Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
1© Cloudera, Inc. All rights reserved.
| |
Protecting health and life science
organizations from breaches and ransomware
W...
2© Cloudera, Inc. All rights reserved.
| |
Agenda for Today’s Webinar
• Introduction
• Breach Security Assessments for HLS...
3© Cloudera, Inc. All rights reserved.
| |
Today’s Speakers
Karthik Krishnan
Vice President,
Product Management
Rocky DeSt...
4© Cloudera, Inc. All rights reserved.
| |
Breach Security Assessments for
HLS Organizations
Intel Health & Life Sciences | Make it Personal
Healthcare Security – Increasingly About Survival
• Severe impact of breac...
Intel Health & Life Sciences | Make it Personal
Breach Security Capabilities Maturity Model
Improved Breach Security, Usab...
7© Cloudera, Inc. All rights reserved.
| |
POLLING QUESTION – TO USE READYTALK’S POLLING FEATURE
What type of breach are y...
Intel Health & Life Sciences | Make it Personal
HLS Breach Security Priorities
Global Industry Report
8
• Priorities / lev...
Intel Health & Life Sciences | Make it Personal
HLS Breach Security
Capabilities
Global Industry Report
9
• 42 security ca...
Intel Health & Life Sciences | Make it Personal
Security Incident Response Plan
Global Health & Life Sciences Results
Plan...
Intel Health & Life Sciences | Make it Personal
Threat Intelligence
Global Health & Life Sciences Results
• Acquisition an...
Intel Health & Life Sciences | Make it Personal
Digital Forensics
Global Health & Life Sciences Results
Ability to conduct...
Intel Health & Life Sciences | Make it Personal Intel Confidential – Do Not Forward
Hardware Enhanced Security
13
Security...
14© Cloudera, Inc. All rights reserved.
| |
Industry Overview
15© Cloudera, Inc. All rights reserved.
| |
POLLING QUESTIONS – TO USE READYTALK’S POLLING FEATURE
ARE YOU CONFIDENT THAT ...
16© Cloudera, Inc. All rights reserved.
The environment has changed…
Hackers are more
sophisticated
Attacks are more
frequ...
17© Cloudera, Inc. All rights reserved.
…but systems have not.
The environment has changed…
Only detect known
threats
Old ...
18© Cloudera, Inc. All rights reserved.
Legacy Cyber Solutions
(TBs)
Aggregated
Events
Raw
System Logs
Network
Flows/ DNS
...
19© Cloudera, Inc. All rights reserved.
Discovering unknown threats with
advanced analytics (machine learning)
is impossib...
20© Cloudera, Inc. All rights reserved.
NetworkUser Endpoint LogsApplication File
Context
2
Siloed data and applications l...
21© Cloudera, Inc. All rights reserved.
Legacy Cyber
Solutions
(TBs)
Aggregated
Events
Raw
System
Logs
Networ
k
Flows/
DNS...
22© Cloudera, Inc. All rights reserved.
Cyber threats change.
Keep one thing
constant, Cloudera.
Custom Open
Data
Model
Op...
Niara Behavioral Analytics
Karthik Krishnan
VP Product Line Management
24© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
THE PROBLEM
PREVENTION & DETECTION
NOT ENOUGH
INCREAS...
25© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
THREAT INTELLIGENCE VS. SECURITY ANALYTICS
• Crowdsou...
26© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
AUTOMATED DETECTION OF
THREATS INSIDE THE ORGANIZATIO...
27© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
BASICS OF BEHAVIORAL ANALYTICS
ABNORMAL INTERNAL
RESO...
28© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
FINDING THE MALICIOUS IN THE ANOMALOUS
Behavioral
Ana...
29© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
ENTITY360™ SECURITY DOSSIER
30© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
BEHAVIORAL ANALYTICS ACROSS MULTIPLE
DIMENSIONS
31© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
MODEL CONFIDENCE AND BUSINESS IMPACT
Business
Impact
...
32© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
FORCE MULTIPLIER FOR SECURITY ANALYSTS
Consolidated D...
33© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
ACCELERATED INVESTIGATION AND RESPONSE
Behavioral
Ana...
34© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
UBA INCIDENT RESPONSE ROI
35© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
SOLUTION AT A GLANCE
Console / Workflow
SIEM/LOGGING
...
36© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential
• Founded 2013
• Focused on solving two key problems
...
37© Cloudera, Inc. All rights reserved.
| |
Interested in learning more?
Intel Health & Life Sciences | Make it Personal
Invitation
• Join us: Breach Security Benchmark
• Analyze your breach secu...
39© Cloudera, Inc. All rights reserved.
| |
Contact our experts
Schedule a discovery session with our
experts
Discuss how ...
40© Cloudera, Inc. All rights reserved.
| |
Thank You
Intel Health & Life Sciences | Make it Personal
Legal Disclaimers
Intel® vPro™ Technology: Intel® vPro™ Technology require...
Prochain SlideShare
Chargement dans…5
×

