Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page216/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   212   213   214   215   216   217   218   219   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 259 of 425

(b) Offers total coverage that effectively secures all endpoints, including desktops, laptops, servers, and virtual environments. c) Has predictive security capabilities that use artificial intelligence and security analytics to predict potential threats, reduce false positives, and accelerate incident response.
37.3.2
Response
747. As discussed at paragraph 731 (pg 253) above, an EDR system would allow for rapid isolation and containment of infected systems, and enables the rapid collection of forensic evidence from multiple systems at the same time. In summary, an effective EDR system has the following capabilities, relevant to responding to a security incident a) Allows fora complete response, as it validates, triages and remediates the effects of any threat with digital forensics. b) Seals off potentially compromised endpoints during investigations, and has the ability to do so remotely, without an IT security officer going to a compromised endpoint directly to physically disconnect it from the network. c) Allows for remote remediation of compromised systems by deleting malicious files and associated artefacts on all impacted endpoints. d) Conducts investigation and containment of suspicious events by sandboxing, quarantining, and retrieving endpoint process dumps.
748. Our recommendation is that IHiS/SingHealth (as CII owner) and other CII operators must implement advanced endpoint security solutions, given the clear evidence of how signature-based systems were thoroughly defeated in the Cyber Attack.


COI Report – Part VII
Page 260 of 425

749. IHiS has fast-tracked the deployment and installation of an Advanced Threat Protection (“ATP”) system in the aftermath of the Cyber Attack.
The ATP system is an advanced endpoint protection system which is described as being able to replace a traditional antivirus system. Rather than try to keep up with the ever-growing list of known threats, it sets up a series of roadblocks that prevent the attacks at their initial entry points – where malicious access to the system is made through the abuse of legitimate executable files.
750. However, unlike EDR systems, the ATP system implemented by IHiS does not appear to have the response capabilities described above at paragraph
747(b)-(c) (pg 259). As such, IHiS must consider implementing a separate solution to fill these gaps.
751. At the end of the day, for effective detection and response to security incidents, the technical solution implemented must be able to send alerts and/or block the following attack methods that were observed in the Cyber Attack a) the running of unauthorised applications b) the use of system tools for malicious purposes (e.g. the solution must protect against fileless malware, the use of PowerShell, and methods of moving laterally in network and c) the running of unauthorised Virtual Machines (e.g. as seen in the use of VM 1 and VM 2 to login to Citrix servers.

Download 5.91 Mb.

Share with your friends:
1   ...   212   213   214   215   216   217   218   219   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy