Dealing with Security Threats at Scale

Picture a major government agency responsible for overseeing several major health insurance programs that service over a hundred million customers daily. Does this sound like a tempting target if you’re a hacker or cybercriminal?

Of all the PII (personally identifiable information) that is out there, nothing is more personal than your medical information. So a system that keeps detailed files on 100M + Americans with health insurance claims continuously moving through a vast workflow? Threats that disrupt the day-to-day lives of millions of people are a cybercriminal’s dream, and the fact that it’s a medical PII makes it much more appealing.

With this type of information, agencies such as the Centers for Medicare and Medicaid Services that operate on this scale require a timely, sophisticated, and actionable grasp of security threats. Potential threats must be identified, categorized, prioritized, correlated, and remediated. All of this needs to be done with enough speed to stop attacks before they gain traction and become disruptive to large sections of the US economy. Remember that this is not a matter of inconvenience; it is medical/healthcare processing, so it can critically impact customers.

This scenario is ideally suited for advanced CTI (cyber threat intelligence), and the current market leader in CTI is Anomali ThreatStream. ThreatStream has been detecting threats for this particular agency for several years, primarily to support CTI initiatives to protect a vast workflow of data as the government processes medical and health insurance claims.

Enabling an agency operating at this scale (thousands of employees supported by over 100,000 contractors) to gather and share threat intelligence effectively across both internal operational infrastructure and its more extended contractor ecosystem requires cloud-level scalability backed by AI speed. It’s also essential for technology at this level to work seamlessly with legacy architectures (which is often a common framework with government agencies). CTI data is captured in real time and then enriched to support initiatives that cover a wide and complex ecosystem of security applications. Anomali’s threat intelligence is also fed into their fusion center and used to provide insights to political appointees and other people in senior leadership.

The ideal scenario for any technology is that it simply works. This particular one secures critical data for over a hundred million customers and is a good example of what a next-gen cloud-native Security Operations Platform should look like. It works how it’s supposed to, and neither executive/political appointees nor security practitioners need to think about it – they have what they need when they need it.