iot slam healthcare 12-02-2016

SECURING INTERNET OF MEDICAL THINGS

Manish RaiVP MarketingDecember 2nd, 2016

2

INTERNET OF MEDICAL THINGS (IoMT): $163B BY 2020, 38% CAGR

• 10-15 Device per Bed

• ~50% Networked

Source: Markets and Markets, Oct 2015

3

A Glimpse into the Numbers

72%

Malicious traffic targeted at Healthcare Providers

40% YoY Increase in Healthcare Cyber Attacks

81% of healthcare providers have revealed one or more systems have been compromised

HEALTHCARE CONTINUES TO BE THE TOP TARGET FOR CRIMINALS

Source: KPMG 2015 Healthcare Survey

4

MRI Device Hacked to Access Patient Information Researcher “was able to hack into the hospital's network with ease – and permission – after finding vulnerable medical devices listed on Shodan.”-International Business Times, Feb 15 2006

RESEARCHES HAVE BEEN HIGHLIGHTING IoMT VULNERABILITIES

Infusion Pump Hacked to Administer Fatal Drug DoseSecurity Professionals “showed how easy it is for hackers to take control of a hospital drug infusion pump by overwriting the device’s firmware with malicious software. The hack would allow someone to remotely administer a fatal drug dose to patients.”

Aug 12, 2015

5

• 7-8 year device development life cycle• Devices built for patient safely not

security• Use of outdated OS with known

vulnerabilities• Ltd or no patching capability• No support for 3rd party security agent• Till recently, limited regulatory focus

on security• Unencrypted communication

REASONS FOR IoMT VULNERABILITIES

Attackers are infecting medical devices with malware and then moving laterally through hospital networks to steal confidential data, according to TrapX’s MEDJACK report. (2015)

6

2016 HIMSS Cybersecurity Survey: Greatest Areas of Vulnerabilities

Top 5 Greatest Areas of Vulnerabilities (1-7 on a Likert-type scale)1. E-mail (5.00 acute, 5.30 non-acute)2. Mobile devices (4.81 acute, 4.72 non-acute)3. Internet of Things (4.79 acute, 3.56 non-acute)4. Other End User Devices (4.42 acute, 4.30 non-acute)5. Network (4.17 acute, 4.07 non-acute)

7

2016 HIMSS Cybersecurity Survey: Information Security Tools

Low Rates of Implementation:1. Network monitoring tools (54.6% acute, 45.2% non-acute)2. Mobile device management (56.3% acute, 35.5% non-

acute)3. Intrusion detection system (57.1% acute, 41.9% non-

acute)4. Intrusion prevention system (49.6% acute, 41.9% non-

acute)5. Data loss prevention (38.7% acute, 25.8% non-acute)

8

Determine Scope

• Inventory IoMT Device• Determine

Vulnerabilities• Categorize Based on

Risk

Identify Gaps & Update

Processes

• Procurement• Deployment• Monitoring• Migration

Plan

IoMT SECURITY FRAMEWORK

9

Inventory type, usage and location of each medical deviceDetermine know vulnerabilities in each device type (OS, patching, default settings, etc.) Score Device Risk Based on type, use, location and data transmitted

!!!

IoMT SECURITY FRAMEWORK: IDENTIFY SCOPE

#1 Inventory of Authorized and Unauthorized Devices

10

• Procurement: Collaboration between IT & Biomedical• Add security assessment as a key criterion

• Deployment: Segmenting devices based on risk• Monitoring: Process continuous monitoring and

assessment• Migration Plan: Process of replacing high risk

devices

IoMT SECURITY FRAMEWORK: IDENTIFY GAPS & UPDATE PROCESSES

According to SANS Institute, 50% + of incident response takes over 3 hours per endpoint.

- 2016 Endpoint Security Report

11

GREAT BAY SOFTWARE: COMPANY SNAPSHOT

10+

$1B+

100%

20MM+

Years Experience Securing Enterprises

Implementation Success Rate

Investment Fund Backed

Devices Secured

200+ Customer Installations

Beacon Product Suite5th Generation

Subscription Pricing ModelExperienced Management Team

12

ACT

SEEGREAT BAY VISION

IoT / Biomedical

Device Connection

Security

Monitoring• Identity• Behavior• Location

Onboarding• Authenticate Device• Onboard Automatically• Segment

Enforcement• Alert• Quarantine• Block

Visibility• Real-time Discovery• Comprehensive Profiling • Every Network

13

ENHANCED SECURITY, MANAGEMENT & OPERATIONS

IoT and Biomedical Device

Warehouse of Context

Active Directory & Radius Accounting

DNS & DHCP

SNMP Traps & Polls, IP HelperWireless Controllers

NetFlow / JFlowPort Mirroring / SPAN

Integrations: MDM, NAC, etc.

Security

Operations

Management

MDM

EPP/EDRNAC ATD

Asset Management

Security OpsIngests and Correlate Hundreds of Endpoint Attributes from Dozens

of Data Sources Industry’s Most Accurate Artificial Intelligence Expert System-Based Profiling Engine Leverages 1,400+ Pre-Built Device Profile

IoT Gateway

14

UNIQUE ARTIFICIAL INTELLIGENCE EXPERT SYSTEM-BASED BEHAVIOR MONITORING

BehaviorIdentity Location

New York

San Francisco

9100, 515, 80, 443

FTP (21) SSH (22), Telnet (23)

Only Vendor with Device (not User) Centric

Behavior Monitoring

Prepares you for Estimated 25% of

Breached Expected to Involve IoT/Unmanaged

Devices by 2020

Detects and Flags Unusual Changes in Identity, Location and Behavior

Network Intrusion

MAC Spoofing Rouge AP Rouge Device Vulnerable

Devices Unauthorized

Access

Detect

15

Problem:

Solution:

Result:

Securing Medical and Unmanageable Devices

Beacon Endpoint Profiler• Real-time identification of 100% of the medical and unmanaged

devices• Automatically on-boards the device by establishing profile-based

trust • Accelerate incident response by pinpointing the exact real-time

location of the device • 7,600 endpoints authenticated (100% of medical and unmanaged devices)

• Savings of 2 FTEs • Real time device visibility and behavior monitoring• Regulatory Compliance (HIPPA, PCI)

CASE STUDY

16

Questions?

Manish RaiVP of MarketingGreat Bay Softwaremrai@greatbaysoftware.com