SlideShare uma empresa Scribd logo

How to Determine Your Attack Surface in the Healthcare Sector

Jeremiah Grossman
Jeremiah Grossman

This document provides an analysis of the attack surface for 19 major healthcare organizations based on data collected by Bit Discovery from public sources on the internet. It includes statistics on each organization's total assets, domain names, cloud assets, use of content delivery networks, certificate authorities, expired certificates, geographic distribution, private IP addresses, WordPress vulnerabilities, and recommendations for building a security program around mapping the attack surface.

Tecnologia
1 de 25
Baixar para ler offline
HOW TO DETERMINE YOUR ATTACK SURFACE IN THE HEALTHCARE SECTOR JANUARY 14, 2021 BIT DISCOVERY
BIT DISCOVERY Attack Surface Management that discovers, learns, and (finally) lets you secure everything. Secure everything.
•CEO, Bit Discovery •20 years in Information Security •Founder of WhiteHat Security •Black Belt in Brazilian Jiu-Jitsu JEREMIAH GROSSMAN
ASSET ATTACK SURFACE From the network perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset. • a domain name, subdomain, or IP addresses and/or combination thereof, for a device connected to the Internet or internal network. • (an asset) may include, but not limited to, web servers, name servers, IoT devices, or network printers.
•Shadow Asset: The specific asset, as defined by a hostname/IP-address, that’s unknown or uncontrolled by the organization. •Shadow Service: Unknown or uncontrolled services (i.e., open ports) that are actively listening on an asset. •Shadow Software: Unknown or uncontrolled software stack information (i.e., list of installed software and versions) of a listening service on an asset. SHADOWS WITHIN SHADOW-IT
IMPORTANCE ATTACK SURFACE MANAGEMENT BIT DISCOVERY
Bit Discovery 2020 FEDERAL TRADE COMMISSION, Plaintiff, v. EQUIFAX INC., Defendant.
Bit Discovery 2020 USE-CASES ATTACK SURFACE MANAGEMENT • Vulnerability & Patch Management • Third-Party Risk Management • Mergers & Acquisition • Cyber-Insurance • Policy & Compliance • Security Ratings • Incident Response • Sales & Marketing Enablement • Investments
YOU CAN ONLY SECURE WHAT YOU KNOW YOU OWN. BIT DISCOVERY
•Collect a list all registered IP-ranges and domain names: Most organizations will not have a ready up-to-date list. •Find and scan all subdomains: Assets located on-premise, in the cloud, hosted applications, labelled under of subsidiaries, physically located across distributed data centers, and across non-contiguous IP-ranges. •Collect all meta-data for every asset: software stack, version info, TLS cert info, programming language, open ports, IP geo-location, hosting provider, CDN, etc. •Maintain an up-to-date attack surface map: The asset data for most organizations change between 1-5% monthly. THE ATTACK SURFACE
ABOUT BIT DISCOVERY BIT DISCOVERY’S DATA
Bit Discovery 2020 INTERNET “COPY” OF THE • Generated by Bit Discovery and 400 data sources. • WHOIS databases, domain names, ASN, ports, service banners, technology stack, website index page(s), full TLS certificate info, email addresses, password dumps, etc. • Each asset has potentially 115 unique data points. • Each data point updated daily-to-monthly. • Hundreds of snapshots collected over 5 years. Largest Data-Set Of It’s Kind *missing ~30% of the Internet* 4.5 BILLION DNS ENTRIES 200+ INTERNET SNAPSHOTS 515 DATA SOURCES 115 DATA COLUMNS 150 YEARS OF CPU TIME
BIT DISCOVERY HOSPITALS & HEALTH ATTACK SURFACE MAP ANALYSIS
The total number of Internet-connected assets. TOTAL ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10,000 20,000 30,000 40,000 2,839 237 39,956 38 1,752 18 36,639 479 25 22 44 5,293 77 80 22,972 1,010 2,271 795 172
The total number of registered domain names. DOMAIN NAMES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 350 700 1,050 1,400 93 3 1,400 2 53 1 444 44 1 2 3 312 5 2 8 37 128 30 6
The percentage of cloud-hosted assets including Amazon Web Services, Microsoft Azure, Google App Engine, and others. CLOUD ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 13 25 38 50 14.76 19.41 26.66 7.89 5.31 11.11 20.70 11.69 0.00 0.00 0.00 46.91 0.00 0.00 0.06 1.19 6.16 3.52 1.74
The percentage of Internet-accessible assets served by a well-known Content Delivery Network including Akamai, Cloudflare, and Fastly. CDN ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 0 0 3 24 0 0 0 0 24 0 0 0 0 0 0 4 1 0 0
The number of unique Certificate Authorities seen across the Internet- accessible assets. CERTIFICATE AUTHORITIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10 20 30 40 22 4 39 3 18 2 26 12 1 2 2 37 3 6 5 10 29 9 5
The number of expired TLS Certificates seen across the Internet- accessible assets. EXPIRED TLS CERTS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 50 100 150 200 77 3 110 0 16 0 110 2 0 0 0 196 0 0 0 21 90 9 5
The number of countries hosting Internet-accessible assets. COUNTRIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 4 7 11 14 4 6 14 1 5 1 12 6 2 1 1 8 1 1 3 4 9 3 2
The number of Internet-connected assets where the hostname resolves to non-route-able RFC-1918 internal IP-addresses. PRIVATE IP-SPACE SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 10 0 8 0 2 0 1 0 0 0 0 1 0 0 0 27 8 0 0
Extremely popular free and open-source CMS. Wordpress assets scanned with WPScan, which includes vulnerabilities in plug-ins. WORDPRESS VULNS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 45 90 135 180 21 0 172 0 0 0 65 0 0 0 57 0 0 0 0 1 0 0 0
2021 SECURITY GUIDANCE
Every security program must begin with an attack surface map. Jeremiah Grossman CEO, Bit Discovery • Attack Surface Map • Multi-factor Authentication • Email Security • Routine Backups • Wire Transfer Verification • Password Management
BIT DISCOVERY

