For many that work in cybersecurity, they often feel like they never have enough tools, according to Steve Swansbrough. Yet the mass business migration to the cloud is requiring security pros to rethink their security stacks and perhaps, eliminate some of those “monolithic” technologies.
The cloud has changed things to the extent the tools required to ensure security today are “a complete 180 from tools in the past.” His comments came as part of a presentation he provided during a webinar about solving intrusion detection and prevention solution (IDPS) challenges in healthcare.
Mr. Swansbrough, who is a 20-year veteran of the industry and has manage cybersecurity for some of the biggest names in healthcare, walked attendees through a four-part session including:
- Current security challenges in healthcare;
- Typical environment and security stack;
- Impact of the cloud on cybersecurity; and
- The effects this will have on IDPS and future security.
A recording of the webinar is available for viewing and here are some takeaways we gleaned from his presentation and thought were useful to share.
1) Healthcare security struggles to get visibility.
Protected zones, segments and encrypted data means cybersecurity in healthcare struggles to get complete visibility into the infrastructure. This is accentuated by the rise of shadow IT and generally uninformed users. Historically, email and phishing have been the predominant method to initiate an attack. In addition, new research published after the webinar shows more than one-quarter of employees still fall for phishing schemes.
2) IT environments in healthcare are complex.
The complexity stems from organic growth and by acquisition. M&A and consolidation in healthcare in the last 12 months was heavy and the pace shows no signs of slowing this year. As a result, security is faced with finding ways to protect an eclectic mix of federated IT environments that often span across international borders, and therefore varying regulations.
3) Security tools and policy as part of the business integration.
It’s not just the IT environments that complicate business integration post-merger, but also the security tools and policies. Certainly, you’ll have a multi-vendor stack of security tools that will need to be reviewed for compatibility and overlap, but who is responsible is also an important consideration, according to Mr. Swansbrough. For example, sometimes a wholly owned subsidiary retains the right to remain self-managed as part of an acquisition deal. In such cases, security needs to audit existing controls and have means to ensure those controls are maintained.
Also see these related posts:
New Vulnerability? Begin Change Management to Patch and Start Monitoring for Exploits Layers of Cybersecurity: Signature Detection vs. Network Behavioral Analysis
Threat Hunting is an Imperative Despite Challenges in Definitions, Data and Skills
4) DevOps and the challenge of security vs. efficacy.
Large healthcare organizations typically have teams of developers building or improving applications for the business. Often these teams work in cloud environments because it provides the means to standup simulated test environments quickly. Security is continuously challenged to provide the flexibility they need to get the work done while also ensuring high standards.
5) The typical healthcare security stack.
The webinar provides a useful diagram of the typical security stack in healthcare, which Mr. Swansbrough describes as having these key elements:
- Packet broker or deep packet inspection;
- Intrusion detection system (IDS) or intrusion prevention system (IPS);
- Data loss prevention (DLP) solution;
- Malware analysis tool;
The move to the cloud is substantially changing the needs for the tools in this stack – and perhaps the design of the stack itself.
6) Impact of the cloud on cybersecurity tools.
The cloud is having a “downtrace impact” on security, he noted. Network authentication increasingly requires both device and the user to authenticate, which is being modified by cloud tools.
This is a fundamental change to the very factors that have traditionally driven the design and architecture of security tools. Today, cybersecurity needs to tools to be integrated as part of the “network fabric” as the enterprise moves to the cloud. New security tools will need API capabilities – to share data, enrich alerts and support a unified threat platform.
7) Balancing the cybersecurity budget.
Mr. Swansbrough previously indicated that budget constraints were a top cyberthreat in security. In part, this is because tools are expensive and he noted one way to address this is for security professionals to be “both strategic and tactical” in their choices
He suggests security professionals explore the following budget saving options:
- Deduplicating tools – you probably don’t need multiple SEIMs for example;
- Reviewing lower cost but suitable alternatives – the upper right-hand corner of the “magic quadrant” might mean you are paying for features you’ll never use; and
- Considering open source options – which often do not have the licensing fees and are supported by a community and ecosystem.
* * *
The full webinar runs just over 30 minutes and is well worth a listen. You can find the recording here: Solving intrusion detection and prevention solution challenges in healthcare.
If you enjoyed this post, you might also like:
IDS is Dead! Long Live IDS! An Analyst Prediction from 2003 Remains Relevant