Trend Micro Healthcare Compliance Solutions

Similar documents
End-user Security Analytics Strengthens Protection with ArcSight

Did you know your security solution can help with PCI compliance too?

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

74% 96 Action Items. Compliance

Cyber Security Solutions:

Quick Heal Exchange Protection 4.0

Trend Micro Solutions for PCI DSS Compliance

AVG AntiVirus. How does this benefit you?

Trend Micro Hosted Security Stop Spam. Save Time.

Top tips for improved network security

Stop Spam. Save Time.

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Trend Micro Healthcare Compliance Solutions

Achieving PCI-Compliance through Cyberoam

Introduction: 1. Daily 360 Website Scanning for Malware

isheriff CLOUD SECURITY

Introduction. PCI DSS Overview

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

Configuration Information

Best Practices for Deploying Behavior Monitoring and Device Control

2012 Endpoint Security Best Practices Survey

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

INFORMATION PROTECTED

How To Achieve Pca Compliance With Redhat Enterprise Linux

The Education Fellowship Finance Centralisation IT Security Strategy

Trend Micro Encryption (TMEE) Delivering Secure . Veli-Pekka Kusmin Pre-Sales Engineer

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

How To Protect Your Cloud From Attack

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

HIPAA Compliance Evaluation Report

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Mailwall Remote Features Tour Datasheet

Trend Micro Hosted Security Stop Spam. Save Time.

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

Driving Company Security is Challenging. Centralized Management Makes it Simple.

V1.4. Spambrella Continuity SaaS. August 2

PCI Data Security Standards

Get Started Guide - PC Tools Internet Security

Trend Micro. Advanced Security Built for the Cloud

IBM Endpoint Manager for Core Protection

Endpoint Protection Small Business Edition 2013?

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

OVERVIEW. Enterprise Security Solutions

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

PCI Compliance. Top 10 Questions & Answers

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed Web security

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Security Considerations

GFI White Paper PCI-DSS compliance and GFI Software products

Trend Micro Enterprise Security For the Healthcare Industry

Setting up Microsoft Office 365

Worry-Free TM Remote Manager TM 1

Putting Web Threat Protection and Content Filtering in the Cloud

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

MESSAGING SECURITY GATEWAY. Detect attacks before they enter your network

Top five strategies for combating modern threats Is anti-virus dead?

Global Partner Management Notice

Secure Messaging Service

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Unified Threat Management, Managed Security, and the Cloud Services Model

Building a Business Case:

Cloud Computing Thunder and Lightning on Your Horizon?

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Symantec Hosted Mail Security Getting Started Guide

+ web + DLP. Secure 1, 2, or all 3 with one powerful solution. The best security you can get for one or for all.

Trend Micro OfficeScan Best Practice Guide for Malware

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Symantec Mobile Security

PCI Compliance for Cloud Applications

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

IT Security & Compliance. On Time. On Budget. On Demand.

INSTANT MESSAGING SECURITY

Lot 1 Service Specification MANAGED SECURITY SERVICES

The Impact of HIPAA and HITECH

Transcription:

How Trend Micro s innovative security solutions help healthcare organizations address risk and compliance challenges WHITE Worry-Free Business Security Fast, effective, and simple protection against viruses and cybercriminals so you can focus on your patients instead of worrying about Internet security.

Overview of Features Worry-Free Business Security is a comprehensive security solution for small organizations and practices, providing anti-virus, anti-spyware, web filtering, and data loss prevention via USB devices and email. Worry-Free Business Security is made from the DNA of Trend Micro s large enterprise solutions, scaled and simplified for small organization needs. Worry-Free Business Security leverages Trend Micro s Smart Protection Network which uses global threat sensors and in-depth data analysis to identify and block viruses, spyware, spam, and other web threats before they reach your organization s machines without impacting computing resources. Antivirus, Anti-spyware, and Web Filtering New viruses or variants on viruses are published every second. In 2010, there were on average over 54,000 1 new viruses or variants released every day! While there are many vectors for propagating a virus to infect new machines, generally the most common are via the web or via an attachment in email. Both are simple and efficient, spreading the malicious software quickly by relying on the lack of awareness by a user. By leveraging Trend Micro s Smart Protection Network, Worry-Free Business Security can evaluate the reputation of an email sender or a webpage URL. This technology, which is the only solution capable of this, can block a webpage that has malicious content on it be it from an email or navigating directly to it via a web browser, block the email of known spammers, and analyze file attachments to protect against malicious files sent from known individuals a common means of spreading viruses or other malware. Because everything is performed in the cloud, before an email even reaches a user s machine, there is negligible impact to the user and the solution is always up-to-date. Desktop URL filtering provides an added layer of protection, allowing an organization to restrict the ability of its employees from gaining unprotected access to personal, web-based email like Yahoo or Google, social media sites like Facebook, or generally non-business related and known malicious sites. This not only reduces the likelihood of threats infecting machines, but prevents data leakage through non-company managed communication systems and enables productivity management of employees by limiting web access to only those sites required for an individual s job function. Data Loss Prevention An individual in a healthcare setting who is attempting to send data outside of the organization in an unprotected manner, be it authorized or unauthorized, he/she is likely to first attempt to send the information via company email, then personal email via the web, and finally via a USB drive. These most common vectors should be protected, either requiring encryption or blocking the transmission medium completely. With Worry-Free Business Security, outbound email can be scanned and analyzed to identify and block sensitive information. This could be information like credit cards, social security numbers, member ID, or other specific words or alpha numeric codes setup by the organization. In the case of attached devices, any connections over USB can be blocked or controlled to minimize the risk of data loss on a mobile device. Looking back to the HHS data, nearly 16% of 1 AV-Test s Malware Repository (Collection) Statistics, www.avtest.org 2

