1 |

Prevent Cyber Attacks:Automate Your Threat Intel

Todd Weller - Chief Strategy Officer

2 |

AGENDA

• Quick look at Healthcare cyber trends

• Why threat intelligence is becoming more critical for healthcare organizations

• How Threat Intelligence Gateway (TIG) technology can help healthcare organizations of all sizes use, automate and take action with threat intelligence

3 |

HEALTHCARE REMAINS A TARGET

284 # of breaches reported on DHS Breach Portal in 2018

27 # of breaches reported YTD 2019

4 |

IT’S NO LONGER JUST ABOUT HEALTH RECORDS

5 |

HEALTHCARE CYBER RISKS

• Data theft

• Fraud

• Business availability

• Patient safety

• Reputation

• IP theft

6 |

SHIFTING FOCUS FROM COMPLIANCE TO SECURITY

COMPLIANCE-CENTRIC

SECURITY-CENTRIC

7 |

CYBERSECURITY FRAMEWORKS MORE IMPORTANT

NIST Cybersecurity Framework

SECURITY HAS SCALE PROBLEMS

SPANNING MULTIPLE DIMENSIONS

THREAT VOLUMES

85,000 New Malicious IPs

Launched Every Day

8 Million Spam

and Phishing

Attacks Daily

30-50 Million

Malicious Domains

At Any Moment

Source: Webroot, DomainTools, IBM X-Force

• FIND

• KEEP

• SCALE

23% 25%

46% 45%

51%

2014 2015 2016 2017 2018

% WITH PROBLEMATIC SHORTAGE OF SECURITY SKILLS

YOU’RE NOT ALONE &

YOU CAN’T DO IT ALONE

12 |

THREAT INTELLIGENCE BECOMING CRITICAL

A REQUIREDCOMPONENTOF CYBERDEFENSE

13 |

THREAT INTELLIGENCE BECOMING CRITICAL

Elite security organizations with dedicated threat intelligence efforts

4.2 # of commercial threat feeds enterprise organizations subscribe to

Source: Forrester Research

14 |

THREAT INTELLIGENCE BECOMING CRITICAL

“Requirements for how MSSPs leverage threat intelligence, and what premium threat intelligence

services are available, appear on Gartner clients' RFPs with increasing frequency.”

15 |

THREAT INTELLIGENCE CHALLENGES

REQUIRES

SIGNIFICANT RESOURCES TOACCESS | AGGREGATE | AUTOMATE | ACT

OPERATIONALIZING & TAKING ACTION WITH TI IS HARD

16 |

NEXT GEN FIREWALLSSIGNIFICANT THIRD PARTY TI LIMITATIONS

Third-Party TIIndicators in NGFW

Bandura TIG TIIndicator Capacity

< 300,000

100,000,000

17 |

TI FOCUS TOO REACTIVE VS PROACTIVE

• Most common use case - TI integrated into SIEM to enhance detection and provide context for investigations

• TI needs to be used in a proactive manner to prevent threats

• NGFW limitations are an inhibiter to taking action with TI at the scale required to protect today’s networks

18 |

THE EMERGENCE OF THREAT INTELLIGENCE GATEWAYS

A NETWORK SECURITY SOLUTION THAT FILTERS TRAFFIC BASED ON LARGE VOLUMES OF THREAT INTELLIGENCE INDICATORS

TIG

20 |

B ACTIONABLE INTELLIGENCE & ABILITY TO TAKE (AND AUTOMATE) ACTION

Act• Block known threats & unwanted traffic

• Detect threats & alert

• Respond to threat indicators from SIEMs, TIPs,

and other systems

Access• Millions of “out of the box” threat indicators

• Multiple sources – commercial, open source, industry, &

government

• Multiple types – reputation feeds, blacklists, country IPs,

organization IPs

Aggregate• Multiple threat feeds consolidated into a single feed

• Open platform that can easily integrate TI via standards like

STIX/TAXII

• Analytics applied for enhanced intelligence

Automate• Threat feeds dynamically updated in real time

• Policies automatically applied

• No updating firewall rules or ACLs

21 |

TIGS MOST COMMONLY DEPLOYED AHEAD OF THE FIREWALL

Firewall

THE

WORLD

22 |

THE PROBLEMS TIGS SOLVE

• MAKING TI CONSUMABLE FOR ALL COMPANIES with a comprehensive, turnkey solution that’s easy & affordable

• TAKING ACTION with TI at scale in an easy and automated way

• REDUCING THE MANUAL WORKLOAD of managing multiple threat feeds & operationalizing threat intelligence

• INCREASING FIREWALL EFFICIENCY by using TI to block known threats enabling more efficient use of DPI processor cycles

TIG Use Cases

24 |

USE CASE: OPERATIONALIZING THREAT INTELLIGENCE

Problem

• Sophisticated security operation actively using TI

• Lack the ability to put TI to work to protect their network

Solution

• Use TIG to increase network visibility by filtering traffic against large volumes of threat indicators

• Proactively blocking network threats using threat intelligence ahead of the firewall

Example: Health Insurer

• Uses Anomali ThreatStream for TI

• Limited ability to integrate threat indicators into NGFW

• Using TIG to detect and block threats from Anomali

26 |

USE CASE: THREAT INTELLIGENCE PROTECTION

Problem

Organization needs TI but accessing and managing TI is a significant challenge due to resource constraints ($, staff)

Solution

TIG provides significant TI-driven protection “out of the box” in an easy to consume, automated, and affordable form factor

27 |

Example: State

Bank

Deploying TIGs in

front of Fortinet

firewalls at seven

locations

Example: Regional Hospital

Deploying TIGs as another layer of protection“I have seen it block 18,000 to as high as 38,000

connection attempts from countries that have no business connecting to our network.”

- Regional Hospital CIO

28 |

TIG BENEFITS

• Improve security posture & reduce risk by more effectively blocking known threats & unwanted traffic

• Reduce alert noise from firewalls & SIEMs

• Reduce staff burden through fewer alerts and less manual work

• Better align with compliance and security frameworks (NIST, HICP, HITRUST)

• Increase ROI of existing security investments

• Improved firewall performance• Increase ROI on threat intelligence investments

DEFENSE-IN-DEPTHTIGs ARE PART OF THE

SECURITY ECOSYSTEM

30 |

TIGS Complement Existing Security Tools

• Next Generation Firewalls (NGFW) & Unified Threat Management (UTM)

• Secure DNS

• SOC Solutions (SIEMs, Threat Intelligence Platforms (TIPs), Security Orchestration & Automated Response (SOAR)

31 |

SUMMARY

• Healthcare continues to be a cyber target and the risks extend beyond sensitive data

• Industry is evolving from a compliance-centric focus to a security-centric focus with cybersecurity frameworks becoming more important

• Threat intelligence and information sharing is becoming more critical

• Threat Intelligence Gateways (TIGs) are a technology that can help healthcare organizations of all sizes Access, Aggregate, Automate, and Take Action with Threat Intelligence

• TIG benefits extend beyond improved protection and reduced risk and include improving the efficiencies of existing resources (staff and security tools)

32 |

THANK YOU! QUESTIONS?

Todd Weller

Chief Strategy Officer

Bandura Cyber

Todd.Weller@banduracyber.com

BanduraCyber.com https://banduracyber.com/healthcare/

https://banduracyber.com/resources/hicp-voluntary-guidelines-advance-healthcare-cybersecurity/