Recomendados

What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
Jaime Manteiga
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
Jitter Bugslec
Jitter BugslecJitter Bugslec
Jitter Bugslec
scottdp3
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Observations on Modern Cyber Crime and Espionage - Wade Baker, VerizonObservations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Akamai Technologies
 
Cyber threats sample
Cyber threats sampleCyber threats sample
Cyber threats sample
Richard Smiraldi
 
Cyber Threats Presentation Sample
Cyber Threats Presentation SampleCyber Threats Presentation Sample
Cyber Threats Presentation Sample
Richard Smiraldi
 

Recomendados

What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
Jaime Manteiga
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
Jitter Bugslec
Jitter BugslecJitter Bugslec
Jitter Bugslec
scottdp3
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Observations on Modern Cyber Crime and Espionage - Wade Baker, VerizonObservations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Akamai Technologies
 
Cyber threats sample
Cyber threats sampleCyber threats sample
Cyber threats sample
Richard Smiraldi
 
Cyber Threats Presentation Sample
Cyber Threats Presentation SampleCyber Threats Presentation Sample
Cyber Threats Presentation Sample
Richard Smiraldi
 
Analyst sample Presentation
Analyst sample PresentationAnalyst sample Presentation
Analyst sample Presentation
Richard Smiraldi
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09
Skillspire LLC
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
Data breach at Target, demystified.
Data breach at Target, demystified.Data breach at Target, demystified.
Data breach at Target, demystified.
Cyphort
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
RapidSSLOnline.com
 
Cyber threat trends
Cyber threat trendsCyber threat trends
Cyber threat trends
Stephen Richards
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Are Bot Operators Eating Your Lunch?
Are Bot Operators Eating Your Lunch?Are Bot Operators Eating Your Lunch?
Are Bot Operators Eating Your Lunch?
Distil Networks
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
Symantec
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
CODE BLUE
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
 
Presentation1
Presentation1Presentation1
Presentation1
Abhishek Malhotra
 
RSA 2019: Machine Identity Protection
RSA 2019: Machine Identity ProtectionRSA 2019: Machine Identity Protection
RSA 2019: Machine Identity Protection
Michael Thelander
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
Sophos Benelux
 
Verizon January 8, 2014
Verizon January 8, 2014Verizon January 8, 2014
Verizon January 8, 2014
AFCEA Alaska Chapter
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital Shadows
Digital Shadows
 