breaches experienced involved removable media like a USB drive. With Worry-Free Business Security, users can be setup in groups to restrict their ability to read or write to a device, or to completely block USB ports all together. Worry-Free Business Security also blocks the auto-run utility of Windows, which automatically searches for and runs an.exe or setup file on a device and is a common means of propagating viruses through laptops. Management Worry-Free Business Security is deployed with a centralized management console. The console provides a simple stoplight dashboard (i.e., red, yellow, green) of the solution, environment, and threats to the organization s environment. With the system, the dashboard provides visibility into patching and whether the system and its security are up-to-date, groups setup for USB management, and policies and keywords for email data loss. With threats, the dashboard provides information on if there is an infection, sites and URLs blocked, and emails blocked. These kinds of metrics are critical for exhibiting security maturity and meeting common requirements like HIPAA and Meaningful Use. Deployment The Worry-Free Business Security family of products are designed for small organizations and practices. Because of this, a simple, cost-effective way to deploy the solution and a majority of the features discussed above is through a software as a service (SaaS) model hosted by Trend Micro. This includes a web-based management console, virus protection, and web filtering. More robust on-premise solutions are available as well. These require a Windows server. Because the solution is local and more integrated into the machines within the environment, device control and outbound email filtering are included. 3

Integrating into a Healthcare Environment 4

COMPLIANCE MAPPING Product Feature: Antivirus HITRUST CSF 2011 Control Reference HIPAA Security Rule HITECH Breach Notification PCI DSS v2 495.6 (Stage 1) Meaningful Use Stage 1 Measure 01.v Information Access Restriction - Level 2 01.y Teleworking - Level 1 09.j Controls Against Malicious Code - Level 1 / 2 09.k Controls Against Mobile Code - Level 1 / 2 09.s Information Exchange Policies and Procedures - Level 1 (a)(5)(ii)(b) Protection from malicious software (Addressable) Regulation not covered 5.1.1 Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software 5.2 Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs (d)(15)(ii) / (f)(14)(ii) Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of the EP s, eligible hospital s or CAH s risk management process 5

COMPLIANCE MAPPING Product Feature: Anti-spam HITRUST CSF 2011 Control Reference HIPAA Security Rule HITECH Breach Notification PCI DSS v2 495.6 (Stage 1) Meaningful Use Stage 1 Measure 09.j Controls Against Malicious Code - Level 2 (a)(5)(ii)(b) Protection from malicious software (Addressable) Regulation not covered 5.1.1 Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software 5.2 Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs (d)(15)(ii) / (f)(14)(ii) Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of the EP s, eligible hospital s or CAH s risk management process 6

COMPLIANCE MAPPING Product Feature: Web Filtering HITRUST CSF 2011 Control Reference HIPAA Security Rule HITECH Breach Notification PCI DSS v2 495.6 (Stage 1) Meaningful Use Stage 1 Measure 06.e Prevention of Misuse of Information Assets - Level 1 09.j Controls Against Malicious Code - Level 1 / 2 09.k Controls Against Mobile Code - Level 1 / 2 (a)(5)(ii)(b) Protection from malicious software (Addressable) Regulation not covered 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment 5.1.1 Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software 5.2 Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs (d)(15)(ii) / (f)(14)(ii) Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of the EP s, eligible hospital s or CAH s risk management process 7

COMPLIANCE MAPPING Product Feature: Email Data Loss Prevention HITRUST CSF 2011 Control Reference HIPAA Security Rule HITECH Breach Notification PCI DSS v2 495.6 (Stage 1) Meaningful Use Stage 1 Measure 09.s Information Exchange Policies and Procedures - Level 1 09.v Electronic Messaging - Level 1 (e)(1) Transmission Security Regulation not covered 4.2 Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.) (d)(15)(ii) / (f)(14)(ii) Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of the EP s, eligible hospital s or CAH s risk management process 8

COMPLIANCE MAPPING Product Feature: Device Control HITRUST CSF 2011 Control Reference HIPAA Security Rule HITECH Breach Notification PCI DSS v2 495.6 (Stage 1) Meaningful Use Stage 1 Measure 07.c Acceptable Use of Assets - Level 1 08.k Security of Equipment Off-Premises - Level 1 09.o Management of Removable Media - Level 1 / 2 / 3 09.q Information Handling Procedures - Level 1 / 2 (d)(1) Receipt and Removal Regulation not covered 9.8 Ensure management approves any and all media that is moved from a secured area (especially when media is distributed to individuals). (d)(15)(ii) / (f)(14)(ii) Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of the EP s, eligible hospital s or CAH s risk management process 9

Future Trends Looking forward, Trend Micro has two primary objectives for Worry-Free Business Security: 1. Continue to enhance the simplicity in deployment and management 2. Build upon existing features, enhancing the efficiency in how they protect an environment and the effectiveness of all deployment models Making security fast, effective and simple is a key driver for Trend Micro and with the Worry-Free Business Security family Trend Micro will continue to provide just that. Improving performance is an area they have addressed and will continue to address with future versions. In addition, adding functionality to keep healthcare organizations or practices more secure with less administrative work is on the horizon. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information