Vaccinating against the Ransomware pandemic
Just as our physical world has suffered from a devastating health pandemic, over the last 3 years the digital world has been suffering a ransomware pandemic that grew 7 times in 2020 compared to the same time in 2019.
While we have vaccines for our health crisis what are our options to help protect us against this digital threat?
Many vendors claim deep protection against ransomware, we hear about the ‘Next Gen’ & ‘Machine Learning’ approach to mitigating the risk of ransomware. The truth being they are one layer in the defense against this and another vendor in the stack to deal with.
Here at Ivanti our goal is being a strategic partner to our customers delivering value in multiple disciplines. Giving you fewer vendors to deal with, fewer contract negotiations, integrated outcomes, and better ROI.
Some Key Layers
There are many layers that can help you Identify, Protect, Detect, Respond and Recover from a ransomware attack. Here are some of the controls where Ivanti are working with our customers to help them protect against ransomware, note it’s not a point solution.
- Understand & Catalogue Assets
Identifying & understanding the hardware and software on your network is key to being able to Protect it. The Australian Cyber Security Centre (ACSC) Essential 8 advise before implementing any other control, assets must be identified and risk assessed. Attackers are looking for that one unmanaged asset they can exploit to gain a foot hold.
- Remediate vulnerabilities in your environment.
Ransomware uses many vulnerabilities that have long since had patches. One report by RiskSense found that of the 57 vulnerabilities targeted by ransomware over 30% were published earlier than 2015. For all your assets protecting them with regular patching is essential, especially those that are internet facing.
- Application Control
Educating users on phishing and identifying malicious websites is an essential strategy, but there are always those that will accidently be tricked. Phishing as a delivery mechanism for ransomware is once again on the rise. When the inevitable happens and a user is compromised it’s essential the payload be it, executable, script or binary is evaluated, identified as not trusted code and prevented execution rights. Application Control will protect against zero-day threats and known threats. Using delivery mechanisms including macros, emails, infected documents, USB keys, drive by downloads and more.
- Minimise User Privileges
It has been widely shown that minimizing the privileges users run with can hugely reduce the damage an exploit can do. Ransomware runs in the context of the user and the privileges the user has. 94% of critical vulnerabilities Microsoft identified in 2016 could be mitigated by removing administrative privileges. Its these types of vulnerabilities that ransomware threat actors love to exploit. Minimize the privileges minimize the pivot.
- Segment Your Network
If you get infected with ransomware the last thing you want is for it to rip through departments and the data centre uncontrolled. Unless you are segmenting your network, that is what can happen. This is what some organisations have experienced. Using Zero Trust Network Access controls you can ensure that devices, apps and data can only be accessed when compliance is adhered to. This will limit the damage and how far an infection or intruder can spread.
- Zero Trust Access
In this complex digital world, we have hybrid cloud environments, on prem and cloud applications, managed and unmanaged networks and corporate owned and personal devices. Having a Zero Trust framework where you can ensure the access to an application, network, service or data is verified before being trusted and remains compliant allows you to reduce the risk for compromise. Stolen credentials appear in more than 80% of breaches, how about basing trust on something you have, something you know and something you are, using technologies such as MFA, biometrics and certificate-based authentication.
How can Ivanti Help?
Ivanti have solutions that deliver all these core capabilities to help you protect against ransomware attacks. Providing you the layers of defense that truly give you a defense in depth strategy against ransomware.
If you would like to know more about any of these capabilities or an end-to-end solution then please give anyone at Ivanti a call or reach out directly to me [email protected].