“Ransomware” – it’s been screaming from headlines around the globe in the last 24 hours – almost a hundred nations attacked, the British health system paralyzed, likely billions in damages, and an already weary world had its sense of security shaken, yet again.
Companies and organizations worldwide are now scrambling to rethink their readiness, and being inundated by hundreds of security technology providers who claim their solution is the one that can protect from future attacks.
Here’s what you need to know: this recent wave of ransomware attacks proves that it’s not possible to depend on program updates (“patches”) and existing defenses, because the base of the attack is social engineering – human error (people who downloaded the malware, insiders etc.). Although it’s not possible to prevent malware penetration 100% of the time, through data and communication footprints in the system, it’s possible to know who has been affected and prevent further spread of the attack, and in this way lower the risk dramatically.
So what you need to know and do?
The attack can start from the outside through typical social engineering channels, like phishing, and infect your users, whether they are at work, home or traveling. Or maybe an angry employee (insider) has decided to cooperate with a cyber criminal organization – or both. Eventually the malware will get in and you need to identify it and contain it, fast!
In terms of tools, make you have strong end-point protection tools (UEBA – “User and Entity Behavior Analytics”) and “hunters,” good threat-intelligence feeds and obviously switches and firewalls that are well-distributed throughout the network, and can contain an attack quickly and effectively. But even if you have all these, it’s not enough.
You need to make sure you have a security analytics system, on top of your security tools and systems, collecting the data to identify patterns of infections and propagation of the ransomware. To act fast enough you need this analytics system to automate investigation (diagnostic) actions in order to understand the capabilities of the malware and validate active infections, and predict next steps. Lastly you need the system to automate containment accordingly through the network and end-point.
Yes, all this sounds – and is – really complicated, but the area of security analytics, orchestration and automation deals exactly with these challenges, helping security IT groups, CISOs, security managers, compliance managers, insider threat managers and SOC’s perform these actions seamlessly.
Your best investment to protect against ransomware attacks is to implement Prescriptive Analytics with accompanying with orchestration and automation.
Read more on how to effectively prevent ransomware attacks in empow’s ransomware case study here, or leave us your details and we will contact you to discuss how empow can help you in defending against ransowmare.