Prevent Cyber Attacks: Automate Your Threat Intel€¦ · • Threat Intelligence Gateways (TIGs)...
Transcript of Prevent Cyber Attacks: Automate Your Threat Intel€¦ · • Threat Intelligence Gateways (TIGs)...
1 |
Prevent Cyber Attacks:Automate Your Threat Intel
Todd Weller - Chief Strategy Officer
2 |
AGENDA
• Quick look at Healthcare cyber trends
• Why threat intelligence is becoming more critical for healthcare organizations
• How Threat Intelligence Gateway (TIG) technology can help healthcare organizations of all sizes use, automate and take action with threat intelligence
3 |
HEALTHCARE REMAINS A TARGET
284 # of breaches reported on DHS Breach Portal in 2018
27 # of breaches reported YTD 2019
4 |
IT’S NO LONGER JUST ABOUT HEALTH RECORDS
5 |
HEALTHCARE CYBER RISKS
• Data theft
• Fraud
• Business availability
• Patient safety
• Reputation
• IP theft
6 |
SHIFTING FOCUS FROM COMPLIANCE TO SECURITY
COMPLIANCE-CENTRIC
SECURITY-CENTRIC
7 |
CYBERSECURITY FRAMEWORKS MORE IMPORTANT
NIST Cybersecurity Framework
SECURITY HAS SCALE PROBLEMS
SPANNING MULTIPLE DIMENSIONS
THREAT VOLUMES
85,000 New Malicious IPs
Launched Every Day
8 Million Spam
and Phishing
Attacks Daily
30-50 Million
Malicious Domains
At Any Moment
Source: Webroot, DomainTools, IBM X-Force
• FIND
• KEEP
• SCALE
23% 25%
46% 45%
51%
2014 2015 2016 2017 2018
% WITH PROBLEMATIC SHORTAGE OF SECURITY SKILLS
YOU’RE NOT ALONE &
YOU CAN’T DO IT ALONE
12 |
THREAT INTELLIGENCE BECOMING CRITICAL
A REQUIREDCOMPONENTOF CYBERDEFENSE
13 |
THREAT INTELLIGENCE BECOMING CRITICAL
Elite security organizations with dedicated threat intelligence efforts
4.2 # of commercial threat feeds enterprise organizations subscribe to
Source: Forrester Research
14 |
THREAT INTELLIGENCE BECOMING CRITICAL
“Requirements for how MSSPs leverage threat intelligence, and what premium threat intelligence
services are available, appear on Gartner clients' RFPs with increasing frequency.”
15 |
THREAT INTELLIGENCE CHALLENGES
REQUIRES
SIGNIFICANT RESOURCES TOACCESS | AGGREGATE | AUTOMATE | ACT
OPERATIONALIZING & TAKING ACTION WITH TI IS HARD
16 |
NEXT GEN FIREWALLSSIGNIFICANT THIRD PARTY TI LIMITATIONS
Third-Party TIIndicators in NGFW
Bandura TIG TIIndicator Capacity
< 300,000
100,000,000
17 |
TI FOCUS TOO REACTIVE VS PROACTIVE
• Most common use case - TI integrated into SIEM to enhance detection and provide context for investigations
• TI needs to be used in a proactive manner to prevent threats
• NGFW limitations are an inhibiter to taking action with TI at the scale required to protect today’s networks
18 |
THE EMERGENCE OF THREAT INTELLIGENCE GATEWAYS
A NETWORK SECURITY SOLUTION THAT FILTERS TRAFFIC BASED ON LARGE VOLUMES OF THREAT INTELLIGENCE INDICATORS
TIG
20 |
B ACTIONABLE INTELLIGENCE & ABILITY TO TAKE (AND AUTOMATE) ACTION
Act• Block known threats & unwanted traffic
• Detect threats & alert
• Respond to threat indicators from SIEMs, TIPs,
and other systems
Access• Millions of “out of the box” threat indicators
• Multiple sources – commercial, open source, industry, &
government
• Multiple types – reputation feeds, blacklists, country IPs,
organization IPs
Aggregate• Multiple threat feeds consolidated into a single feed
• Open platform that can easily integrate TI via standards like
STIX/TAXII
• Analytics applied for enhanced intelligence
Automate• Threat feeds dynamically updated in real time
• Policies automatically applied
• No updating firewall rules or ACLs
21 |
TIGS MOST COMMONLY DEPLOYED AHEAD OF THE FIREWALL
Firewall
THE
WORLD
22 |
THE PROBLEMS TIGS SOLVE
• MAKING TI CONSUMABLE FOR ALL COMPANIES with a comprehensive, turnkey solution that’s easy & affordable
• TAKING ACTION with TI at scale in an easy and automated way
• REDUCING THE MANUAL WORKLOAD of managing multiple threat feeds & operationalizing threat intelligence
• INCREASING FIREWALL EFFICIENCY by using TI to block known threats enabling more efficient use of DPI processor cycles
TIG Use Cases
24 |
USE CASE: OPERATIONALIZING THREAT INTELLIGENCE
Problem
• Sophisticated security operation actively using TI
• Lack the ability to put TI to work to protect their network
Solution
• Use TIG to increase network visibility by filtering traffic against large volumes of threat indicators
• Proactively blocking network threats using threat intelligence ahead of the firewall
Example: Health Insurer
• Uses Anomali ThreatStream for TI
• Limited ability to integrate threat indicators into NGFW
• Using TIG to detect and block threats from Anomali
26 |
USE CASE: THREAT INTELLIGENCE PROTECTION
Problem
Organization needs TI but accessing and managing TI is a significant challenge due to resource constraints ($, staff)
Solution
TIG provides significant TI-driven protection “out of the box” in an easy to consume, automated, and affordable form factor
27 |
Example: State
Bank
Deploying TIGs in
front of Fortinet
firewalls at seven
locations
Example: Regional Hospital
Deploying TIGs as another layer of protection“I have seen it block 18,000 to as high as 38,000
connection attempts from countries that have no business connecting to our network.”
- Regional Hospital CIO
28 |
TIG BENEFITS
• Improve security posture & reduce risk by more effectively blocking known threats & unwanted traffic
• Reduce alert noise from firewalls & SIEMs
• Reduce staff burden through fewer alerts and less manual work
• Better align with compliance and security frameworks (NIST, HICP, HITRUST)
• Increase ROI of existing security investments
• Improved firewall performance• Increase ROI on threat intelligence investments
DEFENSE-IN-DEPTHTIGs ARE PART OF THE
SECURITY ECOSYSTEM
30 |
TIGS Complement Existing Security Tools
• Next Generation Firewalls (NGFW) & Unified Threat Management (UTM)
• Secure DNS
• SOC Solutions (SIEMs, Threat Intelligence Platforms (TIPs), Security Orchestration & Automated Response (SOAR)
31 |
SUMMARY
• Healthcare continues to be a cyber target and the risks extend beyond sensitive data
• Industry is evolving from a compliance-centric focus to a security-centric focus with cybersecurity frameworks becoming more important
• Threat intelligence and information sharing is becoming more critical
• Threat Intelligence Gateways (TIGs) are a technology that can help healthcare organizations of all sizes Access, Aggregate, Automate, and Take Action with Threat Intelligence
• TIG benefits extend beyond improved protection and reduced risk and include improving the efficiencies of existing resources (staff and security tools)
32 |
THANK YOU! QUESTIONS?
Todd Weller
Chief Strategy Officer
Bandura Cyber
BanduraCyber.com https://banduracyber.com/healthcare/
https://banduracyber.com/resources/hicp-voluntary-guidelines-advance-healthcare-cybersecurity/