Protecting health and life science organizations from breaches and ransomware

543 vues

Publié le

3 Things to Learn About:

* 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened.
* 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.

* 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry
.

Publié dans : Logiciels
  • Soyez le premier à commenter

Protecting health and life science organizations from breaches and ransomware

  1. 1. 1© Cloudera, Inc. All rights reserved. | | Protecting health and life science organizations from breaches and ransomware With big data-based machine learning and UBA solutions | |
  2. 2. 2© Cloudera, Inc. All rights reserved. | | Agenda for Today’s Webinar • Introduction • Breach Security Assessments for HLS Organizations • Industry Overview • Behavioral Analytics • Q&A
  3. 3. 3© Cloudera, Inc. All rights reserved. | | Today’s Speakers Karthik Krishnan Vice President, Product Management Rocky DeStefano Cybersecurity Subject Matter Expert David Houlding Director of Healthcare Privacy and Security Intel Health and Life Sciences
  4. 4. 4© Cloudera, Inc. All rights reserved. | | Breach Security Assessments for HLS Organizations
  5. 5. Intel Health & Life Sciences | Make it Personal Healthcare Security – Increasingly About Survival • Severe impact of breaches • Compliance necessary • Not sufficient to adequately mitigate risk of breaches • How far do you have to go? • Don’t be at the “back of the herd” • How does your security compare? • How can you measure your breach security against the industry? 5
  6. 6. Intel Health & Life Sciences | Make it Personal Breach Security Capabilities Maturity Model Improved Breach Security, Usability, Cost, IT Operations Enhanced + Device control + Penetration testing / vulnerability scan + Client Solid State Drive (encrypted) + Endpoint Data Loss Prevention + Network Data Loss Prevention (monitoring, capture) + Anti-theft: remote locate, lock, wipe + Multi-factor authentication w timeout + Secure remote administration + Policy based encryption for files and folders + Server / database / backup encryption + Network segmentation + Network Intrusion Prevention System + Business associate agreements + Virtualization Advanced + Server Solid State Drive (encrypted) + Network Data Loss Prevention (prevention) + Database activity monitoring + Digital forensics + Security Information and Event Management + Threat intelligence + Multi-factor authentication with walk- away lock + Client Application Whitelisting + Server Application Whitelisting + De-identification / anonymization + Tokenization + Business Continuity and Disaster Recovery Baseline + Policy + Risk assessment + Audit and compliance + User training + Endpoint device encryption + Mobile device management + Data Loss Prevention (discovery) + Anti-malware + IAM, Single factor access control + Firewall + Email gateway + Web gateway + Vulnerability management, patching + Security incident response plan + Secure Disposal + Backup and Restore 6
  7. 7. 7© Cloudera, Inc. All rights reserved. | | POLLING QUESTION – TO USE READYTALK’S POLLING FEATURE What type of breach are you most concerned about? · Ransomware · Cybercrime Hacking · Loss or Theft of Mobile Device or Media · Insider Accidents or Workarounds · Business Associates · Malicious Insiders or Fraud · Insider Snooping · Improper Disposal
  8. 8. Intel Health & Life Sciences | Make it Personal HLS Breach Security Priorities Global Industry Report 8 • Priorities / levels of concern across 8 types of breaches, including ransomware • Roughly mirrors allocation of resources and budget to mitigate risks • Statistics on readiness of organizations for each type of breach • Percentage of relevant security capabilities implemented Intel.com/BreachSecurity
