Login

Posts Tagged ‘hipaa’

Friday, 10 February 2012 10:15 1 Comment

Big Data, is that you?

Posted by Heather Howland in Security Intelligence, Webinars

Big data is still big, but looks a heck of a lot different than it has in the past.

For the previous ten years or so, “big data” growth has been defined using the three v’s: volume, velocity, and variety. From an IT security perspective, is there one of these traits that has the most impact? Could it be that the variety of new types of big data is causing most of the headaches for enterprise IT departments?  Here are examples of new sources of big data and their impact on IT security departments.

Social Media

According to Q1 Labs’ CSO, Chris Poulin, the social media boom has resulted in two major challenges when it comes to enterprise IT security.   In this Forbes article, he states that the first challenge is how to best keep networks safe from hackers utilizing spear-fishing techniques (or similar) to target employees and partners. The second challenge, most applicable to the topic of big data, is how to effectively detect network anomalies, considering the massive quantities and types of data generated by social media applications.

Electronic Health Records

As Healthcare organizations are gradually moving towards electronic patient health records (EHR), it not only demands compliance with HIPAA regulations, but it also presents an immediate leap of data volume and complexity. Why is it complex? Before EHR, patient data was stored in a room, in folders, on shelves. Usually only a handful of administrators would directly access the data for physicians. Now, with EHR in the mix, that same data is available to more people and regularly exchanged between partner health organizations. The chance of sensitive data loss and exposure is exponentially higher.

Given new types of big data resulting from sources including social media applications, credit card data storage (across many locations and providers), and electronic health records, IT departments everywhere are trying to wrap their heads around the best way to monitor and protect it all from internal and external threats.

QRadar operates at a big data scale, with real-time security analytics pin-pointing risks and providing actionable security intelligence. For example, one of our customers operates at a trance inducing 6 billion events per day and is able to isolate critical security information from the noise. Another customer, who happens to be a Fortune 100 energy company, uses QRadar to monitor 6 million card swipes per day and is able to detect 25-50 high priority offenses out of 2 billion daily events.

If I was big data, I’d feel a bit humbled right now.

Read more about security intelligence and be sure to register for our upcoming webcast on Febrary 22, with Dark Reading, titled “No One is Immune to Being Hacked. Strategies for Staying Out of the Headlines”.

 


Tuesday, 20 December 2011 13:30 No Comments

Webinar Wrap-up: Security Best Practices for Healthcare in 2012

Posted by Heather Howland in Healthcare, Security Intelligence, Webinars

Truism: it’s always informative to have customers join us on webinars. Last Thursday’s webinar was no exception, as we had two of our healthcare customers accompany us for an interactive discussion about healthcare security and compliance concerns as we approach 2012. A hearty thanks to both Youssef Jad from McGill University Health Centre and Jerry Walters from OhioHealth for taking time away from their busy days to participate in this discussion.

Here’s a brief clip:

We covered a lot of ground in an hour, but here are a few of the major takeaways:
  • Tuning your security intelligence solution is extremely important to establish a baseline and avoid being overwhelmed with data early on.
  • Visibility into network flows is a huge factor when attempting to track down application related traffic, especially when fully correlated with other events.
  • In the healthcare space, securing the mobile infrastructure is extremely important.
  • Security intelligence solutions like QRadar go way beyond reporting and log management.

During their QRadar proof-of-concept (POC), OhioHealth was able to quickly identify infection sources from a malware outbreak stemming from a zero-day event.  They leveraged QRadar’s unique QFlow capability to analyze network traffic by looking for specific patterns in the traffic, and they now use QFlow extensively to look for abnormal network activity.  QRadar was a replacement for a previous SIEM and log management solution that simply ran out of gas – it could not scale to support the high volume of security events that OhioHealth needed to monitor.

At McGill University Health Centre, QRadar was deployed in a just a few days using the system’s pre-built templates.  Tuning and creating custom rules required an additional month, but is an important step to effectively isolate incidents.  The solution has already been used to identify malware attacks, and it is a key element of their change control process because it is used to identify unauthorized or erroneous configuration changes that affect the availability of critical applications.  McGill chose QRadar after an evaluation process that also included testing ArcSight, which they found to be too complex

Some of the questions answered in the webcast:
  • Why did you need a security intelligence solution?
  • What were your criteria?
  • What other solutions did you look at?
  • Did you have any challenges getting the solution in place?
  • How large of a staff do you maintain that works directly with QRadar?
  • How many systems and devices were included in your deployment?
  • Once an incident is discovered, how is it handled?

