download file

VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 1

Colorado HIMSS Fall Security Conference

The Evolution of Threat Management Solutions:

Countering Today’s Sophisticated Attacks

Mark Precious and Harold StokesVirtualArmor

VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237


Changes in Network Threats

Agenda

Review history and changes in network threats

Healthcare regulations and expanding network communications needs

Introduction of advanced network security products

Future direction of solutions: converged products, single hardware platform and unified threat management

Healthcare example: Carlsbad Regional Medical Center

Security threats in the news


Review History and Changes in Network Threats

High School Prank Starts 25 years of Security Woes!

1982: 9th grader Rich Skrenta releases first computer virus, “Elk Cloner,” on friends

Mid-to-late 90s: Corporate reliance on internet/email makes viruses a global security threat

1999 – 2003: Melissa, Love Bug, and SoBig bring down networks and cause massive productivity losses. Companies expend significant resources to contain/remove these viruses and repair damaged computers and networks.

No real criminal intent – virus creators motivated by notoriety/fame



Today the threat has changed!

Criminal intent

Well funded

Profit driven


Symantec Security Report, September 2007• Covered 120 million computers running Symantec Security

Response during the first half of 2007

• With 2 million decoy email accounts designed to attract shady attempts worldwide

• US #1 in underground economy servers at 64%, selling verified credit card numbers, government-issued ID numbers and other personal data, (Germany #2, Sweden #3)

• China #1 in web robot or Bots-software infected computers, performing online tasks without the owners’ knowledge

• 212,101 malicious code threats reported, an increase of 185% over the previous 6 months

• Three customizable malicious “toolkits” – costing between $300 and $800 – were responsible for 42% of the 2.3 million “phishing” messages, used to steal personal and financial information.



Healthcare Applications Under Pressure:•SOA and Application Webification•Secure Remote Access of Patient Information EHR•Consolidating Data Center and Expediting Medical

Record Storage•Wireless Security, Remote Patient Monitoring, and

Unified Access Control•Migration to IP Infrastructure

Network Evolution Coupled to Application

Changes and Healthcare Requirements

•Increased Security Threats•Bandwidth Increases for Large Volume

& Data Replication/Disaster Recovery•QoS for Demanding Apps/VoIP•HIPPA•Regional Health Information

Organization (RHIO)Insurance Providers,

Payment Clearingho

use Partners, Patients,

Contractors

Hospital

MobileHealthcare

Providers

Remote Data Center

Tele-workers

InternetKiosk

Medical Clinic

WAN

web servers

app servers databases

databasesRHIO

Healthcare Regulations and Expanding Network Communications Needs


• HIPAA is concerned about privacy of and access to Private Health Information (PHI) and Electronic Health Records (EHR) that reside in stored (static) areas of the network and are transmitted between “covered entities”

• Firewall alone will not meet

all security requirements

• Use of the Internet increases productivity and lowers communication costs, but requires compliance with HIPAA Security Standards

• Employee error or ignorance, hackers, worms, and viruses increase risk to PHI or EHR

Regular Firewall

Healthcare Regulations and Expanding Network Communications Needs


Introduction of Advanced Security Network Products

•Firewall/IPSec (Internet Protocol Security) VPN (Virtual Private Network)

•SSL/VPN (Secure Socket Layer Virtual Private Network)

•IDP/IDS (Intrusion Detection and Prevention Solutions)

•Access control and authentication solutions

•Wireless solutions

•WAN (Wide Area Network) and LAN (Local Area Network) acceleration

Multiple Layered Security Solutions Combat

Sophisticated Threats


Securing Communications for Mobile & Work-at-Home Healthcare Providers via SSL

VPNs• Extend secure and flexible access to remote offices, partners, work at home, and teleworkers…and accelerate application performance over SSL VPN

• Minimizes the remote management and troubleshooting requirements of VPN configurations to scale easily across the enterprise

• SSL VPN solution scales to provide thousands of VPN connections and minimize operational cost

Hospital

RemoteClinic #1

DataCenter

RemoteClinic #2

Healthcare Insurance Provider

Healthcare Payment

Clearinghouse

Blocked


SSL VPN


IDP Network Monitoring and Auditing

Customer Problems• Network intruders enter secure

locations without your knowing• Spyware is placed on your network• Viruses spread undetected on the

network, potentially resulting in network disruptions

Intrusion Detection and Preventions• Identify and act against intruders

in real-time while avoiding false positives

• Prevent spyware from entering your network

• Detect and stop the spread of viruses before they have the chance to impact the business