SSH Keys: Security Asset or Liability?
SSH Keys: Security Asset or Liability?SSH Keys: Security Asset or Liability?
SSH Keys: Security Asset or Liability?
Michael Thelander
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
karsof systems e-visa
karsof systems e-visakarsof systems e-visa
karsof systems e-visa
Colin Valencia
 
Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?
Digital Transformation EXPO Event Series
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
Jeremiah Grossman
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
Mike Spaulding
 

Mais conteúdo relacionado

Mais procurados

Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Are Bot Operators Eating Your Lunch?
Are Bot Operators Eating Your Lunch?Are Bot Operators Eating Your Lunch?
Are Bot Operators Eating Your Lunch?
Distil Networks
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
CODE BLUE
 

Mais procurados (20)

Analyst sample Presentation
Analyst sample PresentationAnalyst sample Presentation
Analyst sample Presentation
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Data breach at Target, demystified.
Data breach at Target, demystified.Data breach at Target, demystified.
Data breach at Target, demystified.
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Cyber threat trends
Cyber threat trendsCyber threat trends
Cyber threat trends
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Are Bot Operators Eating Your Lunch?
Are Bot Operators Eating Your Lunch?Are Bot Operators Eating Your Lunch?
Are Bot Operators Eating Your Lunch?
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
 
Presentation1
Presentation1Presentation1
Presentation1
 
RSA 2019: Machine Identity Protection
RSA 2019: Machine Identity ProtectionRSA 2019: Machine Identity Protection
RSA 2019: Machine Identity Protection
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
 
Verizon January 8, 2014
Verizon January 8, 2014Verizon January 8, 2014
Verizon January 8, 2014
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital Shadows
 
SSH Keys: Security Asset or Liability?
SSH Keys: Security Asset or Liability?SSH Keys: Security Asset or Liability?
SSH Keys: Security Asset or Liability?
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
karsof systems e-visa
karsof systems e-visakarsof systems e-visa
karsof systems e-visa
 
Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?
 

Semelhante a How to Determine Your Attack Surface in the Healthcare Sector

2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know
Raffa Learning Community
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
AlienVault
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 

Semelhante a How to Determine Your Attack Surface in the Healthcare Sector (20)

The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Lenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnLenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and Learn
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
 
Viscount Systems (OTCQB:VSYS) Presentation
Viscount Systems (OTCQB:VSYS) PresentationViscount Systems (OTCQB:VSYS) Presentation
Viscount Systems (OTCQB:VSYS) Presentation
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptxTop 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
 
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
 
US Government’s Position on FIDO within NSTIC
US Government’s Position on FIDO within NSTICUS Government’s Position on FIDO within NSTIC
US Government’s Position on FIDO within NSTIC
 
What Data Are You Leaking? BSidesLV Presentation
What Data Are You Leaking? BSidesLV Presentation What Data Are You Leaking? BSidesLV Presentation
What Data Are You Leaking? BSidesLV Presentation
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 

Mais de Jeremiah Grossman

Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Jeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
Jeremiah Grossman
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
Jeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Jeremiah Grossman
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
Jeremiah Grossman
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
Jeremiah Grossman
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
Jeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
Jeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
Jeremiah Grossman
 

Mais de Jeremiah Grossman (20)

