SESSION ID:SESSION ID:
#RSAC
Nick H. Yoo
Cybersecurity Roadmap: Global Healthcare Security Architecture
TECH-W02F
Chief Security Architect
#RSAC
No affiliation to any vendor products
No vendor endorsements
Products represented here are just examples
References to any gaps, product information, and roadmaps are mainly for illustrative purposes and do not represent any specific companies
Disclosure
#RSACHealthcare IT Challenges
3
Healthcare Industry is Increasingly Difficult to Protect
&Is becoming a Rich Target
Patients and ConsumersPayers
ProductInnovation
Pharmacies
Hospitals
Labs
PhysicianPractices
Industry Certifications
OperationsAnd Support
ProductDevelopment
Regulatorsand legal
Cybersecurity
Public Cloud
Ransomware
Mobile & IoT Big Data
24/7Always On
Web Trust
HealthcareIT
Compliance
#RSACCybersecurity Journey
4
Compliance-Driven
Solutions-Driven
Vulnerability-Driven
Threat Modeling & Detection-Focused
“Perimeter Security”
“Layered Security”
“”Identity as New Perimeter”
#RSACTechnology Overview
6
Total # of Vendors70Most # of Products by Domain: IAM20
130 Total # of Products
Least # of Products by Domain: Monitoring, Analytics & Audit8Approximate # of Products: EOL, Obsolete in 12 – 24 Month30
Most # of Capabilities covered by one Vendor10Total # of Capabilities covered by Product160
#RSACNIST Cybersecurity Framework
8
Recovery Planning Improvements Communications
Asset Management Business Environment GovernanceRisk Assessment Risk Management Strategy
Anomalies and Events Security Continuous MonitoringDetection Processes
Access Control Awareness and Training Data Security
Information Protection Process & Procedures
Maintenance Protective Technology
Protect
Identify
Recover
Response Planning Communications AnalysisMitigation Improvements
Detect
Respond
#RSACCybersecurity Architecture Framework
9
Protect
Identify
Recover
Detect
Respond
Monitoring,Audit, Analytics
App/Data
Endpoint
IAM
Network
IntegratedSolutions
Continuous Feed
Architecture Domains
#RSACArchitecture Development Approach
10
CurrentCapabilities Current State
Direction
GapAnalysis
Projects &Initiatives
BusinessVision & Needs
Key Trends & Emerging
Technologies
Regulatory Compliance
Requirements
Guiding PrinciplesArchitecture Framework
ArchitectureVision
Future-State & Roadmap
Policies, Standards, &
GuidelinesThreat& Risk
EmphasisFoundational
SecurityControls
#RSAC
• From blocking and detecting attacks to detecting and responding to attacks
• Rapid breach detection using endpoint threat detection and remediation tools
• Aggressive segmentation of the network
• Spot abnormal user and session behavior by conducting continuous monitoring, behavioral analytics and identity verification
• Use big data analytics of transactions, security events and contextual information to gain faster and smarter correlation of security incidents so they can be rapidly prioritized.
• Use and contribute to shared threat intelligence and fraud exchange services.
11
Key Trends
Source: Gartner
#RSACCybersecurity Roadmap Development Process Network Example
12
Current StateCapabilities Gap Analysis
Roadmap
Risk Analysis
Threat Analysis
Maturity Analysis
Future StateKey Trends
OverallSecurity
Architecture
Initiatives
Network
SSL/IPSEC VPN
Network Intrusion Prevention
DNS, DHCP, and IPAM Security
Firewall/Next Gen
Secure Web Gateway
Network Access Control
Web Application Firewall
SIEM
DDOS Protection
Advanced Persistent Threats
Data Loss Prevention
Network Behavior Anomaly Detection
Network Policy Management
Network Sandboxing
Wireless IPS
Network Segmentation
SSL Inspection
Threat and Network Deception
Threat Intelligence
Network Forensic
Network Pen Testing
Reverse Proxy Services and LBPhysical and virtual DMZ
Public Cloud Security
Vulnerability Assessment
Unified Threat Management
Software-Defined Security
DE
TE
CT
PR
OT
EC
TR
ES
PO
ND
#RSACCurrent Network Architecture
14
HQ & Branches
Corp Data Centers
MPLS
Internet
BU Data Centers,
Co-Los
BUSites
WAF
Cloud
Wireless
Wireless
SIEM
DLP
NBA
NGFW
CoreSecurity
