Case Study: Enhancing Endpoint SecurityKettering Health Network CISO Michael Berry Describes Adding a Layer of Security
Because it's inevitable that attackers will find a way to get around network defenses, nine-hospital Kettering Health Network in Ohio added an extra layer of endpoint security to help mitigate the risks posed by ransomware and other cyberthreats, says Michael Berry, director of information security. He describes what's unusual about the approach.
"We are a firm believer in the layered defense type of concept where there is no one silver bullet or solution that will stop all types of attacks," he says in an interview with Information Security Media Group. "So we want to make sure we have several different technologies in place to - if not stop, then slow down- the attackers, who are weakened, and then we can intervene at that point."
An Extra Layer
But the organization wanted to go beyond firewalls and intrusion detection and prevention technologies to add a "safety net" when attackers inevitably get through network protections, he says. So it deployed an endpoint protection solution - Paranoid from Nyotron - "that takes what we thought of endpoint protection and completely reverses it," he says.
"Until this point, we always thought of an endpoint solution as defining and stopping all the 'bad' - any malicious software, worms, viruses and things of that nature," he says. "But in order to do that, you have to explicitly define what is 'bad' out there - and the definition of what is 'bad' is pretty much infinite."
The endpoint protection solution "maps out all the known 'good ways' an operating system would operate at the kernel level - and that's a very finite definition," he says. "Rather than trying to figure out all the 'known bad,' it maps out the 'known good' and blocks everything else."
The solution does not prevent the installation of malicious software, but rather prevents all nefarious activities performed after that happens, he explains.
In the interview (see audio link below photo), Berry also discusses:
- Examples of how Kettering's enhanced endpoint strategy is playing out to stop ransomware from encrypting files and drives;
- Challenges involving securing medical devices;
- Top cyberthreats facing healthcare organizations.
Berry is the director of information security at Kettering Health Network. He oversees the security of nine hospitals and over 120 outpatient facilities in southwest Ohio, which have almost 17,000 workstations. Previously, he served as an information security officer at Greene Memorial Hospital, which is based in Xenia, Ohio, and is part of the Kettering Health Network.