SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Transcription

1 SOLUTION BRIEF Next Generation APT Defense for Healthcare

2 Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their health records and financial payment information present a great opportunity for cyber hackers to profit. As more high-target industries enhance their security posture, the healthcare sector has increasingly become a primary victim for cyber criminals. Cyber actors will likely increase cyber intrusions against health care systems to include medical devices due to mandatory transition from paper to electronic health records (EHR), lax cybersecurity standards, and a higher financial payout for medical records in the black market. Private Industry Notification from FBI Financial institutions were the first targets of cyber attackers. As that industry became more aware of the problem and instituted a more advanced security posture, cyber hackers shifted focus to the retail sector, as evident from the mega data breaches of past years in the retail sector. Now cyber hackers have set sight on the healthcare industry. As per the 2014 breach level index website, healthcare was the leading target of APT attacks during the first nine months of In order to defend against cyber attacks, healthcare organizations face additional challenges, which necessitate specific requirements. Cyphort provides the foundation of an enhanced security posture with the use of a next generation APT defense system for healthcare organizations. Healthcare Cyber Security Challenges Balancing compliance and advanced security needs Due to heavy regulations, much of healthcare IT resources and budget is aimed at maintaining compliance. While it improves security posture somewhat, compliance only satisfies a very small subset of cyber security needs. In addition, compliance directives typically lag behind the leading edge of cyber defense technologies and procedures, which are required to deal with increasingly sophisticated cyber attacks, Budget and resources Healthcare priorities for budget and IT resources focus on a system required to saves lives. Between managing state of the art equipment, providing excellent customer service, and 2

3 keeping up with regulatory compliance, limited resources and budget remain for allocation to cyber security enhancements. Good enough works only until the organization becomes a victim of an attack when the imperative of an advanced security posture becomes clear. Distributed organizations with complex topology Most healthcare organizations are large and far-reaching. While some are global, others are distributed within the same campus, across buildings with multiple direct Internet access links to secure. The many mergers and acquisitions healthcare has experienced in recent years intensifies the complexity of securing an organization s network architecture by adding a sprawling number of locations, variety of network perimeter service providers, legacy security policies and inconsistent device configurations. When budget and resources fall thin, security teams have to make compromises about which locations, buildings or assets they must protect. This leaves some areas exposed and increases the level of risk to the organization. BYOD and Mobility In an expansive healthcare network, a myriad of devices, users and applications flourish as part of day-to-day operations. Threat defense across mobile systems requires protection for variations in operating systems (i.e. Windows, Mac OSX, Android) while minimizing the number of solutions required. Cyphort Next Generation APT Defense Cyphort offers a next generation APT defense solution that evolves as the threats change and provides a single pane of glass for threat visibility across the perimeter and internal networks. Cyphort eliminates red herrings, reduces time to remediation and deploys across the organization s global infrastructure quickly as a flexible virtual appliances. Cyphort Highlights Single Pane of Glass Correlating All APT Activity Cyphort monitors threat activity at the perimeter of the network, as well as inside the network s trusted segments, to provide correlated threat visibility. The Cyphort solution 3

4 combines behavior analysis detection with network anomalies detection to provide a consolidated threat view across geographies, applications (web, , file sharing) and devices (Windows, Mac OSX and Android) on an organization s network. Detection That Evolves With Threats Cyphort utilizes a machine learning analytics engine that learns and evolves as it encounters new threats. Additionally, a behavioral inspection environment consisting of an adaptive array of sandboxes ensures that highly evasive malware displays its behavior and true intent for effective detection. Custom golden image based sandbox environments add relevance and context to detection in order to properly identify the risk level posed by the threats targeting the organization. Alert Overload Elimination Cyphort dramatically reduces false positives and suppresses the noise from irrelevant threats while providing clarity into the prioritized APT incidents that really need to be investigated, contained and remediated. To arrive at risk-based prioritization, accurate threat detection is combined with the knowledge of threat intent, target value, cyber kill-chain progression and security posture of the target. Deployment Versatility The Cyphort solution is cost-effectively and quickly deployed in single locations, across large distributed enterprises networks and/or in virtualized cloud environments for ultimate flexibility and scalability. Cyphort is delivered as a software-based appliance or as a VM that can be installed on general-purpose hardware, virtual machines and cloud environments. An open API enables easy integration with your existing security infrastructure to provide rapid incident response and threat containment. 4

5 What Makes Cyphort Different Single pane of glass threat visibility and correlation across perimeter and internal networks Advanced threat defense with combined behavior, network anomalies and signature-based (IDS) detection Adaptive sandbox array and machine learning analytics detection that evolves with threats Integrated platform for Windows, Mac OSX and Android bound malware across web, and file sharing protocols Contextual business risk quantification for prioritization Golden image sandbox for contextual detection Endpoint infection verification Automated threat containment Data exfiltration detection Flexible deployment as VM, software or hardware How Cyphort Helps Address Healthcare Specific Challenges? Challenge: Balancing compliance with advanced security needs Cyphort: Cyphort solution helps healthcare organizations incorporate advance threat detection and improve security posture within their compliance portfolio. Built-in intrusion detection allows customers to implement a solution that will help meet compliance requirements, improve overall security posture and stay within their cyber security budget. Challenge: Budget and Resources Cyphort: Cyphort s bandwidth-based pricing combined with its risk based threat prioritization lowers requirements for both capital expenditure and soft costs associated with manual resources for incident response. Challenge: Distributed organizations and complex topology Cyphort: Cyphort s solution is architected to provide complete coverage in highly distributed networks. With a flexible hardware, software, VM or cloud-based deployment Cyphort makes it easy to secure all locations making it easy to secure all locations. Challenge: BYOD and Mobility Cyphort: Cyphort offers integrated support for Windows, Mac OSX and Android combined with multi-vector support for web, and file sharing born malware. Cyphort is the next generation APT defense solution for Enterprise organizations. Cyphort provides a single pane of glass across perimeter and laterally moving threats, correlates threat signals before and after an incident, while eliminating noise from false alerts and red herrings. Cyphort has leveraged the power of machine learning and data science to build a next generation threat detection engine that evolves ahead of the threats. A virtualized deployment model combined with open API based integration allows customers to address APT security gaps across global locations while leveraging their existing investments in perimeter and endpoint security for threat defense. Cyphort is a privately held company headquartered in Santa Clara, California. For more information, please visit and follow CYPHORT, Inc Great America Pkwy Suite 225 Santa Clara, CA P: (408) F: (408) Cyphort, Inc. All Rights Reserved.