Case Study: Intrusion Prevention, Detection in the CloudBill Dougherty, CISO of Omada Health, Describes the Approach
Chronic disease management firm Omada Health, whose clients include large employers and health insurers, has been changing its approach to cloud intrusion prevention and detection, which is reducing time spent on investigating false positives, says the company's information security leader, Bill Dougherty.
Omada Health is a "cloud-first, cloud-only type company," he says in an interview with Information Security Media Group. "We operate primarily in Amazon Web Services, but then have lots of software-as-a-service providers as well."
The company's contracts with clients, as well as regulations, require it to have strong intrusion detection and intrusion prevention measures, he notes.
"But a traditional approach - network-based - really doesn't work well in a cloud-based environment. It changes too frequently," he says, and "doesn’t give you the visibility that you need to [detect] your real threats."
Omada Health's previous vendor was focused on looking at log files, Dougherty says, and about two years ago, the company began changing its approach. It switched to the vendor Threat Stack, which offers host-based intrusion protection, he says.
Rather than looking at log files, Threat Stack looks at running processes and doing file integrity on the disc, according to Dougherty. "A log file is only as good as what's written to it, but the running processes give you much better insight into what is happening in the host, and from that you can profile what's normal versus what's abnormal," he says
The change helped Omada Health cut down on its logging expenditures, as well as on time spent chasing a lot of false positives, he says.
According to Dougherty, prior to switching approaches, "I don't think we got a single actionable alert. Now we're getting actionable alerts."
In the interview (see audio link below photo), he also discusses:
- Other changes to Omada Health's incident protection and detection strategy;
- His organization's approach to threat hunting;
- Top security projects and priorities for 2022.
Dougherty is vice president of IT and security at San Francisco, California-based Omada Health, where he leads a team responsible for all aspects of internal IT, including SaaS strategy, end-user support, vendor management, operational security and compliance. Dougherty was previously the chief technology officer at RagingWire Data Centers, which is part of NTT Communications.