Posts Tagged ‘Healthcare’
Posted by Heather Howland in Security Intelligence, Webinars
Big data is still big, but looks a heck of a lot different than it has in the past.
For the previous ten years or so, “big data” growth has been defined using the three v’s: volume, velocity, and variety. From an IT security perspective, is there one of these traits that has the most impact? Could it be that the variety of new types of big data is causing most of the headaches for enterprise IT departments? Here are examples of new sources of big data and their impact on IT security departments.
Social Media
According to Q1 Labs’ CSO, Chris Poulin, the social media boom has resulted in two major challenges when it comes to enterprise IT security. In this Forbes article, he states that the first challenge is how to best keep networks safe from hackers utilizing spear-fishing techniques (or similar) to target employees and partners. The second challenge, most applicable to the topic of big data, is how to effectively detect network anomalies, considering the massive quantities and types of data generated by social media applications.
Electronic Health Records
As Healthcare organizations are gradually moving towards electronic patient health records (EHR), it not only demands compliance with HIPAA regulations, but it also presents an immediate leap of data volume and complexity. Why is it complex? Before EHR, patient data was stored in a room, in folders, on shelves. Usually only a handful of administrators would directly access the data for physicians. Now, with EHR in the mix, that same data is available to more people and regularly exchanged between partner health organizations. The chance of sensitive data loss and exposure is exponentially higher.
Given new types of big data resulting from sources including social media applications, credit card data storage (across many locations and providers), and electronic health records, IT departments everywhere are trying to wrap their heads around the best way to monitor and protect it all from internal and external threats.
QRadar operates at a big data scale, with real-time security analytics pin-pointing risks and providing actionable security intelligence. For example, one of our customers operates at a trance inducing 6 billion events per day and is able to isolate critical security information from the noise. Another customer, who happens to be a Fortune 100 energy company, uses QRadar to monitor 6 million card swipes per day and is able to detect 25-50 high priority offenses out of 2 billion daily events.
If I was big data, I’d feel a bit humbled right now.
Read more about security intelligence and be sure to register for our upcoming webcast on Febrary 22, with Dark Reading, titled “No One is Immune to Being Hacked. Strategies for Staying Out of the Headlines”.
Posted by Heather Howland in Healthcare, Security Intelligence, Webinars
Truism: it’s always informative to have customers join us on webinars. Last Thursday’s webinar was no exception, as we had two of our healthcare customers accompany us for an interactive discussion about healthcare security and compliance concerns as we approach 2012. A hearty thanks to both Youssef Jad from McGill University Health Centre and Jerry Walters from OhioHealth for taking time away from their busy days to participate in this discussion.
Here’s a brief clip:
- Tuning your security intelligence solution is extremely important to establish a baseline and avoid being overwhelmed with data early on.
- Visibility into network flows is a huge factor when attempting to track down application related traffic, especially when fully correlated with other events.
- In the healthcare space, securing the mobile infrastructure is extremely important.
- Security intelligence solutions like QRadar go way beyond reporting and log management.
During their QRadar proof-of-concept (POC), OhioHealth was able to quickly identify infection sources from a malware outbreak stemming from a zero-day event. They leveraged QRadar’s unique QFlow capability to analyze network traffic by looking for specific patterns in the traffic, and they now use QFlow extensively to look for abnormal network activity. QRadar was a replacement for a previous SIEM and log management solution that simply ran out of gas – it could not scale to support the high volume of security events that OhioHealth needed to monitor.
At McGill University Health Centre, QRadar was deployed in a just a few days using the system’s pre-built templates. Tuning and creating custom rules required an additional month, but is an important step to effectively isolate incidents. The solution has already been used to identify malware attacks, and it is a key element of their change control process because it is used to identify unauthorized or erroneous configuration changes that affect the availability of critical applications. McGill chose QRadar after an evaluation process that also included testing ArcSight, which they found to be too complex
- Why did you need a security intelligence solution?
- What were your criteria?
- What other solutions did you look at?
- Did you have any challenges getting the solution in place?
- How large of a staff do you maintain that works directly with QRadar?
- How many systems and devices were included in your deployment?
- Once an incident is discovered, how is it handled?
If you missed the live webinar, the recorded version is posted here for your viewing. Have questions while watching? Send them to info@q1labs.com and we’ll get back to you quickly.
Related: Five Ways to Use Security Intelligence to Pass Your HIPAA Audit (eBook)
Posted by Heather Howland in Healthcare, Security Intelligence
The DigiNotar hack brought to light the ultimate cost of being breached - going out of business. However, that was only one scenario. Can a company really be hacked out of business?
Look at Sony’s Playstation Network. Gamers still gamed after ~20 hacks over 6 months and after knowing credit card information was compromised. However, when industries like Healthcare are considered, things change. Patient records, exposed medical devices, mission critical servers, mobile devices, etc, have more at stake.
Lets put the concept of “going out of business” out of our heads for now. It will take more than one hack to put a hospital out of business, for example. Remember the Conficker worm of 2009? It infected thousands of devices at hundreds of hospitals around the world, exacerbating all concerns of patient record security and creating new worries about the safety of MRI and CAT Scan devices. Most of these critical networks are not connected to the internet, but the exposed machines that run them are sometimes connected when they shouldn’t be. With more network aware devices in hospitals being deployed each year, the risk rises and the goldmine of susceptible data grows.
