Beyond WannaCrypt/WannaCry: Wanna Know What’s Next?
WannaCrypt/WannaCry may be in your rearview mirror, but it’s never a good idea to nod off at the wheel. Here are some recommendations to help you prepare for and avoid the worst effects of future attacks.
Patch Early, Patch Often, Patch Everything
If there was one factor that contributed most to the success of WannaCry, it was the malware’s ability to spread quickly. This despite the fact that there were as many as three months of opportunities to patch against the primary vulnerability exploited by the attack.
If any good can be said to have come out of WannaCry, it may be that the attack made patching a higher priority at many enterprises. (This is reflected by the large number of enterprises that took advantage of the complimentary “Get Well Quick” 90-day patch management software licenses Ivanti provided in response to the attack.)
In its report entitled “Ransomware Protection Best Practices,” Forrester Research cites “five essential solution elements” for effective defense against ransomware. Number 1 among these: “Protect Against Known Ransomware Vulnerabilities.” How? “Correlate exploits to vulnerabilities, and prioritize patching.”
Gartner agrees and goes a bit further in its report, “Structured Patch Management Reduces Risk and Keeps Business Alignment.” Among the recommendations from that work: “Establish realistic metrics that recognize the differences [between] patching desktops, servers, databases, middleware and applications.”
More and Better Protection
Comprehensive, timely patch management is critical to ransomware protection, but your enterprise needs more. As discussed in the Ivanti white paper, “9 Steps to Protect Against Ransomware,” the U.S. Federal Bureau of Investigation (FBI) recommends nine specific steps to prevent ransomware infections.
- Patch the critical operating systems and applications.
- Ensure that antivirus software is up-to-date and that regular scans are scheduled.
- Manage the use of privileged accounts.
- Implement access control that focuses on the data.
- Define, implement, and enforce software rules.
- Disable macros from Microsoft Office files.
- Implement applications whitelisting.
- Restrict users to virtualized or containerized environments.
- Back up critical files frequently.
You can greatly improve cybersecurity without trying to take all nine of the FBI’s recommended steps at once. Ivanti cybersecurity experts agree with respected bodies such as the Center for Internet Security (CIS), the Australian Signals Directorate (ASD), and the United Kingdom’s National Cyber Security Centre (NCSC). All of these agencies agree that patching your most critical applications and operating systems, implementing application control, and privilege management can eliminate some 85 percent of environment intrusions. These are the best first steps your enterprise can take to minimize attack surfaces and improve protection.
A New Offer: More Help from Ivanti
As many enterprises already know, Ivanti solutions can help your enterprise improve patch management and implement the initial steps outlined above that go beyond patching. And now, you can do so at significant savings.
Ivanti offers four patch management solutions—Patch for Windows, Patch for Linux, UNIX, Mac, Patch for SCCM, and Patch for Endpoint Manager. If you buy or already own any one of these, you can add Ivanti Application Control for 20 percent off list price—and vice versa. If you also add the Ivanti Xtraction Connector for SCCM, you can do so for 30 percent off the list price of that solution.
Application Control helps protect against zero-day threats. Sometimes, you just can’t patch—because you’re running legacy systems, for example, or you have concerns that patching will break something in your environment. In such cases, you need to block the applications that don’t get patched, with tools such as application whitelisting and privilege management. And Xtraction increases visibility and compliance, by enabling fast, easy creation and sharing of reports and dashboards with no coding required.
This offer is available until the end of September, directly from Ivanti or through your Ivanti partner of choice. Want to learn more about the solutions in the offer and how to use them to help protect your environment? First, check out some additional details online. Then, please listen to our our webinar from Wednesday, June 21: “WannaCry: It Wasn't the First, It Won't be the Last. So Now What?” It features three of Ivanti’s leading security experts and advocates: Chris Goettl, Manager of Product Management for Security, Phil Richards, Chief Security Officer (CSO), and AVP EMEA Product Specialist Matthew Walker.
Whether or not you take advantage of our latest offer, be sure to view our Patch Tuesday and Threat Thursday updates and other security-related resources. Then, when you’re ready, contact Ivanti or your Ivanti partner, and let us help you to defend your enterprise against the next major cybersecurity threat. Whatever it is.