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

How to Determine Your Attack Surface in the Healthcare Sector

  • 1. HOW TO DETERMINE YOUR ATTACK SURFACE IN THE HEALTHCARE SECTOR JANUARY 14, 2021 BIT DISCOVERY
  • 2. BIT DISCOVERY Attack Surface Management that discovers, learns, and (finally) lets you secure everything. Secure everything.
  • 3. •CEO, Bit Discovery •20 years in Information Security •Founder of WhiteHat Security •Black Belt in Brazilian Jiu-Jitsu JEREMIAH GROSSMAN
  • 4. ASSET ATTACK SURFACE From the network perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset. • a domain name, subdomain, or IP addresses and/or combination thereof, for a device connected to the Internet or internal network. • (an asset) may include, but not limited to, web servers, name servers, IoT devices, or network printers.
  • 5. •Shadow Asset: The specific asset, as defined by a hostname/IP-address, that’s unknown or uncontrolled by the organization. •Shadow Service: Unknown or uncontrolled services (i.e., open ports) that are actively listening on an asset. •Shadow Software: Unknown or uncontrolled software stack information (i.e., list of installed software and versions) of a listening service on an asset. SHADOWS WITHIN SHADOW-IT
  • 7. Bit Discovery 2020 FEDERAL TRADE COMMISSION, Plaintiff, v. EQUIFAX INC., Defendant.
  • 8. Bit Discovery 2020 USE-CASES ATTACK SURFACE MANAGEMENT • Vulnerability & Patch Management • Third-Party Risk Management • Mergers & Acquisition • Cyber-Insurance • Policy & Compliance • Security Ratings • Incident Response • Sales & Marketing Enablement • Investments
  • 9. YOU CAN ONLY SECURE WHAT YOU KNOW YOU OWN. BIT DISCOVERY
  • 10. •Collect a list all registered IP-ranges and domain names: Most organizations will not have a ready up-to-date list. •Find and scan all subdomains: Assets located on-premise, in the cloud, hosted applications, labelled under of subsidiaries, physically located across distributed data centers, and across non-contiguous IP-ranges. •Collect all meta-data for every asset: software stack, version info, TLS cert info, programming language, open ports, IP geo-location, hosting provider, CDN, etc. •Maintain an up-to-date attack surface map: The asset data for most organizations change between 1-5% monthly. THE ATTACK SURFACE
  • 12. Bit Discovery 2020 INTERNET “COPY” OF THE • Generated by Bit Discovery and 400 data sources. • WHOIS databases, domain names, ASN, ports, service banners, technology stack, website index page(s), full TLS certificate info, email addresses, password dumps, etc. • Each asset has potentially 115 unique data points. • Each data point updated daily-to-monthly. • Hundreds of snapshots collected over 5 years. Largest Data-Set Of It’s Kind *missing ~30% of the Internet* 4.5 BILLION DNS ENTRIES 200+ INTERNET SNAPSHOTS 515 DATA SOURCES 115 DATA COLUMNS 150 YEARS OF CPU TIME
  • 14. The total number of Internet-connected assets. TOTAL ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10,000 20,000 30,000 40,000 2,839 237 39,956 38 1,752 18 36,639 479 25 22 44 5,293 77 80 22,972 1,010 2,271 795 172
  • 15. The total number of registered domain names. DOMAIN NAMES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 350 700 1,050 1,400 93 3 1,400 2 53 1 444 44 1 2 3 312 5 2 8 37 128 30 6
  • 16. The percentage of cloud-hosted assets including Amazon Web Services, Microsoft Azure, Google App Engine, and others. CLOUD ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 13 25 38 50 14.76 19.41 26.66 7.89 5.31 11.11 20.70 11.69 0.00 0.00 0.00 46.91 0.00 0.00 0.06 1.19 6.16 3.52 1.74
  • 17. The percentage of Internet-accessible assets served by a well-known Content Delivery Network including Akamai, Cloudflare, and Fastly. CDN ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 0 0 3 24 0 0 0 0 24 0 0 0 0 0 0 4 1 0 0
  • 18. The number of unique Certificate Authorities seen across the Internet- accessible assets. CERTIFICATE AUTHORITIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10 20 30 40 22 4 39 3 18 2 26 12 1 2 2 37 3 6 5 10 29 9 5
  • 19. The number of expired TLS Certificates seen across the Internet- accessible assets. EXPIRED TLS CERTS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 50 100 150 200 77 3 110 0 16 0 110 2 0 0 0 196 0 0 0 21 90 9 5
  • 20. The number of countries hosting Internet-accessible assets. COUNTRIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 4 7 11 14 4 6 14 1 5 1 12 6 2 1 1 8 1 1 3 4 9 3 2
  • 21. The number of Internet-connected assets where the hostname resolves to non-route-able RFC-1918 internal IP-addresses. PRIVATE IP-SPACE SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 10 0 8 0 2 0 1 0 0 0 0 1 0 0 0 27 8 0 0
  • 22. Extremely popular free and open-source CMS. Wordpress assets scanned with WPScan, which includes vulnerabilities in plug-ins. WORDPRESS VULNS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 45 90 135 180 21 0 172 0 0 0 65 0 0 0 57 0 0 0 0 1 0 0 0
  • 24. Every security program must begin with an attack surface map. Jeremiah Grossman CEO, Bit Discovery • Attack Surface Map • Multi-factor Authentication • Email Security • Routine Backups • Wire Transfer Verification • Password Management