What is the real cost of being breached for Healthcare organizations (hospitals, MRI facilities, outpatient services, etc)? Is it loss of business? Patient fear? Capital costs of updating old hardware and insecure systems? Loss of patient records? I would say “all of the above” applies in most cases.
I’m also willing to guess that the cost of being breached for a healthcare organization is monumentally higher than the cost of properly securing systems, devices, and networks that help lower the risk of a breach. What do you think?
Posted by Heather Howland in Compliance, Security Intelligence, Threat Management
At a recent customer meeting, I had the opportunity to speak with a Director of Information Security from a large hospital system in the mid -West. I asked him about what Security Intelligence means to his organization. Three things in his reply stood out: compliance, detecting and preventing threats, and the exposure resulting from social media use. As a large healthcare organization, they are responsible for protecting the information of their patients that visit them as well as all hospital associates. They are bound by HIPAA, and because they do a lot of credit card transactions (pharmacies, gift shops, and doctor visit payments), they are bound by PCI DSS as well. These regulations and standards require them to not simply keep logs but also be able to know what is touching and going on in the networks, including smaller sites into which they lack direct visibility.
They need to be able to correlate events to get the intelligence needed to track down possible breaches or anything going on in the network that could involve HIPAA or PCI. Security Intelligence allows them to find that needle in the pile of needles, and this is important: in real time, and to determine what happened when, and proactively prevent things that have the potential to become a big problem. In the past they were reactive and spent a lot of time building special scripts to dig through logs. With Security Intelligence, not only were they able to catch a zero- day attack during a demonstration prior to installation, but now they have the intelligence to see things before they occur, allowing them to easily show value to their executive team.
Compliance and threat detection are pretty common themes with many customers with whom I speak. What really piqued my interest was when we started talking about social media, as my expertise lies in leveraging online media for marketing. This is a topic that over the past year continues to grow with many of our customers. Like many customers, they are still working through their policy for social media. What’s interesting is how the organization is using security intelligence to help build their strategy. Right now they allow their employees to use Facebook, and one of their biggest concerns was around how much time and bandwidth is consumed. With Security Intelligence, they have the visibility they need to help them make better decisions in terms of what they want to allow and how they want to configure devices in terms of limiting or preventing some of that traffic.
Chris Poulin, Q1 Labs’ Chief Security Officer, has recently gotten many requests to speak about this topic. Check out the latest video of Chris talking about “How to Balance the Risks of Social Media.” This video is part of a series we will be publishing on social media risks, so stay tuned!
Posted by Heather Howland in Compliance, Cybersecurity, Log Management, Network Intelligence, Q1 Labs, Security Intelligence, SIEM, Threat Management, Webinars
Healthcare organizations are saddled with a number of horizontal security challenges around security and compliance. Yet, there are a few specific challenges they continue to encounter, including the changing regulatory requirements in HIPAA and HITECH, ensuring access control policies are defined across departments and maintaining the integrity, confidentiality and availability of health information.
Q1 Labs recently hosted a webinar featuring two QRadar customers within the healthcare market, Neighborhood Health Plan and Arkansas Children’s Hospital, both of whom validated the challenges, but who also discussed their drastically different requirements and drivers. Essentially, it shows how different healthcare organizations from other vertical market companies in terms of their network and security needs. But even within the same general market (one is a healthcare insurance provider, the other a hospital) its clear every organization will have different drivers, performance requirements and methods in which they measure ROI from a SIEM deployment.
Doug Demio, Information Security Officer with Neighborhood Health Plan had log management-centric needs – his program’s biggest need was to centralize logging in one complete interface that pulled from multiple systems. He also wanted the ability to correlate information into actionable intelligence from logs; he needed his solution to deploy easily with results apparent immediately. QRadar met all his requirements, including his need to comply with the MA 201 CMR 17 regulation, a driving force behind securing the funding for his program. With QRadar, they have the unique ability to turn on full SIEM capabilities within their current deployment at any time for further visibility into network events.
Chris Wilkens, Network Administrator with Arkansas Children’s Hospital, also walked through his list of drivers and requirements, which included an emphasis on HIPAA compliance as a core driver. But they really wanted to bring in logs and events through robust correlation in QRadar SIEM to extract intelligence so that they were able to capture a better picture of their overall network security posture. Pulling from multiple sources, Chris also needed a solution that allowed him to easily search on log activity during forensic investigations, which is one of many of QRadar’s features that makes it easy to use. Ultimately, as a QRadar SIEM customer, they received unprecedented visibility into their network, as well as powerful reporting capabilities which allowed for customized views for different audiences across the organization, and externally.
Its clear there are many challenges to counter as far as securing patient data and healthcare systems. Q1 Labs will maintain its commitment to the healthcare market to provide the most intelligent, integrated and automated solutions to detect threats, cut down on siloed data and predict risks from a business perspective.
The latest on Cyber Security
