Ransomware and malware, malicious cyber threats that demand ransom payments from the organization being attacked to retrieve stolen and encrypted data, have become the most prevalent cybersecurity threats. In the last few years, such attacks have increased in frequency and severity, and typically the large-scale cyber-attacks reach the headlines as seen in the 2017 WannaCry and NotPetya attacks that affected close to 300,000 computers globally.
Faced with the increasing threat of ransomware attacks, many organizations are now actively engaging in updating their cybersecurity defenses and authentication procedures to avoid the attention of cyber offenders. This can be a difficult process because many companies lack visibility of their network in terms of which points of connection are vulnerable to threats – such as Internet of Things (IoT) and personal devices (Bring-Your-Own device -BYOD). Therefore, Portnox recommends implementing a layered ransomware defense, response and remediation plan on the enterprise network. This plan would integrate full visibility of the network with all connected and managed/ unmanaged endpoints (including IoT and BYOD); control over access to files, resources and data, and remote remediation capabilities. Furthermore, the plan should include the possibility of quarantining or blocking infected devices to control lateral attacks.
Ideally, an effective plan for defeating cyber extortion would include defense tools, such as anti-virus and anti-ransomware software that provide behavior-based detection, prevent access to files and file modifications, recover files, and vaccinate against the ransomware strain. All of these together create a comprehensive ransomware response and remediation solution. Portnox’s solution addresses all phases of the ransomware kill chain – reconnaissance, exploitation and remediation, and together with its technology partners and integrations, offers a holistic ransomware solution. Notwithstanding the ability to mine data from other sources, Portnox’s solution is known for its seamless deployment, even across the most complex networks and security architectures.
Phase 1 – Reconnaissance:
During this phase, the attacker collects information on the target through research of publicly available information or social engineering. At this phase Portnox’s solutions provide a real-time picture of all network elements, so that organizations can understand the level of risk and identify vulnerabilities early-on. Endpoints that are deemed to have a high risk value (fail to uphold the network security policies, are missing the latest antivirus and OS patches, or have certain technical specifications that have been deemed vulnerable), will be blocked from accessing the network or quarantined until security updates are made. Additionally, Portnox offers the ability to see into the weakest areas of the corporate network, i.e. Internet of Things (IoT) devices. CISOs, network administrators and IT teams can discover where IoT devices are located on the organizational network and detain them in a separate VLAN network with limited access.
Phase 2 – Delivery & Exploitation:
At this point hackers use the information attained in reconnaissance to carry out attacks on vulnerable endpoints, users and different areas of the network. Portnox software receives information from third-party security vendors to actively identify anomalies. There is full communication between Portnox and these vendors, so that their assessments are seamlessly integrated. The system can carry out on-going sandboxing of endpoints according to defined characteristics (including for IoT devices), and it can filter endpoints according to patch, anti-virus, operating system and active applications as well as quarantining them if one or more of these aspects has been deemed vulnerable. Portnox shares information when an endpoint’s posture assessment changes, helping network administrators identify attempts at social engineering in the early stages of a breach. The admin can then bring that device into compliance with security policies, or quarantine it until remedial security measures are taken.
Phase 3 – Command & Control Actions and Extraction:
At times, despite having all the right solutions in place, ransomware still gets through. Once this phase is reached, the ransomware is installed and the hacker can take full control of the organization’s system and do with it as he or she pleases. The hacker could freeze the organization’s data and demand ransom to give the access back (“Cryptolocker attacks”) as in some of the major ransomware attacks in the last few years. A new era of “CryptoWorms” is expected to surface as malware writers become more sophisticated and now, more than ever is time to have the right technologies in place to defend the organization’s assets, accessibility and private customer data.
Having a rapid remediation plan in place will not only help prevent further damage or the lateral spread of the attack; it will allow business continuity. Portnox uses the following:
• Automated Patch Updates Across the Network – Enforces necessary patch, anti-virus, operating system and application updates across managed and unmanaged endpoints, located both on and off premise.
• Immediate Incident Response – Contains ransomware events by remotely disconnecting endpoints from the network (no manual touch required). The program drills down to the level of specification: device type, operating system, anti-virus software version, switch location, and more. Finally, it performs automated actions on every device, in all locations, instantly.
• Armed Incident Response Teams – Portnox arms IT professionals and network admins with the ability to remotely take actions on employees’ devices. In addition, with Portnox’s solution, IT professionals can create an effective incident response plan for any device based on network specifications.
In conclusion, ransomware and malware are considered to be the top cyber-security threats of our time. Therefore, it is imperative to significantly increase organizational security so as to be prepared, with the right response and remediation software to such frequent and wide-reaching attacks. Portnox offers network access control solutions that allow organizations to maintain the upper hand in network security, allowing business continuity, securing company assets and avoiding prohibitive financial losses.