Welcome!

Cloud Security Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Pat Romanski, Yeshim Deniz

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Blog Post

Why Healthcare IT Teams Love Intelligent Deception | @CloudExpo #Cloud #Cybersecurity

Healthcare IT professionals are scrambling for new approaches that can more effectively detect attacks

The healthcare industry is not immune from today's relentless wave of cyberattacks. Cyber theft of protected health information (PHI) is on the rise, and health organizations understand that 100 percent prevention of attacks is not realistic.

According to Ponemon Institute's Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data report, nearly 90 percent of all healthcare organizations have suffered at least one data breach in the last two years. According to another report, 88 percent of ransomware attacks in Q2 2016 were on healthcare entities.

Traditional prevention and detection techniques are falling short, and healthcare IT professionals are scrambling for new approaches that can more effectively detect attacks and mitigate the growing risks and damage.

Emerging on the scene, deception-based solutions offer a proven way to stop attackers in their tracks. Instead of sitting back and waiting to be the victim, detection technologies empower health organizations to be proactive and take the attack to the attacker. Below is a list of top five reasons why more health IT teams are turning to deception:

1. Malware Agnostic
Today's healthcare networks cyber defenses focus on prevention. But next-generation firewalls, DLPs and antivirus solutions all rely on signatures and reputation to attempt to prevent attacks. But if they don't recognize the threat they can't stop it, resulting in so many data breaches at health organizations that have invested heavily in security. Threats are always changing and health organizations are besieged by new attacks never seen before.

Deception is a defense paradigm that's completely attack-agnostic, with no need to define which "irregular" attack is underway. With the assumption that attackers have already breached the network, deception solutions set traps, lures and fake data to detect and stop human and machine attackers.

With intelligent deception technologies, the triggering of a trap begins the process of determining the malicious nature of a particular software or user. Once an intruder is detected, the deception solution sends an alert to the IT team while profiling the threat. Using this approach, health organizations can significantly shorten breach-to-resolution time and more successfully deal with accurate incidents.

2. Attack Interference
Intelligent deception not only lures attackers to decoys, it also slows down attacks and keeps the attackers engaged with decoy systems instead of roaming and causing harm to the real network. Decoys engage attackers and keep them occupied in a number of ways, including:

  • Adjusting the decoy's TCP stream to cause a slower or faster interaction
  • Allowing password-guessing to continue engaging the attacker. For instance, a decoy can be preset to decline the first six password attempts, and allow the seventh to come through, regardless of the string that was typed in.
  • Feeding the attacker large files even when they are not requested by the attacker.

3. Enriched Threat Intelligence
The deception approach empowers IT teams to proactively collect threat intelligence that helps find the attacker's communication channels, understand how the connection was established, learn what protocols were used, and more. Some of the more advanced deception solutions employ traffic analysis engines to both place their traps most strategically and gather additional information about network threats.

By combining data from decoys, traps, traffic analysis and other active detection tools, deception platforms can feed and enrich SIEM/SOC systems to help health organizations build comprehensive threat maps using real data in real time. The threat intelligence and visibility generated by drawing the attacker in rather than simply repulsing the attack enables an understanding of the attacker's goals - preventing not only the current attack, but also future attacks. This is how health organizations can take the offensive - taking the attack to the attacker.

4. Minimizes False Positives
Two of the biggest challenges facing cyber defenders are alert fatigue and frustration from tedious analysis of false-positive. The former puts the health organization at risk when IT teams start ignoring alarms, and can't begin to address the wave of alerts. The latter creates frustration because to be classified as false positives, numerous events demand considerable analysis and collection of data from a wider pool of sources.

Deception solutions offer relief from this efficiency-draining paradigm. Decoys trigger a low number of false positives because legitimate traffic shouldn't go near them in the first place. False positives are further reduced by higher levels of interaction between the decoy and the attacker, and by correlating findings with other sensors in the network. Advanced intelligent deception platforms that have integrated traffic analysis capabilities can run internal correlation of data from both the deception and monitoring layers to ensure even higher alert accuracy. With far fewer false alarms, intelligent deception lets IT team avoid configuration and management distractions, and concentrate on real incidents.

5. Easy to Deploy and Manage
Current deception solutions are much more advanced than the old, clunky honeypots of 10 and 20 years ago. Deploying deception today is simple and fast. Intelligent deception is based on decoys and mini-traps - also known as breadcrumbs or lures. These are placed on endpoints and servers and point attackers back to the decoys. In advanced deception-based solutions, deception components are deployed using point-and-click configuration, which largely automates the rollout of phantom decoys and networks. Deception solutions that have integrated traffic analysis capabilities use them to strategically place traps and decoys where they can be most effective - and dynamically adjust the deception layer as the health network and threat environments evolve. Coupled with deception's accuracy and low false positives, ease of configuration and management allows health organizations to benefit from the technology without having to increase headcount.

The Bottom Line
The plague of cyber threats and the failure of traditional security approaches to address them have created an epidemic of cyberattacks in healthcare. Deception is one of the few solutions that can provide a cure in an effective and cost-effective way - shutting down attacks on healthcare IT systems before they cause damage, and letting network IT professionals go on the offensive against attackers.

More Stories By Yoel Knoll

Yoel Knoll brings over 15 years of international experience in Marketing and Investor Relations. He joins TopSpin Security from Secure Islands Technologies (acquired by Microsoft) where he built and managed the company's marketing department. Prior to that, Yoel held managerial positions in several publicly traded companies including VP Corp. Marketing and Investor Relations at Ceragon Networks (NASDAQ: CRNT), Media Relations Manager at Infineon Technologies (FSE: IFX) COM group (now part of Intel) and Product Marketing at Infineon Technologies SAVAN.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...