Story image

Four steps for preventing the next ransomware attack

05 Dec 17

As we approach the end of 2017, it’s clear that enterprise ransomware continues to be a huge issue for businesses all over the globe. Once ransomware enters your network undetected, your data is immediately encrypted and inaccessible or your systems are locked down. 

In some cases, ransomware goes after the back-ups and if they are connected to the network, the data may be completely unrecoverable. Here are some tips on how to better prevent ransomware damages:

Apply behavioural-based detection   

It’s crucial for organisations to shift to proactive cybersecurity techniques focusing on identifying malicious behaviour, relating to ransomware even when no signatures or known exploits are present.

Instead of being reactive and shoring up defences when you detect an Indicator of Compromise (IoC), or a “known bad,” organisations should track Indicators of Attack (IoAs) that identify adversary behaviour, related to ransomware, such as code execution or lateral movement.

This enables organisations to prevent, detect, and respond to both known and unknown attacks. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features.

Augment analytics with artificial intelligence/machine learning

AI/Machine learning (ML) is critical in helping to detect ransomware that might otherwise be missed. To be truly effective, ML must have enough relevant data so results can be meaningful and adjust to ensure the balance of true vs. false positives.

A signature-less ML combines behavioural analytics with ML and is able to learn what files are malicious without having to be fed new datasets every day. This approach is far superior in helping detect the malware and ransomware of today, much of which is unknown variants and ultimately leads to better classification of what is malicious or not, helping your organisation’s IT team in the long run.

Bolster your defence with proactive hunting

Rather than waiting for ransomware to appear and take hold in your organisation, it is better to spot the problem at inception and close it down immediately. This is what proactive threat hunting looks like, and leveraging threat hunting teams can help defenders shift the advantage back to themselves.

Threat hunters look for evidence of potential malicious behaviour that might exist in a broad pool of behavioral data, but may be too subtle to warrant a response.

From there, threat hunters can follow even the faintest suggestion of possible threat activity to put together a picture of whether an attack is in progress, or if the behaviour is irregular but does not represent malicious activity in your IT environment.

Threat hunters make it possible to find damaging attacks before they are able to be detected using automated security tools. This is a key fundamental for true visibility into your network.

It’s time to solve the patch problem

Vulnerability scans are no longer adequate in defending the network in real-time against modern-day threats. Many legacy approaches only report patch information collected from checking the registry for listing of installed patches. As a result, failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status.

This leaves organisations with major blind spots that can turn into massive vulnerabilities in the event of attacks like WannaCry. Vulnerability management needs to work in real-time and have full visibility into the environment to create a capability of proper prioritisation and patching.

Article by CrowdStrike. 

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.