download file
TRANSCRIPT
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 1
Colorado HIMSS Fall Security Conference
The Evolution of Threat Management Solutions:
Countering Today’s Sophisticated Attacks
Mark Precious and Harold StokesVirtualArmor
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 2
Changes in Network Threats
Agenda
Review history and changes in network threats
Healthcare regulations and expanding network communications needs
Introduction of advanced network security products
Future direction of solutions: converged products, single hardware platform and unified threat management
Healthcare example: Carlsbad Regional Medical Center
Security threats in the news
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 3
Review History and Changes in Network Threats
High School Prank Starts 25 years of Security Woes!
1982: 9th grader Rich Skrenta releases first computer virus, “Elk Cloner,” on friends
Mid-to-late 90s: Corporate reliance on internet/email makes viruses a global security threat
1999 – 2003: Melissa, Love Bug, and SoBig bring down networks and cause massive productivity losses. Companies expend significant resources to contain/remove these viruses and repair damaged computers and networks.
No real criminal intent – virus creators motivated by notoriety/fame
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 4
Review History and Changes in Network Threats
Today the threat has changed!
Criminal intent
Well funded
Profit driven
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 5
Symantec Security Report, September 2007• Covered 120 million computers running Symantec Security
Response during the first half of 2007
• With 2 million decoy email accounts designed to attract shady attempts worldwide
• US #1 in underground economy servers at 64%, selling verified credit card numbers, government-issued ID numbers and other personal data, (Germany #2, Sweden #3)
• China #1 in web robot or Bots-software infected computers, performing online tasks without the owners’ knowledge
• 212,101 malicious code threats reported, an increase of 185% over the previous 6 months
• Three customizable malicious “toolkits” – costing between $300 and $800 – were responsible for 42% of the 2.3 million “phishing” messages, used to steal personal and financial information.
Review History and Changes in Network Threats
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 6
Healthcare Applications Under Pressure:•SOA and Application Webification•Secure Remote Access of Patient Information EHR•Consolidating Data Center and Expediting Medical
Record Storage•Wireless Security, Remote Patient Monitoring, and
Unified Access Control•Migration to IP Infrastructure
Network Evolution Coupled to Application
Changes and Healthcare Requirements
•Increased Security Threats•Bandwidth Increases for Large Volume
& Data Replication/Disaster Recovery•QoS for Demanding Apps/VoIP•HIPPA•Regional Health Information
Organization (RHIO)Insurance Providers,
Payment Clearingho
use Partners, Patients,
Contractors
Hospital
MobileHealthcare
Providers
Remote Data Center
Tele-workers
InternetKiosk
Medical Clinic
WAN
web servers
app servers databases
databasesRHIO
Healthcare Regulations and Expanding Network Communications Needs
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 7
• HIPAA is concerned about privacy of and access to Private Health Information (PHI) and Electronic Health Records (EHR) that reside in stored (static) areas of the network and are transmitted between “covered entities”
• Firewall alone will not meet
all security requirements
• Use of the Internet increases productivity and lowers communication costs, but requires compliance with HIPAA Security Standards
• Employee error or ignorance, hackers, worms, and viruses increase risk to PHI or EHR
Regular Firewall
Healthcare Regulations and Expanding Network Communications Needs
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 8
Introduction of Advanced Security Network Products
•Firewall/IPSec (Internet Protocol Security) VPN (Virtual Private Network)
•SSL/VPN (Secure Socket Layer Virtual Private Network)
•IDP/IDS (Intrusion Detection and Prevention Solutions)
•Access control and authentication solutions
•Wireless solutions
•WAN (Wide Area Network) and LAN (Local Area Network) acceleration
Multiple Layered Security Solutions Combat
Sophisticated Threats
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 9
Securing Communications for Mobile & Work-at-Home Healthcare Providers via SSL
VPNs• Extend secure and flexible access to remote offices, partners, work at home, and teleworkers…and accelerate application performance over SSL VPN
• Minimizes the remote management and troubleshooting requirements of VPN configurations to scale easily across the enterprise
• SSL VPN solution scales to provide thousands of VPN connections and minimize operational cost
Hospital
RemoteClinic #1
DataCenter
RemoteClinic #2
Healthcare Insurance Provider
Healthcare Payment
Clearinghouse
Blocked
Introduction of Advanced Security Network Products
SSL VPN
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 10
IDP Network Monitoring and Auditing
Customer Problems• Network intruders enter secure
locations without your knowing• Spyware is placed on your network• Viruses spread undetected on the
network, potentially resulting in network disruptions
Intrusion Detection and Preventions• Identify and act against intruders
in real-time while avoiding false positives
• Prevent spyware from entering your network
• Detect and stop the spread of viruses before they have the chance to impact the business
