Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Pat Romanski, William Schmarzo, Jason Bloomberg

Related Topics: @CloudExpo, Cloud Security, @BigDataExpo

@CloudExpo: Blog Post

Why Healthcare IT Teams Love Intelligent Deception | @CloudExpo #Cloud #Cybersecurity

Healthcare IT professionals are scrambling for new approaches that can more effectively detect attacks

The healthcare industry is not immune from today's relentless wave of cyberattacks. Cyber theft of protected health information (PHI) is on the rise, and health organizations understand that 100 percent prevention of attacks is not realistic.

According to Ponemon Institute's Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data report, nearly 90 percent of all healthcare organizations have suffered at least one data breach in the last two years. According to another report, 88 percent of ransomware attacks in Q2 2016 were on healthcare entities.

Traditional prevention and detection techniques are falling short, and healthcare IT professionals are scrambling for new approaches that can more effectively detect attacks and mitigate the growing risks and damage.

Emerging on the scene, deception-based solutions offer a proven way to stop attackers in their tracks. Instead of sitting back and waiting to be the victim, detection technologies empower health organizations to be proactive and take the attack to the attacker. Below is a list of top five reasons why more health IT teams are turning to deception:

1. Malware Agnostic
Today's healthcare networks cyber defenses focus on prevention. But next-generation firewalls, DLPs and antivirus solutions all rely on signatures and reputation to attempt to prevent attacks. But if they don't recognize the threat they can't stop it, resulting in so many data breaches at health organizations that have invested heavily in security. Threats are always changing and health organizations are besieged by new attacks never seen before.

Deception is a defense paradigm that's completely attack-agnostic, with no need to define which "irregular" attack is underway. With the assumption that attackers have already breached the network, deception solutions set traps, lures and fake data to detect and stop human and machine attackers.

With intelligent deception technologies, the triggering of a trap begins the process of determining the malicious nature of a particular software or user. Once an intruder is detected, the deception solution sends an alert to the IT team while profiling the threat. Using this approach, health organizations can significantly shorten breach-to-resolution time and more successfully deal with accurate incidents.

2. Attack Interference
Intelligent deception not only lures attackers to decoys, it also slows down attacks and keeps the attackers engaged with decoy systems instead of roaming and causing harm to the real network. Decoys engage attackers and keep them occupied in a number of ways, including:

  • Adjusting the decoy's TCP stream to cause a slower or faster interaction
  • Allowing password-guessing to continue engaging the attacker. For instance, a decoy can be preset to decline the first six password attempts, and allow the seventh to come through, regardless of the string that was typed in.
  • Feeding the attacker large files even when they are not requested by the attacker.

3. Enriched Threat Intelligence
The deception approach empowers IT teams to proactively collect threat intelligence that helps find the attacker's communication channels, understand how the connection was established, learn what protocols were used, and more. Some of the more advanced deception solutions employ traffic analysis engines to both place their traps most strategically and gather additional information about network threats.

By combining data from decoys, traps, traffic analysis and other active detection tools, deception platforms can feed and enrich SIEM/SOC systems to help health organizations build comprehensive threat maps using real data in real time. The threat intelligence and visibility generated by drawing the attacker in rather than simply repulsing the attack enables an understanding of the attacker's goals - preventing not only the current attack, but also future attacks. This is how health organizations can take the offensive - taking the attack to the attacker.

4. Minimizes False Positives
Two of the biggest challenges facing cyber defenders are alert fatigue and frustration from tedious analysis of false-positive. The former puts the health organization at risk when IT teams start ignoring alarms, and can't begin to address the wave of alerts. The latter creates frustration because to be classified as false positives, numerous events demand considerable analysis and collection of data from a wider pool of sources.

Deception solutions offer relief from this efficiency-draining paradigm. Decoys trigger a low number of false positives because legitimate traffic shouldn't go near them in the first place. False positives are further reduced by higher levels of interaction between the decoy and the attacker, and by correlating findings with other sensors in the network. Advanced intelligent deception platforms that have integrated traffic analysis capabilities can run internal correlation of data from both the deception and monitoring layers to ensure even higher alert accuracy. With far fewer false alarms, intelligent deception lets IT team avoid configuration and management distractions, and concentrate on real incidents.

5. Easy to Deploy and Manage
Current deception solutions are much more advanced than the old, clunky honeypots of 10 and 20 years ago. Deploying deception today is simple and fast. Intelligent deception is based on decoys and mini-traps - also known as breadcrumbs or lures. These are placed on endpoints and servers and point attackers back to the decoys. In advanced deception-based solutions, deception components are deployed using point-and-click configuration, which largely automates the rollout of phantom decoys and networks. Deception solutions that have integrated traffic analysis capabilities use them to strategically place traps and decoys where they can be most effective - and dynamically adjust the deception layer as the health network and threat environments evolve. Coupled with deception's accuracy and low false positives, ease of configuration and management allows health organizations to benefit from the technology without having to increase headcount.

The Bottom Line
The plague of cyber threats and the failure of traditional security approaches to address them have created an epidemic of cyberattacks in healthcare. Deception is one of the few solutions that can provide a cure in an effective and cost-effective way - shutting down attacks on healthcare IT systems before they cause damage, and letting network IT professionals go on the offensive against attackers.

More Stories By Yoel Knoll

Yoel Knoll brings over 15 years of international experience in Marketing and Investor Relations. He joins TopSpin Security from Secure Islands Technologies (acquired by Microsoft) where he built and managed the company's marketing department. Prior to that, Yoel held managerial positions in several publicly traded companies including VP Corp. Marketing and Investor Relations at Ceragon Networks (NASDAQ: CRNT), Media Relations Manager at Infineon Technologies (FSE: IFX) COM group (now part of Intel) and Product Marketing at Infineon Technologies SAVAN.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Today companies are looking to achieve cloud-first digital agility to reduce time-to-market, optimize utilization of resources, and rapidly deliver disruptive business solutions. However, leveraging the benefits of cloud deployments can be complicated for companies with extensive legacy computing environments. In his session at 21st Cloud Expo, Craig Sproule, founder and CEO of Metavine, will outline the challenges enterprises face in migrating legacy solutions to the cloud. He will also prese...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
Your clients expect transactions to never fail, cloud access to be fast and always on, and their data to be protected - no exceptions. Hear about how Secure Service Container (SSC), an IBM-exclusive open technology, enables secure building and hosting of next-generation applications, both cloud and on-premises. SSC protects the full stack from external and insider threats, allows automatic encryption of data in-flight and at-rest, and is tamper-resistant during installation and runtime – with no...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that TMC has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo and Big Data at Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. Learn how we can help you reach your marketing goals.
Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?