2. Dropped from the network

3. Event logged and reported by

network monitoring tools

Regional Office or Medium Central Site

Internet

Central Site

Servers

Admin

DMZ

Zone 2

Zone 3Zone 1

Network Security Management tools


1. Threat initiated


Infranet Agent (IA)

Comprehensive enterprise integration

AAA ServersIdentity Stores

Phase 1 Enforcers

Infranet Controller (IC)

Unified policy enforcement based

on identity, endpoint assessment, and

network

• Host Checker• Host Enforcer (with firewall policy or optional

dynamic MS IPSec enforcement)• MS Windows Single SignOn• Agentless enforcement for Windows, Mac and

Linux • IA protects authenticated endpoints from

malicious/non-compliant endpoints

• Enforcers –Operating System • Firewall• From regional SOHO to

Enterprise

• Access control decision point• Automatically provisions Infranet Agent (if

required)• Dynamically provisions enforcement policy• Integrated remediation support

Network Access Control in HealthcareIntroduction of Advanced Security

Network Products

Access Control


LANEAP over LANEAP in Authentication Server

EAP – tunneled authentication & key sharing Encrypted Tunnel

To make WLAN secure, you need a way to prove that the user is who they say they are, including– A standard way to pass that information through an Ethernet LAN

• 802.1x– Terms in the standard include:

» Supplicant » Authentication Server » Authenticator

– A standard authentication protocol, that works with many different authentication systems• Extensible Authentication Protocol (EAP)

Accept/RejectAccess

Healthcare Wireless Network Security

Access Client



WAN Acceleration: Healthcare Data Replication

• Minimizes bandwidth requirements• Speeds data replication process• Improves application performance across the WAN for many

applications• Increases data transfer speeds for large files

Hospital

Remote Data Center

Medical Clinic

WAN

web servers

app servers databases

SSL VPN

IPSec VPN

router

router

WANAcceleration

WANAcceleration


SSL VPN


LAN Acceleration: Server Load Balancing?

14

web servers

app servers

databases

web browser

Improve availability

Improve application performance

Double server capacity

Simplify data center architecture

Protect against attacks

Improve scalability

web browserweb browser

web browserweb browser

authentication

Web acceleratio

n

HTTP protocol

inspectioncache

SSLSLB LAN Acceleration



CIO Perspective and ChallengesBusiness Priorities IT Priorities Vendor

Solutions

Business Growth and Differentiation

- Understand and improve business processes through new application functionality

Control Costs in IT and business

-Allocate IT capital/cost for maximum value

-Efficiency in supply chain, product development, sales

-Return money into the businessImprove end user experience

- Internal and external customer

TelecomWAN/network

Datacenter

Helpdesk/Desktop

App Dev

App mtce

AdminOtherProfit

OperationsSales and Marketing

R&D / Prod Dev

G&A

Support HR/Legal

CoS/ Materials

Business

Measures

IT Spend 2-8%

Connectivity

Diff

icu

lt P

rob

lem

s

Measure benefit

MeasureBenefit

Measure benefit

CIO and CSO Investment Considerations


CIO and CSO Investment Considerations

CIO or CSO has to be Superman!

Numerous vendor solutions!

Best-of-breed products or single-vendor solutions?

Limited IT budget vs. increasing threats

Constantly changing threats that are criminal, well funded and profit driven

Risk of exposure to the court of public opinion due to non-compliance with government and industry regulations!!

Recent IRS Ruling!!

WANAcceleration

LANAcceleration

Database

SSL VPN


Future Direction

ConvergedSecurity Platform

Converged Products with Unified Threat Management

Converged Products:Firewall with Increased Functionality:

• Unified Threat Management

• Intrusion Detection

• Wireless Devices

• VoIP Management

• Router Solutions

• Cable/DSP/T-1 modem replacement

Many major providers have recently introduced products that converge many functions that were previously independent appliances


Carlsbad Regional Medical Center

Health Care Example

A small rural hospital connects all its local physicians to the hospital network

Small regional hospitalRural area 30 physician offices integrated to network

Secure Services GatewayRouterFirewall/IPSec VPNUnified Threat ManagementDeep InspectionWireless for physician and patientT1, DSL, Cable, direct connection


Security Threats in the News

Web Hack Exposes Personal Data of 14,000 At Nature ConservancyAttacker accessed data via malware attached to association WebsiteOCTOBER 2, 2007 I 5:49 PM-

Insider Attacks Put IT Security on theOffensive

Attackers Kill Anti-Fraud SiteFraudwatchers.org buckles, collapses under weight of month-long denof -service attackSEPTEMBER 28, 2007 , 4:30 PM

OCTOBER 8, 2007 | Spammers are hijacking a service on YouTube

to send out waves of e-mails that evade spam defenses by hiding under

the video Web site's coattails.