2. Dropped from the network
3. Event logged and reported by
network monitoring tools
Regional Office or Medium Central Site
Internet
Central Site
Servers
Admin
DMZ
Zone 2
Zone 3Zone 1
Network Security Management tools
Introduction of Advanced Security Network Products
1. Threat initiated
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 11
Infranet Agent (IA)
Comprehensive enterprise integration
AAA ServersIdentity Stores
Phase 1 Enforcers
Infranet Controller (IC)
Unified policy enforcement based
on identity, endpoint assessment, and
network
• Host Checker• Host Enforcer (with firewall policy or optional
dynamic MS IPSec enforcement)• MS Windows Single SignOn• Agentless enforcement for Windows, Mac and
Linux • IA protects authenticated endpoints from
malicious/non-compliant endpoints
• Enforcers –Operating System • Firewall• From regional SOHO to
Enterprise
• Access control decision point• Automatically provisions Infranet Agent (if
required)• Dynamically provisions enforcement policy• Integrated remediation support
Network Access Control in HealthcareIntroduction of Advanced Security
Network Products
Access Control
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 12
LANEAP over LANEAP in Authentication Server
EAP – tunneled authentication & key sharing Encrypted Tunnel
To make WLAN secure, you need a way to prove that the user is who they say they are, including– A standard way to pass that information through an Ethernet LAN
• 802.1x– Terms in the standard include:
» Supplicant » Authentication Server » Authenticator
– A standard authentication protocol, that works with many different authentication systems• Extensible Authentication Protocol (EAP)
Accept/RejectAccess
Healthcare Wireless Network Security
Access Client
Introduction of Advanced Security Network Products
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 13
WAN Acceleration: Healthcare Data Replication
• Minimizes bandwidth requirements• Speeds data replication process• Improves application performance across the WAN for many
applications• Increases data transfer speeds for large files
Hospital
Remote Data Center
Medical Clinic
WAN
web servers
app servers databases
SSL VPN
IPSec VPN
router
router
WANAcceleration
WANAcceleration
Introduction of Advanced Security Network Products
SSL VPN
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 14
LAN Acceleration: Server Load Balancing?
14
web servers
app servers
databases
web browser
Improve availability
Improve application performance
Double server capacity
Simplify data center architecture
Protect against attacks
Improve scalability
web browserweb browser
web browserweb browser
authentication
Web acceleratio
n
HTTP protocol
inspectioncache
SSLSLB LAN Acceleration
Introduction of Advanced Security Network Products
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 15
CIO Perspective and ChallengesBusiness Priorities IT Priorities Vendor
Solutions
Business Growth and Differentiation
- Understand and improve business processes through new application functionality
Control Costs in IT and business
-Allocate IT capital/cost for maximum value
-Efficiency in supply chain, product development, sales
-Return money into the businessImprove end user experience
- Internal and external customer
TelecomWAN/network
Datacenter
Helpdesk/Desktop
App Dev
App mtce
AdminOtherProfit
OperationsSales and Marketing
R&D / Prod Dev
G&A
Support HR/Legal
CoS/ Materials
Business
Measures
IT Spend 2-8%
Connectivity
Diff
icu
lt P
rob
lem
s
Measure benefit
MeasureBenefit
Measure benefit
CIO and CSO Investment Considerations
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 16
CIO and CSO Investment Considerations
CIO or CSO has to be Superman!
Numerous vendor solutions!
Best-of-breed products or single-vendor solutions?
Limited IT budget vs. increasing threats
Constantly changing threats that are criminal, well funded and profit driven
Risk of exposure to the court of public opinion due to non-compliance with government and industry regulations!!
Recent IRS Ruling!!
WANAcceleration
LANAcceleration
Database
SSL VPN
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 17
Future Direction
ConvergedSecurity Platform
Converged Products with Unified Threat Management
Converged Products:Firewall with Increased Functionality:
• Unified Threat Management
• Intrusion Detection
• Wireless Devices
• VoIP Management
• Router Solutions
• Cable/DSP/T-1 modem replacement
Many major providers have recently introduced products that converge many functions that were previously independent appliances
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 18
Carlsbad Regional Medical Center
Health Care Example
A small rural hospital connects all its local physicians to the hospital network
Small regional hospitalRural area 30 physician offices integrated to network
Secure Services GatewayRouterFirewall/IPSec VPNUnified Threat ManagementDeep InspectionWireless for physician and patientT1, DSL, Cable, direct connection
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 19
Security Threats in the News
Web Hack Exposes Personal Data of 14,000 At Nature ConservancyAttacker accessed data via malware attached to association WebsiteOCTOBER 2, 2007 I 5:49 PM-
Insider Attacks Put IT Security on theOffensive
Attackers Kill Anti-Fraud SiteFraudwatchers.org buckles, collapses under weight of month-long denof -service attackSEPTEMBER 28, 2007 , 4:30 PM
OCTOBER 8, 2007 | Spammers are hijacking a service on YouTube
to send out waves of e-mails that evade spam defenses by hiding under
the video Web site's coattails.