Rev. Proxy/LB
Proxy
VPN
Customers
Teleworkers
MobileUsers
#RSACFuture State Network Architecture
15
HQ & Branches
Corp D/C
HybridWAN
BU D/COtherSites
WAF
DLP
IDPS
CoreSecurity
Proxy
VPN
Customers
Teleworkers
MobileUsers
NAC
APT
NGFW CASB
HybridWAN
Internet
InternetImprovedSegmentation
Secure WiredSecure Wireless
Rogue AP Detection
Controls
SSL Intercept
SIEMControls
ControlsControls
#RSACArchitecture & Roadmap
16
Years
FY16
FY17
FY18
FY19
WAF
IPDS
Wireless IDPS
Public CloudNetwork
Secure Cloud Exchange
Guest Wireless NAC
Home VPN NAC
Segmentation
APTNetSec PolicyManagement
SSL Interception
Secure Hybrid WAN
NAC
Network Pen TestingUnified ThreatManagement
ThreatDeception
DDOS & DNS Protection
Software DefinedPerimeter
MobileUsers
HomeOffice
Corporate
BUs
DCs/Retails
Data Centers
Proxy
IntrusionDetection
Network AccessControl
Data Loss Prevention
VPN
SSL Inspect
AdvancedThreat
Analytics
SIEM
SSL Inspect
MPLS/Broadband
Hybrid WAN
Broadband
VPN
Identity &Access
Cloud Access Security Broker
(CASB)
Broadband
Illustrative
#RSACCybersecurity Roadmap Development Process IAM Example
17
Current StateCapabilities Gap Analysis
Roadmap
Risk Analysis
Threat Analysis
Maturity Analysis
Future StateKey Trends
IAM
Workflow and Approval Management
Access Request Management
Password Management
User Self Service
PR
OT
EC
TD
ET
EC
T
Monitoring, Audit & Compliance
Monitoring
User and Entity Behavior Analytics Role Mining and ManagementSegregation of Duties Detection
Access Recertification Audit, Logging, Reporting
Identity Management
Cloud/On Premises Provisioning
Identity Proofing
Privileged Access Management
Access Management
Web Access Management / SSO
Cloud / Federated SSO
Authentication
Authorization
Risk-Based Adaptive Access
Mobile SSO
Passwordless / MFA
Identity Data Services
Identity Data Storage
Virtual Directory Services (VDS)
Meta Directory
Data Synchronization / Replication
Graph Data Services
API Security
OverallSecurity
Architecture
Initiatives
Illustrative
#RSAC
18
IAM Technology RoadmapYears
FY16
FY17
FY18
FY19
Oauth 2.0Risk BasedAccess Control
IDAAS
ID ProofingServices
Open ID Connect
Protect
Business Risk
High Medium Low Unknown
UAR
UBA
Federated ID Mgt.
MFA
PAM
BiometricAuthentication
High Assurance IDP
SCIM
Mobile SSO
SOD Controls
API Gateway
IGA
FHIRSecurity
MonitoringDashboard
Role Lifecycle Mgt.
Virtual Directory
BYOID
UMA
IDLifecycle mgt.
GraphDirectory
Block ChainTechnology
Illustrative
#RSAC
19
Cybersecurity Framework Domain Mapping
Cybersecurity Framework Network IAM Endpoint App/Data Monitor
Identify
Protect
Detect
Respond
Recover
Observations
• Sufficient coverage for endpoint• Network domain lacks detection controls• Overall lack of detection controls• Monitoring capability exist mainly in the Protect
Rating Scale Description
Fully Meet
Usually Meet
Partially Meet
Rarely Meet
Does Not Meet
Illustrative
#RSAC
• Multi-factor
• UEBA
• Cloud IDaaS
• User Managed Access
• Identity Governance
• User Access Review
• Federation
• Virtual Directory
Other Domains
20
Key Initiatives
• Intrusion Detection & Prevention
• Network Segmentation
• Wireless Detection
• Cloud Access Security Broker
• Network Access Control
• Network Security Monitoring
• Threat Deception
• DDOS
• Multi-factor
• UEBA
• Cloud IDaaS
• User Managed Access
• Identity Governance
• User Access Review
• Federation
• Virtual Directory
Security Analytics
Adaptive Authentication
(IAM)
AdvancedDetection
Malware protection
system
ThreatIntelligence
Advanced Endpoint
Protection & Detection
Cloud Security
ApplicationSecurity
IAM
Network
Respond
Protect
Detect
#RSAC
“Apply” Slide
22
Next week you should:Begin needs assessmentBegin collecting current security controls, tools, and products
In the first three months following this presentation you should:Tailor cybersecurity framework, architecture domains, and assessment processBegin documenting current capabilities and gaps
Within six months you should:Complete the current capability assessmentBegin developing future-state architecture and roadmap