In the wake of the pandemic, nations worldwide are seeking a return to good public health and economic recovery. Any such return can be critically aided by an adequate supply of vaccines which can be administered to millions of people without a hitch. However, the SARS-CoV-2 vaccine supply chain – which tackles the COVID-19 disease – is rife with logistical complexities. Additionally, the enormously valuable intellectual property and data on the vaccines, components and therapeutics are relatively easy for threat actors to take. In fact, nation-states are already attempting to steal vaccine formulae and disrupt operations. Potential targets include those in the business of researching, developing, conducting trials, manufacturing, or distributing the SARS-CoV-2 vaccine. Players in the highly intertwined network of big pharma, biotech, contract development and manufacturing organizations (CDMOs), and health and clinical research institutions are all at risk. Nation-state actors are patient, persistent, well-funded and sophisticated. They can destabilize the SARS-CoV-2 vaccine development and supply chain using a variety of techniques. Multinational professional services organization PriceWaterhouseCoopers (PwC) has identified IP theft threats and disruption at both the research and trials stages, as well as manufacturing disruptions[i]. In July 2020, the US Justice Department alleged that foreign nationals were finding ways to penetrate the networks of biotech and other firms that are known to be working on vaccines, treatments, and testing technology in at least 11 countries, including the US. Then, just a few days after receiving permission to start final-stage trials for a SARS-CoV-2 vaccine, one of India’s largest generic pharma companies reportedly suffered a cyber-attack and had to shut down plants in a few countries. Many affected organizations are easy targets. Weak controls create significant risk. In addition, manufacturing sites often operate outdated, unpatched, or insecurely deployed systems. Flat and open networks, lack of privilege access management, lack of removable media control and vendor connectivity further contribute to insufficient resiliency.
Ensuring cybersecurity for healthcare research data
Countering the threat
Real cybersecurity involves anti-fraud and anti-corruption compliance programs, but it also includes technical measures to protect your network. Make it difficult for attackers to gain a foothold in your system, by drawing an overall picture of the attack surface and identifying potential attackers. Also, threat actors can exploit system weaknesses, misconfigurations, and vulnerabilities to gain privileged access once they get into a system. Organizations should enhance privileged access management capabilities to include vendor remote access. Reduce likelihood of threat actors moving laterally in your system — segment network access. With network segmentation, you can better isolate an incident, reduce attack surface, and prevent propagation of ransomware, for example. Mind your entire ecosystem and manage third-party risks. Vaccine R&D and manufacturing activities rely on many third parties. Threat actors often use organizations with weaker cybersecurity protocols as a back door to the ultimate targets. Assess the cyber posture of third parties. Also, remember to check your physical and digital connections to hospitals, which have come under ransomware attacks by foreign-based cybercriminals.
Cybersecurity on site and in the cloud
If we want to build real cybersecurity into our network architecture, we have to recognize the extent to which the way we use networks, and our expectations of them, has changed over recent years – a change which has been considerably accelerated by the pandemic. When networks were originally designed and installed, they were contained within a silo inside the organization’s walls, with appropriate policies, frameworks, and tools in place. Security was easier as every network path was owned by the organization and under its control. Then employees started moving and working from outside the building, creating rapid growth in cloud applications and cloud services delivering multiple functions. Branch offices also need to communicate with headquarters. Accordingly, cloud-based security tools have been developed to ensure that access to these services is done appropriately, using the right policy within the right framework[ii]. We need to merge and blend the traditional on-site environment and existing resources with newer cloud environments complete with the latest tools and the ways of working we are now experiencing.
Secure web gateways
One way to span these environments is to deploy secure web gateways (SWGs). These protect users from web-based threats in addition to applying and enforcing corporate acceptable use policies. Instead of connecting directly to a website, a user accesses the SWG, which is then responsible for connecting them to the desired website and performing functions such as URL filtering, web visibility, malicious content inspection, web access controls and other security measures. SWGs enable companies to:
- Block access to inappropriate websites or content based on acceptable use policies
- Enforce their security policies to make internet access safer
- Help protect data against unauthorized transfer
Applications at headquarters are accessed through a remote access VPN. However, when users access cloud applications, they bypass the VPN and are exposed to risk. This is why organizations use SWGs: to provide secure internet access when users are disconnected from the VPN. One of the challenges of deploying SWG functionality is that it is typically set up as a stand-alone environment without coordinating workflows, reporting, or logging with other security infrastructure in the organization. This can lead to increased complexity over time as organizations often have multiple security point products that make their security operations less efficient and effective.
The emergence of SASE
More recently, a new approach for security infrastructure has emerged. This is known as SASE (pronounced “Sassy”), or secure access service edge, and combines networking and network security services into a single, cloud-delivered solution. This allows companies to deliver multiple types of security services from the cloud, such as SWG, advanced threat prevention, firewall as a service (FWaaS), domain name system (DNS) security, cloud access security brokers (CASB), data loss prevention (DLP) and others. This way, companies are able to control web access; provide users with secure connectivity; and protect all their traffic, users and applications from hostile websites and content, all from one cloud-based platform. The FWaaS component is a cloud-based implementation of firewall technology, which has long been used to protect computer networks. Traditionally Implemented either in hardware, software or both, a firewall acts as a barrier to prevent unauthorized access to the network. It does this by proactively monitoring all incoming and outgoing traffic as well as applying and enforcing an organization’s security policies. Firewalls were originally created to protect on-site company networks, but as more companies moved their applications and data to the cloud, firewalls had to evolve. Now, firewall as a service, or FWaaS, enables firewalls to be delivered as part of a company’s cloud infrastructure. The most advanced FWaaS implementations include next generation firewall (NGFW) capabilities. NGFWs offer the same functionalities as traditional firewalls, plus some more advanced features[iii]:
- Intrusion prevention system (IPS): Scans network traffic, identifies malware, and blocks it
- Deep packet inspection (DPI): Improves on packet filtering by analyzing the body of each packet in addition to the header
- Application awareness and control: Identifies and blocks traffic based on which applications the traffic is going to
- Threat intelligence feeds: Incorporates streams of updated threat intelligence to identify the latest threats
A SASE solution that provides SWG can offer protection in the cloud through a unified platform for complete visibility and precise control over web access while enforcing security policies that protect users from hostile websites. Using a SASE Solution brings many benefits. SASE offerings provide multiple advantages for enterprises, such as protection from advanced security threats, data loss and data theft, with a greatly reduced cost of deploying security at scale. Network management is streamlined, with complete visibility and precise control over the entire network. Teldat’s SASE solution allows users to digitalize with security. Based on our be.SAFE Premium architecture, it allows you to integrate security into your communications using SASE architecture, including secure web gateway (SWG) and next generation firewall (NGFW) services that let branch offices, retail locations and remote workers safely enjoy full public internet connectivity. References