Implementing a Behavioral-Based Approach to SecurityCISO John Woods Describes Healthcare Sector Challenges
Just as seasonal flu viruses change from year to year, so too malware threats quickly evolve, necessitating a behavioral-based approach to security, says John Woods, CISO of pharmacy software vendor PDX Inc.
"We can't look for the fingerprint ... or signature of a virus or piece of malware any longer because it changes very quickly, very consistently," he says. "As soon as someone knows a particular variant is out there, the [creators] of it will modify it so that it has a slightly different look and feel and it will get through all the traditional defenses," he says in an interview with Information Security Media Group.
To counter that, Woods says he's implementing a behavioral-based approach to security.
"It's just as when you go to the doctor and they don't screen you for all the various viruses you might have, but [instead] look at the symptoms and narrow it down to what you might have," he says. "The behavioral-based approach to security works very similar to that. Instead of the fingerprint of the virus or malware, we look at how it acts, the way it performs through the kill chain. And that is what we're targeting ... preventing it from making it to the end of that kill chain and getting data."
The implementation of a behavioral-based security approach at PDX has been "a progression," Woods says. The first place where the company is implementing the approach is at the network layer, he explains.
"We've implemented some technology that's looking at our network traffic for anomalies, things that are not normal," he says. For instance, as head of PDX security, "I really don't have a need to do anything with our accounting or payroll servers. So, when I see traffic from ... my computer connecting, talking to assets within accounting or payroll, that's an anomaly. We have detective measures to look for those types of things. And we act on it and stop that kind of traffic. Then we look at the end-user system to see if there's something on it that is initiating that kind of traffic."
Security Challenges at Pharmacies
When it comes to the pharmacies that PDX serves, Woods says vendor management is becoming a key cybersecurity priority.
"Our customers are often a grocery store or discount store of some sort. Rarely do those entities have a breach directly on their pharmacy - they have a breach on another part of their business, maybe through their point-of-sale system or through a corporate issue," he says. As a result, he says, these retailers must work with all their vendors to ensure they're properly mitigating risks.
In the interview (see audio player below photo), Woods also discusses:
- How to reduce challenges involved in chasing "false positives" when security anomalies are detected;
- Ways to bolster security of privileged access users and mitigate phishing attacks;
- Recent healthcare sector breach trends.
As CISO at Fort Worth, Texas-based PDX Inc., an integrated pharmacy software suite vendor, Woods is responsible for all aspects of cyber and physical security. Previously, Woods served as director of security for eRx Network and as director of security for the pharmacy division after the company's acquisition by Emdeon. Earlier, Woods was managing consultant for Buchanan Technologies. He is also a member of the U.S. Secret Service Electronic Crimes Task Force.