The role of next-generation endpoint security and response in preventing healthcare data breaches
As the old saying in information security goes “corporate networks are a lot like an M&M, with a hard outside and a soft center”. Cybercriminals have learned to surpass traditional solutions like firewalls and anti-virus by attacking servers and personal computers, gaining control of credentials to databases and applications, and stealing private data.
In 2014, Symantec, one of the leaders in endpoint security, admitted that their tools were becoming increasingly ineffective, and allowed as many as 45 percent of malware threats to penetrate the machines they were trying protect. Combining that percentage with the fact that the 2015 Verizon Data Breach Investigations Report claimed more than 317 million new pieces of malware were created last year alone, created the need for solutions to go beyond outdated endpoint solutions; to bring the fight back to attackers.
The next generation of security
From anti-virus and firewalls, to malware detection or Endpoint Detection and Response (EDR) platforms, next-gen endpoint security products are entering the marketplace in an attempt to get ahead of threats and allow organizations to regain control of their endpoint security posture.
According to the Fifth Annual Survey on Medical Identity Theft conducted by Ponemon Institute, medical identity theft affects over 2.3 million people and it continues to grow rapidly. Many healthcare organizations have the right tools in place to be safe but they face the demanding challenge of managing, monitoring, configuring, and properly turning those very capable security devices.
Finding the right tools
In today’s demanding security environment, it has become increasingly challenging to identify serious threats before they lead to a data breach. Identifying known threats is no longer a challenge for most solutions – the biggest gap seen in prevention technologies is identifying unknown threats used in today’s nastiest attacks, like ransomware and Zero-Day’s.
To fill that gap there are some key factors that organizations should consider when evaluating next-gen endpoint tools:
- Monitoring operating system events (what is currently happening)
- Memory forensics (what could potentially happen, given memory is the true place where malware must execute)
- Threat intelligence (what we do know has happened previously)
- Remediation (stopping threats in their tracks)
EDR solutions enable security and response teams to quickly identify and eliminate targeted threats on desktops and servers, gathering threat intelligence during and after an attack. They provide the ability to continuously monitor operating system behaviors, detect known and unknown threats, and respond to incidents in real-time. In addition to these features, EDR tools offer teams enhanced detection, analysis and response capabilities to manage endpoint threats and ultimately give teams the flexibility, scale and integration capabilities to take back control of security, and make better security decisions.
Prevention and detection
Hospitals are difficult to defend because they have complex systems, multiple locations, diverse departmental applications, plus both patient and physician web portals. Having the right EDR is only part of a solution needed to protect against attacks. To take your defense a step further, it is crucial to build layers of defenses and maintain 24×7 monitoring of those assets.
Networked medical devices can create a challenge for hospital security teams because they do not control the process of upgrading the underlying operating system embedded into these devices. Many medical devices using older versions of Windows and Linux have known security vulnerabilities and are at risk of malware contamination and security exploits. These devices need regularly scanned and monitored for suspicious behavior like outbound communications to unauthorized hosts.
There are several steps you can take to protect your network from cyber threats. Here are defense mechanisms to consider:
- Make your security devices work together. Cross-correlation of events and alerts received from the different security devices can help distinguish the true attacks from the false positives.
- Keep your systems up-to-date. While this may seem trivial, many hackers take advantage of lapses in updates. Stay updated on the latest security incidents and make sure your security devices are properly patched for any known vulnerabilities.
- Have a dedicated team of security professionals. Healthcare organizations are always on the clock – and they need to have a staff monitoring their networks at all times as well. Human knowledge and experience are need to investigate sophisticated attacks.
- Get an outside security partner. If you don’t have the resources in-house to handle all of these tasks, consider using a managed security service provider (MSSP), or switching to a hybrid security operations center (SOC).
The number and severity of security incidents affecting healthcare organizations continues to increase; in addition, there is a growing cost for data breaches, both financially and to an organizations’ reputation. You must take a proactive approach to security – ensuring you have both the right devices and partners in place – to keep your networks safe.