Transcript Document

SECURING INTERNET OF MEDICAL THINGS
Manish Rai
VP Marketing
December 2nd, 2016
INTERNET OF MEDICAL THINGS (IoMT): $163B BY 2020, 38% CAGR
• 10-15 Device per Bed
• ~50% Networked
Source: Markets and Markets, Oct 2015
2
HEALTHCARE CONTINUES TO BE THE TOP TARGET FOR CRIMINALS
A Glimpse into the Numbers
72%
Malicious traffic targeted
at Healthcare Providers
40% YoY Increase in
Healthcare Cyber
Attacks
81% of healthcare providers have
revealed one or more systems have
been compromised
Source: KPMG 2015 Healthcare Survey
3
RESEARCHES HAVE BEEN HIGHLIGHTING IoMT VULNERABILITIES
MRI Device Hacked to Access Patient Information
Researcher “was able to hack into the hospital's network with ease – and permission
– after finding vulnerable medical devices listed on Shodan.”-International Business
Times, Feb 15 2006
Infusion Pump Hacked to Administer Fatal Drug Dose
Security Professionals “showed how easy it is for hackers to take control of a hospital drug
infusion pump by overwriting the device’s firmware with malicious software. The hack would
allow someone to remotely administer a fatal drug dose to patients.”
Aug 12, 2015
4
REASONS FOR IoMT VULNERABILITIES
•
•
•
•
•
•
•
7-8 year device development life cycle
Devices built for patient safely not security
Use of outdated OS with known vulnerabilities
Ltd or no patching capability
No support for 3rd party security agent
Till recently, limited regulatory focus on security
Unencrypted communication
Attackers are infecting medical devices with malware and then moving laterally through
hospital networks to steal confidential data, according to TrapX’s MEDJACK report. (2015)
5
2016 HIMSS Cybersecurity Survey: Greatest Areas of Vulnerabilities
Top 5 Greatest Areas of Vulnerabilities (1-7 on a Likert-type scale)
1. E-mail (5.00 acute, 5.30 non-acute)
2. Mobile devices (4.81 acute, 4.72 non-acute)
3. Internet of Things (4.79 acute, 3.56 non-acute)
4. Other End User Devices (4.42 acute, 4.30 non-acute)
5. Network (4.17 acute, 4.07 non-acute)
6
2016 HIMSS Cybersecurity Survey: Information Security Tools
Low Rates of Implementation:
1. Network monitoring tools (54.6% acute, 45.2% non-acute)
2. Mobile device management (56.3% acute, 35.5% non-acute)
3. Intrusion detection system (57.1% acute, 41.9% non-acute)
4. Intrusion prevention system (49.6% acute, 41.9% non-acute)
5. Data loss prevention (38.7% acute, 25.8% non-acute)
7
IoMT SECURITY FRAMEWORK
Determine
Scope
• Inventory IoMT Device
• Determine Vulnerabilities
• Categorize Based on Risk
Identify Gaps
& Update
Processes
• Procurement
• Deployment
• Monitoring
• Migration Plan
8
IoMT SECURITY FRAMEWORK: IDENTIFY SCOPE
!
Inventory type, usage and location of each medical device
!
Determine know vulnerabilities in each device type (OS, patching, default settings, etc.)
!
Score Device Risk Based on type, use, location and data transmitted
#1 Inventory of Authorized and
Unauthorized Devices
9
IoMT SECURITY FRAMEWORK: IDENTIFY GAPS & UPDATE PROCESSES
• Procurement: Collaboration between IT & Biomedical
• Add security assessment as a key criterion
• Deployment: Segmenting devices based on risk
• Monitoring: Process continuous monitoring and assessment
• Migration Plan: Process of replacing high risk devices
According to SANS Institute, 50% + of
incident response takes over 3 hours
per endpoint.
- 2016 Endpoint Security Report
10
GREAT BAY SOFTWARE: COMPANY SNAPSHOT
10+
$1B+
100%
20MM+
Years Experience Securing
Enterprises
Beacon Product Suite
5th Generation
Investment Fund Backed
200+ Customer Installations
Implementation Success Rate
Subscription Pricing Model
Devices Secured
Experienced Management Team
11
GREAT BAY VISION
SEE
Visibility
Monitoring
• Real-time Discovery
• Comprehensive Profiling
• Every Network
• Identity
• Behavior
• Location
IoT /
Biomedical
Device
Connection
Security
Enforcement
Onboarding
• Alert
• Quarantine
• Block
• Authenticate Device
• Onboard Automatically
• Segment
ACT
12
ENHANCED SECURITY, MANAGEMENT & OPERATIONS
Security
DNS & DHCP
NAC
ATD
EPP/EDR
SNMP Traps &
Polls, IP Helper
Wireless
Controllers
IoT and
Biomedical Device
Warehouse of
Context
IoT Gateway
NetFlow / JFlow
Port Mirroring /
SPAN
MDM
Management
Asset
Management
Active Directory &
Radius Accounting
Integrations:
MDM, NAC, etc.
Ingests and Correlate Hundreds of
Endpoint Attributes from Dozens
of Data Sources
Operations
Security Ops
Industry’s Most Accurate Artificial Intelligence Expert SystemBased Profiling Engine Leverages 1,400+ Pre-Built Device Profile
13
UNIQUE ARTIFICIAL INTELLIGENCE EXPERT SYSTEM-BASED BEHAVIOR MONITORING
Detects and Flags Unusual Changes in Identity, Location and Behavior
Identity
Location
Behavior
Detect
 Network Intrusion
9100, 515, 80, 443
New York
 MAC Spoofing
 Rouge AP
 Rouge Device
San Francisco
FTP (21) SSH (22), Telnet (23)
 Vulnerable Devices
 Unauthorized Access
Only Vendor with Device (not User)
Centric Behavior Monitoring
Prepares you for Estimated 25% of
Breached Expected to Involve
IoT/Unmanaged Devices by 2020
14
CASE STUDY
Problem:
Securing Medical and Unmanageable Devices
Solution:
Beacon Endpoint Profiler
• Real-time identification of 100% of the medical and unmanaged devices
• Automatically on-boards the device by establishing profile-based trust
• Accelerate incident response by pinpointing the exact real-time location of the device
Result:
•
•
•
•
7,600 endpoints authenticated (100% of medical and unmanaged devices)
Savings of 2 FTEs
Real time device visibility and behavior monitoring
Regulatory Compliance (HIPPA, PCI)
15
Questions?
Manish Rai
VP of Marketing
Great Bay Software
[email protected]
16