Wednesday, April 30, 2014

Security Priorities for 2014

In previous posts, I’ve described security as a process, not a project.  It’s like a cold war that never ends with new threats every day requiring new countermeasures.

As I survey the landscape in 2014, I see much more sophisticated attacks at the same time there is much more severe regulatory enforcement.    Where would I put my security dollars this year?

1.  Denial of Service/Distributed Denial of Service Mitigation

In many ways the internet was built on the Blanche Dubois (Streetcar Named Desire) principle

"I have always depended on the kindness of strangers."

No one foresaw evil actors purposely trying to pillage the network for personal gain.

Several companies offer appliances and services to reduce the impact of denial of service attacks.   It’s much easier to be proactive and prepared than reactive when an attack hits.

2.  Security Information and Event Management

As new security technologies are introduced, there is an explosion of log files produced.  Turning that data into action can be a real challenge.   If I log in from Boston 5 times on Monday morning and again from Shanghai on Monday afternoon, there is a good possibility my credentials have been stolen.   Integration of multiple data streams with threat analysis based on analytic rules is essential to identifying threats and managing them.

3.  Intrusion Protection Systems

Today’s threats are subtle and complex.   Think about the high profile events of the past few years - Target, Neiman Marcus, and RSA.   There were infiltrations of building control systems and carefully crafted spearfishing attacks.    Advanced sensors are needed to identify malicious activity, log information about the activity, attempt to block it, and report it.

4.  Network forensics

As events occur, root cause analysis requires specialized tools to reconstruct incidents, identify bad actors, examine actions taken by those actors, and report to appropriate authorities enough information to use in prosecution or to respond to regulatory action.

5.  Anti-malware

Endpoint protection is increasingly important given the virulence of malware that includes screen scraping and keystroke logging.    In addition to anti-virus, various zero-day protections including malware signature identification and removal processes are essential.

There are a variety of other tasks that need to be accomplished by the IT organization to comply with ISO and NIST HIPAA best practice frameworks including asset management, physical/environmental security, access control, incident management, continuity management, and continuing training/education for all human resources.

Given the intensity of federal and state oversight, a mature security program is no longer a luxury but a requirement to mitigate technical and reputational risks in healthcare.

1 comment:

Medical Quack said...

You are right, nobody could have seen all of this coming so our predictive analytics are failing us you could say when it comes to figuring out what the "dark side" of technology is going to do:) Sorry a little satire there, but it's true.

When you speak of intrusion, well that's a big one and it's getting worse by all means. I see it directly related to the "data selling epidemic" we have in the US and if there wasn't money to be made, I don't think we would have such a problem as we are somewhat beyond the days of hacking just to show I can do it, so why waste time if one is living on the dark side as even the crooks want to be paid for their time.

Every time new "scoring" is introduced somewhere in healthcare or otherwise, bingo we have a new list to sell of "scored" individuals too, so that element keeps feeding it too as I see it. I write about it all the time with looking at various articles on data theft. The World Privacy Forum wrote a very good and fair report on all of this and how we don't see it either with proprietary formulas and models so we when "scored" data is stolen we don't even know it's there as we have no access to know who's scoring. If we keep creating it and don't secure it, crooks will still go after it.

In short, security on data to guard against intrusion, high on the list for sure. Again there was no way we could have predicted the data selling epidemic but it's out there and keeps feeding the dark side and as long as there's money in it, stealth security is a must.

I keep saying the virtual world technologies and the real world values need to work better together as people are flat out confused too on where the lines need to cross and where they don't and how virtual technologies such as malware and data theft creep out there and hurt the real world. Doctors deal with the real world every day and there's a name for that: Patients.

I agree that is is a cold war and if there wasn't so much money in selling data, well maybe some of this would ease up but not looking like any of that's going to change any time soon as anymore too I find folks are confused overall on what has value in virtual worlds and the impact on the real world we live in.