If you missed the live webinar, the recorded version is posted here for your viewing. Have questions while watching? Send them to info@q1labs.com and we’ll get back to you quickly.

Related: Five Ways to Use Security Intelligence to Pass Your HIPAA Audit (eBook)


Monday, 22 August 2011 08:47 No Comments

How Security Intelligence Helps Healthcare with Detecting Threats, Compliance and Social Media

Posted by Heather Howland in Compliance, Security Intelligence, Threat Management

At a recent customer meeting, I had the opportunity to speak with a Director of Information Security from a large hospital system in the mid -West. I asked him about what Security Intelligence means to his organization. Three things in his reply stood out: compliance, detecting and preventing threats, and the exposure resulting from social media use. As a large healthcare organization, they are responsible for protecting the information of their patients that visit them as well as all hospital associates. They are bound by HIPAA, and because they do a lot of credit card transactions (pharmacies, gift shops, and doctor visit payments), they are bound by PCI DSS as well. These regulations and standards require them to not simply keep logs but also be able to know what is touching and going on in the networks, including smaller sites into which they lack direct visibility.

They need to be able to correlate events to get the intelligence needed to track down possible breaches or anything going on in the network that could involve HIPAA or PCI. Security Intelligence allows them to find that needle in the pile of needles, and this is important: in real time, and to determine what happened when, and proactively prevent things that have the potential to become a big problem. In the past they were reactive and spent a lot of time building special scripts to dig through logs. With Security Intelligence, not only were they able to catch a zero- day attack during a demonstration prior to installation, but now they have the intelligence to see things before they occur, allowing them to easily show value to their executive team.

Compliance and threat detection are pretty common themes with many customers with whom I speak. What really piqued my interest was when we started talking about social media, as my expertise lies in leveraging online media for marketing. This is a topic that over the past year continues to grow with many of our customers. Like many customers, they are still working through their policy for social media. What’s interesting is how the organization is using security intelligence to help build their strategy. Right now they allow their employees to use Facebook, and one of their biggest concerns was around how much time and bandwidth is consumed. With Security Intelligence, they have the visibility they need to help them make better decisions in terms of what they want to allow and how they want to configure devices in terms of limiting or preventing some of that traffic.

Chris Poulin, Q1 Labs’ Chief Security Officer, has recently gotten many requests to speak about this topic. Check out the latest video of Chris talking about “How to Balance the Risks of Social Media.”  This video is part of a series we will be publishing on social media risks, so stay tuned!


Wednesday, 27 July 2011 09:08 2 Comments

Winter is Coming. I mean, Audits are Coming.

Posted by Heather Howland in Healthcare, Risk Management

One of my favorite series on HBO, Game of Thrones, has managed to completely consume my attention over the past few months. After watching the first season, I immediately started reading the books and diving deeper into the back stories and lore. Throughout both the HBO series and books, there’s a common saying – Winter is Coming. Meaning that the long summer is coming to an end in favor of an equally long and cold winter, which signifies tough times for the Seven Kingdoms.

For security and compliance professionals in the healthcare industry, long awaited HIPAA audits are coming. The Department of Health and Human Services’ Office for Civil Rights has recently stated that they will conduct approximately 150 HIPAA audits starting later this year, through the end of 2012.

How do you best prepare for the coming audits? Here’s a few suggestions, with a mindset of security intelligence and risk awareness:

  • If you hold patient records or any type of electronic health information, be sure you have analyzed your network and device configuration for potential vulnerabilities.
  • Automated policy monitoring can also keep you prepared before a breach occurs. This will alert you when, for example, there is a network configuration allowing “out of policy” traffic through your network.
  • Know what to do if and when a breach occurs. Have a plan in place and data to back it all up. A modern SIEM solution can provide important forensics including when the breach happened, who was targeted, what data was compromised, and why this may have happened based on records of previous offenses.
  • Already have a SIEM solution deployed? Extend its functionality to include risk management and assessment.

When will the auditors come knocking on your door? No one knows, which is more reason to take precautions. Apparently, audit targets will vary based on size, business type, and previous violations – although it is reported that the latter will be less of a focus.

While we may not know how invasive the audits will be, who will be targeted, and when exactly they will begin, we do know that audits are coming. Is your organization at risk? Are you prepared?

To learn how another healthcare organization has taken measures to protect patient data while centralizing their security and compliance programs, download this case study on Arkansas Children’s Hospital.