Alleged hacker used connections at a McDonald's and Best Buy to launch denial-of-service attacks and then heckle his victims

Hackers Breaking Up Botnets to Elude Detection Courtesy of Information Week


Thank you!

Open Questions

Mark Precious and Harold StokesVirtualArmor

The Evolution of Threat Management Solutions:Countering Today’s Sophisticated Attacks


Thank you

G0 Rockies


Standards Sections Implementation Specifications (R)=Required, (A)=Addressable

Security Management Process………… 164.308(a)(1) Risk Analysis (R) Risk Management (R) Sanction Policy (R) Information System Activity Review (R)

Assigned Secuirty Responsibility…….. 164.308(a)(2) (R) Workforce Security……………………… 164.308(a)(3) Authorization and/or Supervision (A)

Workforce Clearance ProcedureTermination Procedures (A)

Information Access Management……… 164.308(a)(4) Isolating Health care Clearinghouse Function (R) Access Authorization (A)Access Establishpment and Modification (A)

Security Awareness and Training………. 164.308(a)(6) Response and Reporting (R) Protection from Malicious Software (A)Log-in Monitoring (A)Password Management (A)

Security Incident Procedures………….. 164.308(a)(6) Response and Reporting (R) Contingency Plan……………………….. 164.308(a)(7) Data Backup Plan (R)

Disaster Recovery Plan (R)Emergency Mode Operation Plan (R)Testing and Revision Procedure (A)

Evaluation……………………………….. 164.308(a)(1) (R) Business Associate Contracts and Other Arrangement.

164.308(b)(1) Written Contract or Other Arrantement (R)

Facility Access Controls……………….. 164.310(a)(1) Contingency Operations (A)Facility Security Plan (A)Access Control and Validation Procedures (A)Maintenance Records (A)

Workstation Use……………………….. 164.310(b) (R) Workstation Security…………………… 164.310(c) (R) Device and Media Controls……………. 164.310(d)(1) Disposal (R)

Media Re-use (R)Accountability (A)Data Backup and Storage (A)

Access Control…………………………… 164.312(a)(1) Unique User Identification (R)Emergency Access Procedure (R)Automatic Logoff (A)Encryption and Decryption (A)

Audit Controls……………………………. 164.312(b) (R) Integrity…………………………………… 164.312(c)(1) Mechanism to Authenticate Electronic Protected Health Information (A)Person or Entity Authentication……….. 164.312(d) (R)

Transmission Security………………….. 164.312(e)(1)Integrity Controls (A)Encryption (A)

Administrative Safeguards

Physical Safeguards

Technical Safeguards (see § 164.312)

Required HIPAA Security Standards

Source: 45 CFR Parts 160, 162, and 164 - Health Insurance Reform: Security Standards; Final Rule, 2/20/2003.

IDP assist with Risk Management assessments.

SSL VPN ensures authorization for accessed locations of the network. IDP adds supervision on the network. LAN Acceleration to facilitate authorized access of consolidated EHR storage.HIPAA Security Zones limit access to those with authorization.

IDP identifies and protects against malicious software.SSL VPN and IDP provide log-in monitoring.

IDP provides response and reporting for security incidents.

SSL VPN facilitates use of the network when operating under emergency contingency plans at remote locations.

When using electronic surveillance to ensure accountability of physical safeguards, Security Zones and SSL VPN to protect the accountability of the surveillance network.

HIPAA Security Zones support access control compliance. SSL VPN with dual token authentication and single concurrent login provides unique user identification. Emergency access and automatic logoff is supported with SSL VPN. A wide variety of sophisticated encryption techniques are supported to ensure privacy of information. WAN and LAN Acceleration products to enabled consolidation of “at risk” confidential information while accelerating deliver over WAN access.IDP provides intelligent logs for Audit Control enforcement.

Firewall, SSL VPN, and Unified Access Control can be used independently or combined to support integrity, authentication, and transmission security for the HIPAA Compliance process.


Healthcare News

Recent headlines enterprise.

Security Threats in the News

download file

Documents

network viruses

security requirements

idp network monitoring

global security threat

healthcare requirements

symantec security response

symantec security report

years of security woes