From the Blogosphere
Why Healthcare IT Teams Love Intelligent Deception | @CloudExpo #Cloud #Cybersecurity
Healthcare IT professionals are scrambling for new approaches that can more effectively detect attacks
By: Yoel Knoll
Jan. 13, 2017 10:00 AM
The healthcare industry is not immune from today's relentless wave of cyberattacks. Cyber theft of protected health information (PHI) is on the rise, and health organizations understand that 100 percent prevention of attacks is not realistic.
According to Ponemon Institute's Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data report, nearly 90 percent of all healthcare organizations have suffered at least one data breach in the last two years. According to another report, 88 percent of ransomware attacks in Q2 2016 were on healthcare entities.
Traditional prevention and detection techniques are falling short, and healthcare IT professionals are scrambling for new approaches that can more effectively detect attacks and mitigate the growing risks and damage.
Emerging on the scene, deception-based solutions offer a proven way to stop attackers in their tracks. Instead of sitting back and waiting to be the victim, detection technologies empower health organizations to be proactive and take the attack to the attacker. Below is a list of top five reasons why more health IT teams are turning to deception:
1. Malware Agnostic
Deception is a defense paradigm that's completely attack-agnostic, with no need to define which "irregular" attack is underway. With the assumption that attackers have already breached the network, deception solutions set traps, lures and fake data to detect and stop human and machine attackers.
With intelligent deception technologies, the triggering of a trap begins the process of determining the malicious nature of a particular software or user. Once an intruder is detected, the deception solution sends an alert to the IT team while profiling the threat. Using this approach, health organizations can significantly shorten breach-to-resolution time and more successfully deal with accurate incidents.
2. Attack Interference
3. Enriched Threat Intelligence
By combining data from decoys, traps, traffic analysis and other active detection tools, deception platforms can feed and enrich SIEM/SOC systems to help health organizations build comprehensive threat maps using real data in real time. The threat intelligence and visibility generated by drawing the attacker in rather than simply repulsing the attack enables an understanding of the attacker's goals - preventing not only the current attack, but also future attacks. This is how health organizations can take the offensive - taking the attack to the attacker.
4. Minimizes False Positives
Deception solutions offer relief from this efficiency-draining paradigm. Decoys trigger a low number of false positives because legitimate traffic shouldn't go near them in the first place. False positives are further reduced by higher levels of interaction between the decoy and the attacker, and by correlating findings with other sensors in the network. Advanced intelligent deception platforms that have integrated traffic analysis capabilities can run internal correlation of data from both the deception and monitoring layers to ensure even higher alert accuracy. With far fewer false alarms, intelligent deception lets IT team avoid configuration and management distractions, and concentrate on real incidents.
5. Easy to Deploy and Manage
The Bottom Line
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week