It creates a baseline of all of your user activity so that you can easily identify anomalies and other indicators of compromise. Let's take a look at three HIPAA regulations benefit from the UEBA solutions. Termination procedures. If an employee is terminated or leaves the company do they still have access to PHI? Today's users have accounts across network, cloud, or they may share accounts with other users. If that person leaves the company, how do you know that all of those accounts have been taken care of? Further, intruders love to gain access to the network through compromised credentials. So how do you know if an intruder is on your network masquerading as a company user?
UEBA solutions tackle this problem by comparing activity to a baseline of what's going on in your network. If something is anomalous, for example, if you have a user disabled in an active directory but there's an authentication to a cloud service associated with that user, you'll receive an automatic alert. The second regulation is security incident procedures. These are the protocols set in place to deal with a security incident. According to the 2015 HIMMS Cyber Security Survey, more than two-thirds of health care organizations experience a serious security incident.
The challenge here twofold. Is the alert a false positive? And if this alert is something that I need to investigate further, how do I identify the exact users affected? With UEBA solutions, these integrate flexibly with your existing network and security architecture and help you correlate all of the activity on the network through the context of your users. Therefore, if you have an alert that you need to investigate further, you can easily retrace that user even as they move across IP's, assets, cloud services, any of their network activity.
Finally we have access control standards. This is making sure that only authorized users are accessing the PHI. If you think about what's valuable to you that might be confidential email, financials, or, of course, the PHI, you may already have protocols in place to safeguard this information. For example, if you use an electronic medical records software, that will log exactly who has access to what PHI at what time. However, if an attacker compromises one of your user accounts and moves laterally across the network they can end up touching your restricted information from the exact servers and databases behind them. And so that might not be triggered by your existing monitoring solutions.
UEBA, through connecting with your existing architecture, can find those traces of the attacker and you can also tag pretty cool assets as restricted. So if there's unauthorized access to one of those locations, you'll receive an automatic alert. At Rapid7 we take the protection of PHI very seriously. As a business associate, we meet all of the contractual obligations under HIPAA security rule and we provide services to business associates and covered entities today.
Our UEBA solution, InsightIDR, helps you detect stealthy attacks through behavior analytics, investigate incidents faster with user context. It helps you expose risky internal behavior from end point to cloud. If you'd like to learn more, visit us at Rapid7.com and check out InsightIDR. That's it for this week's Whiteboard Wednesday. Looking forward to seeing you next week.