  9. 9. Intel Health & Life Sciences | Make it Personal HLS Breach Security Capabilities Global Industry Report 9 • 42 security capabilities • Administrative, physical and technical safeguards • Percentage of capability implemented across Health & Life Sciences organizations assessed Intel.com/BreachSecurity
  10. 10. Intel Health & Life Sciences | Make it Personal Security Incident Response Plan Global Health & Life Sciences Results Plans in place covering what do to in the event of a suspected data security incident or breach. 10
  11. 11. Intel Health & Life Sciences | Make it Personal Threat Intelligence Global Health & Life Sciences Results • Acquisition and sharing of threats, vulnerabilities • Reputation • Static or dynamic analysis • Behavioral analytics 11
  12. 12. Intel Health & Life Sciences | Make it Personal Digital Forensics Global Health & Life Sciences Results Ability to conduct forensic analysis of IT infrastructure, often in the event of a suspected security incident, to detect unauthorized access to sensitive patient information and establish whether breach occurred and if so characteristics such as timing and extent. 12
  13. 13. Intel Health & Life Sciences | Make it Personal Intel Confidential – Do Not Forward Hardware Enhanced Security 13 Security Software General Purpose Hardware Separate Security Hardware Security Software Core Security Logic General Purpose Hardware Core Security Logic Core Security Logic Trend Performance, Robustness, Usability, Cost Better Time Improved usability Hardened Reduced Cost Across the compute continuum
  14. 14. 14© Cloudera, Inc. All rights reserved. | | Industry Overview
  15. 15. 15© Cloudera, Inc. All rights reserved. | | POLLING QUESTIONS – TO USE READYTALK’S POLLING FEATURE ARE YOU CONFIDENT THAT YOUR SIEM IS PROVIDING YOU WITH ALL THE FLEXIBILITY AND FUNCTIONALITY YOR CYBERSECURITY ANALYTIS TEAM NEEDS TO DEFEND YOUR ENTERPRISE? -YES IT IS SUFFICIENT FOR OUR NEEDS -I DON’T KNOW ENOUGH ABOUT OUR NEEDS TO MAKE THAT DECISION NO, WE DON’T KNOW IT ISN”T THE LONG TERM PLATFORM FOR OUR ORGANIZATION Is your organization considering any of the following projects/tools/solutions to improve visibility and security analytics across your enterprise: - User/Entity Behaviors Analytics - Network Behavior Analytics - Big Data Security Analytics Platform
  16. 16. 16© Cloudera, Inc. All rights reserved. The environment has changed… Hackers are more sophisticated Attacks are more frequent The world is hyper connected
  17. 17. 17© Cloudera, Inc. All rights reserved. …but systems have not. The environment has changed… Only detect known threats Old world data security is hard to manage Explosion in number of touch points
  18. 18. 18© Cloudera, Inc. All rights reserved. Legacy Cyber Solutions (TBs) Aggregated Events Raw System Logs Network Flows/ DNS Full Packet Capture Video, Text, Images User Data Data Types (MBs>PBs) Search Correlations SQL Machine Learning Advanced Statistics 1 10 20 40 Time (Months) 3 1 Market Trends: User and Entity Behavior Analytics (UEBA) Expand Their Market Reach – Gartner April 2016 18 Traditional solutions struggle to keep up…
  19. 19. 19© Cloudera, Inc. All rights reserved. Discovering unknown threats with advanced analytics (machine learning) is impossible on traditional systems Status quo can’t keep pace with the threats we face Storing, processing, and analyzing 100s of billions of events is not economically or technical feasible today Integrating cross applications data for context and new analytics is not trivial Network Endpoint User Analytics Challenge Scale Challenge Silo Challenge Time Events TrillionsBillionsMillions
