iot slam healthcare 12-02-2016
TRANSCRIPT
SECURING INTERNET OF MEDICAL THINGS
Manish RaiVP MarketingDecember 2nd, 2016
2
INTERNET OF MEDICAL THINGS (IoMT): $163B BY 2020, 38% CAGR
• 10-15 Device per Bed
• ~50% Networked
Source: Markets and Markets, Oct 2015
3
A Glimpse into the Numbers
72%
Malicious traffic targeted at Healthcare Providers
40% YoY Increase in Healthcare Cyber Attacks
81% of healthcare providers have revealed one or more systems have been compromised
HEALTHCARE CONTINUES TO BE THE TOP TARGET FOR CRIMINALS
Source: KPMG 2015 Healthcare Survey
4
MRI Device Hacked to Access Patient Information Researcher “was able to hack into the hospital's network with ease – and permission – after finding vulnerable medical devices listed on Shodan.”-International Business Times, Feb 15 2006
RESEARCHES HAVE BEEN HIGHLIGHTING IoMT VULNERABILITIES
Infusion Pump Hacked to Administer Fatal Drug DoseSecurity Professionals “showed how easy it is for hackers to take control of a hospital drug infusion pump by overwriting the device’s firmware with malicious software. The hack would allow someone to remotely administer a fatal drug dose to patients.”
Aug 12, 2015
5
• 7-8 year device development life cycle• Devices built for patient safely not
security• Use of outdated OS with known
vulnerabilities• Ltd or no patching capability• No support for 3rd party security agent• Till recently, limited regulatory focus
on security• Unencrypted communication
REASONS FOR IoMT VULNERABILITIES
Attackers are infecting medical devices with malware and then moving laterally through hospital networks to steal confidential data, according to TrapX’s MEDJACK report. (2015)
6
2016 HIMSS Cybersecurity Survey: Greatest Areas of Vulnerabilities
Top 5 Greatest Areas of Vulnerabilities (1-7 on a Likert-type scale)1. E-mail (5.00 acute, 5.30 non-acute)2. Mobile devices (4.81 acute, 4.72 non-acute)3. Internet of Things (4.79 acute, 3.56 non-acute)4. Other End User Devices (4.42 acute, 4.30 non-acute)5. Network (4.17 acute, 4.07 non-acute)
7
2016 HIMSS Cybersecurity Survey: Information Security Tools
Low Rates of Implementation:1. Network monitoring tools (54.6% acute, 45.2% non-acute)2. Mobile device management (56.3% acute, 35.5% non-
acute)3. Intrusion detection system (57.1% acute, 41.9% non-
acute)4. Intrusion prevention system (49.6% acute, 41.9% non-
acute)5. Data loss prevention (38.7% acute, 25.8% non-acute)
8
Determine Scope
• Inventory IoMT Device• Determine
Vulnerabilities• Categorize Based on
Risk
Identify Gaps & Update
Processes
• Procurement• Deployment• Monitoring• Migration
Plan
IoMT SECURITY FRAMEWORK
9
Inventory type, usage and location of each medical deviceDetermine know vulnerabilities in each device type (OS, patching, default settings, etc.) Score Device Risk Based on type, use, location and data transmitted
!!!
IoMT SECURITY FRAMEWORK: IDENTIFY SCOPE
#1 Inventory of Authorized and Unauthorized Devices
10
• Procurement: Collaboration between IT & Biomedical• Add security assessment as a key criterion
• Deployment: Segmenting devices based on risk• Monitoring: Process continuous monitoring and
assessment• Migration Plan: Process of replacing high risk
devices
IoMT SECURITY FRAMEWORK: IDENTIFY GAPS & UPDATE PROCESSES
According to SANS Institute, 50% + of incident response takes over 3 hours per endpoint.
- 2016 Endpoint Security Report
11
GREAT BAY SOFTWARE: COMPANY SNAPSHOT
10+
$1B+
100%
20MM+
Years Experience Securing Enterprises
Implementation Success Rate
Investment Fund Backed
Devices Secured
200+ Customer Installations
Beacon Product Suite5th Generation
Subscription Pricing ModelExperienced Management Team
12
ACT
SEEGREAT BAY VISION
IoT / Biomedical
Device Connection
Security
Monitoring• Identity• Behavior• Location
Onboarding• Authenticate Device• Onboard Automatically• Segment
Enforcement• Alert• Quarantine• Block
Visibility• Real-time Discovery• Comprehensive Profiling • Every Network
13
ENHANCED SECURITY, MANAGEMENT & OPERATIONS
IoT and Biomedical Device
Warehouse of Context
Active Directory & Radius Accounting
DNS & DHCP
SNMP Traps & Polls, IP HelperWireless Controllers
NetFlow / JFlowPort Mirroring / SPAN
Integrations: MDM, NAC, etc.
Security
Operations
Management
MDM
EPP/EDRNAC ATD
Asset Management
Security OpsIngests and Correlate Hundreds of Endpoint Attributes from Dozens
of Data Sources Industry’s Most Accurate Artificial Intelligence Expert System-Based Profiling Engine Leverages 1,400+ Pre-Built Device Profile
IoT Gateway
14
UNIQUE ARTIFICIAL INTELLIGENCE EXPERT SYSTEM-BASED BEHAVIOR MONITORING
BehaviorIdentity Location
New York
San Francisco
9100, 515, 80, 443
FTP (21) SSH (22), Telnet (23)
Only Vendor with Device (not User) Centric
Behavior Monitoring
Prepares you for Estimated 25% of
Breached Expected to Involve IoT/Unmanaged
Devices by 2020
Detects and Flags Unusual Changes in Identity, Location and Behavior
Network Intrusion
MAC Spoofing Rouge AP Rouge Device Vulnerable
Devices Unauthorized
Access
Detect
15
Problem:
Solution:
Result:
Securing Medical and Unmanageable Devices
Beacon Endpoint Profiler• Real-time identification of 100% of the medical and unmanaged
devices• Automatically on-boards the device by establishing profile-based
trust • Accelerate incident response by pinpointing the exact real-time
location of the device • 7,600 endpoints authenticated (100% of medical and unmanaged devices)
• Savings of 2 FTEs • Real time device visibility and behavior monitoring• Regulatory Compliance (HIPPA, PCI)
CASE STUDY