Eliminate Phishing Risk in Hospitals | Secfense @ DMEA Healthcare Berlin 2019

eliminate-phishing-risk-in-hospitals-secfense-dmea-healthcare-berlin-2019

“In 2017  Google introduced a little security key to their all 89 thousand employees and completely neutralized phishing. Since then they’ve reported zero accounts takeover and account takeover is a major component of almost every security breach.”

With these words, Marcin Szary, CTO at Secfense welcomed the audience of DMEA (previously known as ConhIT, the biggest healthcare event in Europe, and one of the biggest in the world).

DMEA has a long tradition of being a place where the most innovative technology companies show their most recent products and solution to healthcare professionals. That was the reason why we decided to showcase our cybersecurity tool during the event in Berlin.

Secfense mission is to always enable the best possible protection to all the apps within an organization. With no restrictions when it comes to verticals. Secfense security layer can be easily introduced in finance, insurance, utilities, healthcare, e-commerce, transportation, etc.  The bigger the company, the more burning the issue is.

We help companies save time and money while improving their overall security strategy related to user authentication.

While DMEA, being a huge healthcare event, is dominated by big ehealth technology brands with some impressive stands and equipment DMEA organizers also made sure that the event will not miss an opportunity to show what new technologies and new start-ups can deliver.

A specially designated space during the show called Start-up CAFE was a special place where people responsible for new technologies from hospitals and clinics could come and see new ideas from new and interesting brands.

That was also the place where Marcin Szary had the pleasure to deliver his short speech and showcase our new demo and our new feature – microauthorizations.

With Secfense we can help you mitigate the risks with the most impact on your users security without stretching your budget. We do so by introducing an intermediary layer that is spanned across the entire infrastructure and protecting users on the fly.

So we do not modify the applications themselves, but rather we put ourselves in a position where you can observe, analyze and modify traffic to them. So there is no costly software development involved, no third-party code in the application and no vendor lock-in, which is very important.

The average cybersecurity budget of healthcare organizations is just 1/2 as in other industries.

During the showcase, Marcin showed a live demo of Secfense deployment on a medical application. The whole presentation took less than 5 minutes which is twice as much as it’s necessary to deploy an independent security layer on a medical app, without touching its code. We recorded the whole showcase, so you can watch it on our Youtube channel and see how the live product looks like.  

An interesting thing that we showed for the first time was a feature that enables hospitals and healthcare institutions to protect some specific areas within the application (so the application is already protected by a password or two-factor authentication, but still some areas require some extra authorization).

So with Secfense you can create another protective layer on top of this resource, so we can force users to re-authenticate every time they try to access it. We call it microauthorization. When the user tries to access a resource protected with microauthorizations, he or she will be requested to tap the security key again to re-authenticate. So there’s a 100% certainty that it’s still the same person behind the keyboard and not a malware controlled machine that stole the session.

Microauthorizations work in two scenarios:

  • In the owner scenario, Secfense simply asks the user to re-authenticate.
  • In the supervisor scenario, Secfense asks the privileged user (supervisor) for authorization

The only thing that needs to be done is for the admin to change the policy from owner to supervisor and that’s it. Next time the user tries to access a resource his or her security key will not be sufficient. It will be necessary to bring over the supervisor with the security key to grant access to this resource.

This seemingly small thing was a pain in the neck of lots of organizations, not only from healthcare but many other areas. Since big companies in most cases depend on the software from big vendors it’s often hard or even impossible to make some changes in the application code that will allow the application admin to add some features or extra authentication mechanisms.

With Secfense this is no longer a problem since all these things can easily be done without making even the slightest change in the application code.  

Free your apps from a vendor lock-in

So this all takes place in the middle of the space between the users and the applications so there’s no software development involved. You can build this protective layer on any app in minutes so if like Google you’d like to eradicate phishing or other account takeover techniques, schedule your free consultation where we will explore with you all the available options you have to protect your organization against phishing, credential theft and inside frauds.


And here’s a couple of useful links where you can dig more on the subject of cybersecurity challenges in healthcare and how to deal with them:

Read More

Testimonials

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director

RKKVC

Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera

Partner

Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT

MPEC S.A.