  20. 20. 20© Cloudera, Inc. All rights reserved. NetworkUser Endpoint LogsApplication File Context 2 Siloed data and applications limit visibility, weaken analytics and extend the time to detect incidents.
  21. 21. 21© Cloudera, Inc. All rights reserved. Legacy Cyber Solutions (TBs) Aggregated Events Raw System Logs Networ k Flows/ DNS Full Packet Capture Video, Text, Images User Data Data Types (MBs>PBs) Search Correlations SQL Machine Learning Advanced Statistics 1 10 20 40 Time (Months) 3 Cloudera’s Hadoop Based Cybersecurity Solutions (PB) • Gartner named Cloudera Non-Security-Specific Analytics Vendors to Watch1 • 60% of UEBA Vendors to Watch use CDH1 • 25% of Network Traffic Analysis Vendors to Watch use CDH1 Powering the next generation of cybersecurity analytics 1 Market Trends: User and Entity Behavior Analytics (UEBA) Expand Their Market Reach – Gartner April 2016
  22. 22. 22© Cloudera, Inc. All rights reserved. Cyber threats change. Keep one thing constant, Cloudera. Custom Open Data Model Open Data Model Enterprise Data Hub Packaged
  23. 23. Niara Behavioral Analytics Karthik Krishnan VP Product Line Management
  24. 24. 24© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential THE PROBLEM PREVENTION & DETECTION NOT ENOUGH INCREASINGLY PORUS MONITORING SYSTEMS FALLING SHORT CANNOT DETECT UNKNOWN THREATS AND UNABLE TO SCALE +
  25. 25. 25© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential THREAT INTELLIGENCE VS. SECURITY ANALYTICS • Crowdsourced Indicators of Compromise (IOC) • Signatures, Rules, Blacklists • Curated feeds to more rapidly respond to latest threats • Machine learning driven • For advanced, unknown threats that don’t have a signature, rule or blacklist • Examples are compromised credentials, negligent insiders
  26. 26. 26© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential AUTOMATED DETECTION OF THREATS INSIDE THE ORGANIZATION Compromised Users & Hosts Negligent Employees Malicious Insiders ATTACKS AND RISKY BEHAVIORS on the inside
  27. 27. 27© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential BASICS OF BEHAVIORAL ANALYTICS ABNORMAL INTERNAL RESOURCE ACCESS Behavioral Analytics UNSUPERVISED + SEMI-SUPERVISED HISTORICAL + PEER GROUP MACHINE LEARNING BASELINES
  28. 28. 28© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential FINDING THE MALICIOUS IN THE ANOMALOUS Behavioral Analytics SUSPICIOUS FILE DOWNLOAD ANOMALOUS DNS REQUEST UNUSUAL PRIVILEGE ESCALATION ABNORMAL INTERNAL RESOURCE ACCESS IRREGULAR EXTERNAL DATA UPLOAD SUPERVISED MACHINE LEARNING DLP Sandbox Firewalls STIX Rules Etc. THIRD PARTY ALERTS
  29. 29. 29© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential ENTITY360™ SECURITY DOSSIER
  30. 30. 30© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential BEHAVIORAL ANALYTICS ACROSS MULTIPLE DIMENSIONS
  31. 31. 31© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential MODEL CONFIDENCE AND BUSINESS IMPACT Business Impact Model Confidence
  32. 32. 32© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential FORCE MULTIPLIER FOR SECURITY ANALYSTS Consolidated Data Access Rapid Decision-Making and Action “Have I seen this before?” BREAKTHROUGH ROI for Incident Investigation and Threat Hunting
  33. 33. 33© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential ACCELERATED INVESTIGATION AND RESPONSE Behavioral Analytics
  34. 34. 34© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential UBA INCIDENT RESPONSE ROI
  35. 35. 35© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential SOLUTION AT A GLANCE Console / Workflow SIEM/LOGGING PACKET BROKER NETWORK TRAFFIC PACKETS FLOWS IDENTITY INFASTRUCTURE Logs SaaS laaS ALERTS AD, DHCP DNS, Firewall, Proxy, VPN, Email, DLP Endpoint, Network, STIX ANALYZER ENTITY360 ANALYTICS FORENSICS DATA FUSION BIG DATA Spark/Hadoop Box, Office360 AWS, Azure
  36. 36. 36© 2016 Niara Inc. All Rights reserved.Proprietary and Confidential • Founded 2013 • Focused on solving two key problems • Detecting attacks that have co-opted legitimate credentials • Reducing the time and effort required to understand and respond to attacks • Enabling technologies • Big Data: Spark/Hadoop • Artificial Intelligence: Machine Learning NIARA OVERVIEW
  37. 37. 37© Cloudera, Inc. All rights reserved. | | Interested in learning more?
  38. 38. Intel Health & Life Sciences | Make it Personal Invitation • Join us: Breach Security Benchmark • Analyze your breach security – Maturity level, priorities, capabilities – Compared to healthcare industry – Possible over / under prioritization – Gaps, areas lagging the industry, and relative vulnerabilities • A tool you can use to help rally support to address gaps • 1 hour, confidential, complementary • Conducted by Intel or industry partner 38 Find our more and see an example report at Intel.com/BreachSecurity Contact BreachSecurity@Intel.com
  39. 39. 39© Cloudera, Inc. All rights reserved. | | Contact our experts Schedule a discovery session with our experts Discuss how Niara, Cloudera and Intel can work with you Rocky DeStefano rocky@cloudera.com Karthik Krishnan karthik@niara.com David Houlding david.houlding@intel.com
  40. 40. 40© Cloudera, Inc. All rights reserved. | | Thank You
  41. 41. Intel Health & Life Sciences | Make it Personal Legal Disclaimers Intel® vPro™ Technology: Intel® vPro™ Technology requires setup and activation by a knowledgeable IT administrator. Availability of features and results will depend upon the setup and configuration of your hardware, software and IT environment. Learn more at: http://www.intel.com/technology/vpro. Intel® Active Management Technology (Intel® AMT): Intel® AMT should be used by a knowledgeable IT administrator and requires enabled systems, software, activation, and connection to a corporate network. Intel AMT functionality on mobile systems may be limited in some situations. Your results will depend on your specific implementation. Learn more by visiting Intel® Active Management Technology. Intel® Data Protection Technology: No computer system can be absolutely secure. Requires an enabled Intel® processor, system and software designed to use the technology. Check with your manufacturer or retailer. Intel® Data Protection Technology with AES-NI and Secure Key Intel® Identity Protection Technology (Intel® IPT): No computer system can be absolutely secure. Intel® IPT requires an enabled system, including a processor, chipset, firmware, software, and (in some cases) integrated graphics, and participating website or service. Intel does not assume any liability for lost or stolen data or systems or any other damages. Check with your manufacturer or retailer for more information. Learn more at http://ipt.intel.com/. SSD Pro: No computer system can provide absolute security under all conditions. Built-in security features available on select Intel® Solid State Drives may require additional software, hardware, services and/or an Internet connection. Results may vary depending upon configuration. Consult your system manufacturer for more details. ©2014, Intel Corporation. All rights reserved. Intel and the Intel logo are trademarks of Intel Corporation in the US and/or other countries. OK for Non-NDA Disclosure * Other names and brands may be claimed as the property of others. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. 41

×