The 2022 Verizon Data Breach Investigations Report (DBIR) found Internet-facing applications, such as web applications and mail servers, were among the most common methods for attackers to slip through organizational perimeters. Once the perimeter is successfully breached, attackers can trigger ransomware, stopping critical services while demanding a ransom payment. Web-based threats, such as malware and ransomware, are threats that originate from the Internet. Additional web-based threats include phishing campaigns, DDoS, worms and viruses, spyware, cross-site scripting, and SQL injections. Some of the ways HealthEdge defend against these threats are with geolocation technology, 24×7 alerting and monitoring, and vulnerability management.
Geolocation data allows system administrators to create Geofences that can limit or prevent access based on the source or destination of the traffic. For example, an embargoed country can be blocked from accessing the website, or a user can be prevented from accessing a page hosted in a sensitive country. While this does not prevent all attacks from the location, it does raise the bar of difficulty for an attacker.
Additionally using this geolocation data security, teams can identify anomalous activity, or even spot a new superhero. If access is attempted from an authorized location but is not the “normal” location for that specific user, rules such as challenge questions, or designated timed lockouts will trigger before access is granted. If a user successfully logs in from New York, NY at 8 AM, and that same user tries to login from Los Angeles at 10 AM, we’ve either identified a super-hero, a user with access to a transporter, or a potentially compromised credential. No matter what’s happening the organizations 24×7 monitoring and alerting systems need to be activated so the activity can be investigated further.
Asset inventory and vulnerability management are also major components of a security program. At HealthEdge we routinely scan and test our environments, which helps us identify security weaknesses from things like system and software patches, device misconfiguration, and/or other vulnerabilities related to human error. Vulnerability management, with regular scans, ensure security is continuously assessed and improved for greater maturity.
The 2022 Verizon DBIR state attackers view malicious exploits as “a numbers game.” If attacks can remain at a high rate, or even increase, eventually minimal access can be gained to advance their attack plans. With this level of persistence in mind, HealthEdge adopts a layered security approach with technology enablers used to strengthen each layer of defense.
- Web application firewall (WAF) tools protect web application servers by mitigating application layer attacks through analyses of each HTTP/S request. Application layer attacks, such as DDoS attacks, seek to disrupt services from the web application. WAF tools ensure only authorized data is transmitted and prevents malicious, or unsafe traffic, based on a set of configured security policies.
- Firewalls are used to restrict inbound and outbound traffic in a private network to mitigate web-based threats.
- Content filters are used to prevent malicious content from being delivered in the first place and assessed again at the point of click to ensure the content hasn’t become malicious.
- Source code analyzers are used to scan software for flaws and defects during the development cycles.
Stay tuned for next time where we will explore the value of using cyber intelligence alerts to complement our security strategy.