Future StateKey Trends

    IAM

    Workflow and Approval Management

    Access Request Management

    Password Management

    User Self Service

    P R

    O T

    E C

    T D

    E T

    E C

    T

    Monitoring, Audit & Compliance

    Monitoring

    User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection

    Access Recertification Audit, Logging, Reporting

    Identity Management

    Cloud/On Premises Provisioning

    Identity Proofing

    Privileged Access Management

    Access Management

    Web Access Management / SSO

    Cloud / Federated SSO

    Authentication

    Authorization

    Risk-Based Adaptive Access

    Mobile SSO

    Passwordless / MFA

    Identity Data Services

    Identity Data Storage

    Virtual Directory Services (VDS)

    Meta Directory

    Data Synchronization / Replication

    Graph Data Services

    API Security

    Overall

    Security

    Architecture

    Initiatives

    Illustrative

  • 18

    IAM TECHNOLOGY ROADMAP Years

    FY16

    FY17

    FY18

    FY19

    Oauth 2.0Risk Based

    Access Control

    IDAAS

    ID Proofing

    Services

    Open ID Connect

    Protect

    Business Risk

    High Medium Low Unknown

    UAR

    UBA

    Federated ID Mgt.

    MFA

    PA

Search related