Alleged hacker used connections at a McDonald's and Best Buy to launch denial-of-service attacks and then heckle his victims
Hackers Breaking Up Botnets to Elude Detection Courtesy of Information Week
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 20
Thank you!
Open Questions
Mark Precious and Harold StokesVirtualArmor
The Evolution of Threat Management Solutions:Countering Today’s Sophisticated Attacks
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 21
Thank you
G0 Rockies
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 22
Standards Sections Implementation Specifications (R)=Required, (A)=Addressable
Security Management Process………… 164.308(a)(1) Risk Analysis (R) Risk Management (R) Sanction Policy (R) Information System Activity Review (R)
Assigned Secuirty Responsibility…….. 164.308(a)(2) (R) Workforce Security……………………… 164.308(a)(3) Authorization and/or Supervision (A)
Workforce Clearance ProcedureTermination Procedures (A)
Information Access Management……… 164.308(a)(4) Isolating Health care Clearinghouse Function (R) Access Authorization (A)Access Establishpment and Modification (A)
Security Awareness and Training………. 164.308(a)(6) Response and Reporting (R) Protection from Malicious Software (A)Log-in Monitoring (A)Password Management (A)
Security Incident Procedures………….. 164.308(a)(6) Response and Reporting (R) Contingency Plan……………………….. 164.308(a)(7) Data Backup Plan (R)
Disaster Recovery Plan (R)Emergency Mode Operation Plan (R)Testing and Revision Procedure (A)
Evaluation……………………………….. 164.308(a)(1) (R) Business Associate Contracts and Other Arrangement.
164.308(b)(1) Written Contract or Other Arrantement (R)
Facility Access Controls……………….. 164.310(a)(1) Contingency Operations (A)Facility Security Plan (A)Access Control and Validation Procedures (A)Maintenance Records (A)
Workstation Use……………………….. 164.310(b) (R) Workstation Security…………………… 164.310(c) (R) Device and Media Controls……………. 164.310(d)(1) Disposal (R)
Media Re-use (R)Accountability (A)Data Backup and Storage (A)
Access Control…………………………… 164.312(a)(1) Unique User Identification (R)Emergency Access Procedure (R)Automatic Logoff (A)Encryption and Decryption (A)
Audit Controls……………………………. 164.312(b) (R) Integrity…………………………………… 164.312(c)(1) Mechanism to Authenticate Electronic Protected Health Information (A)Person or Entity Authentication……….. 164.312(d) (R)
Transmission Security………………….. 164.312(e)(1)Integrity Controls (A)Encryption (A)
Administrative Safeguards
Physical Safeguards
Technical Safeguards (see § 164.312)
Required HIPAA Security Standards
Source: 45 CFR Parts 160, 162, and 164 - Health Insurance Reform: Security Standards; Final Rule, 2/20/2003.
IDP assist with Risk Management assessments.
SSL VPN ensures authorization for accessed locations of the network. IDP adds supervision on the network. LAN Acceleration to facilitate authorized access of consolidated EHR storage.HIPAA Security Zones limit access to those with authorization.
IDP identifies and protects against malicious software.SSL VPN and IDP provide log-in monitoring.
IDP provides response and reporting for security incidents.
SSL VPN facilitates use of the network when operating under emergency contingency plans at remote locations.
When using electronic surveillance to ensure accountability of physical safeguards, Security Zones and SSL VPN to protect the accountability of the surveillance network.
HIPAA Security Zones support access control compliance. SSL VPN with dual token authentication and single concurrent login provides unique user identification. Emergency access and automatic logoff is supported with SSL VPN. A wide variety of sophisticated encryption techniques are supported to ensure privacy of information. WAN and LAN Acceleration products to enabled consolidation of “at risk” confidential information while accelerating deliver over WAN access.IDP provides intelligent logs for Audit Control enforcement.
Firewall, SSL VPN, and Unified Access Control can be used independently or combined to support integrity, authentication, and transmission security for the HIPAA Compliance process.
VirtualArmor 4610 S. Ulster Street Suite 150 Denver, CO 80237 23
Healthcare News
Recent headlines enterprise.
Security Threats in the News