Top 5 Ways to Prevent Ransomware
By Robert Lesher. Pre-Sales Solutions Engineer and Michael O’Connell, Security Solutions Architect
If you logged onto the internet in the past year or so or even turned on tv you know that ransomware attacks are happening every day. In May, the Colonial Pipeline was attacked and in the same month databases for a San Diego hospital system were shut down.
Attacks were made on a multi-national meat supplier (JBS SA), Kaseya, and Howard University[i]. There have been cyber-attacks across the globe every month yielding multiple terabytes of leaked data held for millions of dollars in ransom[ii]. Ransomware and the sophistication behind ransomware continue to evolve and are becoming a bigger threat to our technology landscape.
As cybersecurity professionals, we see customers every day of the week get affected by ransomware and it’s our job to identify some of the weaknesses in their environment to help them protect their environment against ransomware.
Sometimes an organization may lack visibility into their environment which could bring your business to a complete halt. When a malicious outbreak occurs without proper protection utilizing next-generation defense tools your business could be reliant on someone physically unplugging the devices. With the ever-changing threat landscape and businesses adopting a hybrid work model this can make tasks extremely difficult to complete.
Protecting your systems before you are infected is vital to your business’s financial health and survival. The overall cost of a successful attack is lost productivity, customers losing confidence in your brand not to mention the actual financial loss of paying the ransom.
Let’s go over 5 ways you can prevent ransomware.
Email Protection
Ransomware has had banner years since 2020 with the change in the workforce environment to a hybrid workplace. An example of the spread is a phishing scheme entering via email. The user ends up clicking on what appears to be a legitimate link only to be taken to a URL that pulls down an executable file with the payload. That endpoint now gets infected with the malware propagated to any other endpoint that the system can reach.
User training can help, yet many times falls short of the mark. Awareness of how to recognize a phishing email is the first line of defense. Training your users what to check in an unexpected e-mail brings a certain level of protection. Adding e-mail filtering can prevent the message from reaching your staff’s inbox.
Endpoint Protection
It’s important to have endpoint protection on every system. Your solution should start with cloud-delivered endpoint protection and advanced endpoint detection and response across multi-domain control points. It should stop breaches and block malware then rapidly detect, contain, and remediate advanced threats that can evade front-line defenses.
DNS Protection
When you click on a link, in an email, website, or from within an approved application, the URL name is resolved into an IP address, that’s called DNS. Placing protection at this point, before the page is delivered prevents the URL from being resolved. Your DNS protection allows you to identify known bad threat actors or known locations that are shady, and simply not translate the name to an IP address. This blocks access to a bad or questionable location.
Your DNS solution should provide a centralized location for consistent policies that can be deployed across multiple locations both on and off-network.
Next-Gen Firewall
A Next-Gen level 4-to-7 firewall will look for any kind of traffic that is not normal to your environment. That abnormal traffic gets flagged, then goes to the threat intelligence to see if it matches anything in the advanced database.
Your Next-Gen firewall should allow you to rate limit and configure actual live sandboxing of your infrastructure to protect and replicate something without infecting your production environment.
We recommend a NextGen firewall that includes Advance Malware Protection (AMP) with options to add an intrusion detection system (IDS), intrusion protection system (IPS), and granular category-based content filtering.
(Advanced) Threat Intelligence (on the Back End)
Any advanced threat intelligence system begins with the breadth of its network. The larger the better in this case, since the more data collected and analyzed allows for a better understanding of potential threats. Using a multitude of sensor feeds and funnel potential threat data to review and dig deeper into the data if needed. This data should be used to build a database of threat profiles that are used to compare your traffic against known malware.
Additional Recommendations
Consider adding a platform solution to handle the advanced protections and an advanced firewall needed to protect your network that also brings simplicity for your security professionals. Simplicity and metrics should be built right in without the need for an additional monitoring program. You should be able to see how much usage the clients have, where your clients are going, and if they’ve touched anything that is a potential threat to your environment
An additional feature that we love to have, coming from an operational background and sitting in that seat for many years, is that anytime it’s time to deliver an upgrade to your environment or a security patch, your platform should be able to handle the task
In a traditional environment you need to figure out exactly what platform you’re on, do you have to do a stepped upgrade, or can you go direct to the latest platform, There are several manual steps needed – pull down whatever config or code that you need for that device, find your outage window, take the outage, and implement the changes. Then hope that you don’t have to do a backup, and make sure that you have your configuration backed up because if things go sideways you want to make sure that you have that available.
It should be as easy as checking a box. If there’s a critical security patch that needs to be applied, you check a box in your dashboard that will apply this at 3 a.m. on a Sunday or overnight. You don’t even need to think about it.
When you get up and log in, it’s already applied automatically. For customers with smaller IT shops, the time you save not having to figure all that out should make it worth the investment on a unified platform just based on that savings.
A unified platform with layered protection should be easy to configure and deploy offering a simple, easy-to-use interface.
If you need to learn more or have any further questions, feel free to reach out to us at cybersecurity@AspireTransforms.com
[1] Source: NYMag.com
https://nymag.com/intelligencer/article/ransomware-attacks-2021.html
[2] Source: CSIS.org
https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
Aspire Technology Partners is a Cisco Gold Certified Partner engrained in solution pillars that set us apart as a true Cisco solutions provider. We are committed to the continuous improvement of expertise and skillsets around Cisco initiatives that enable us to help and guide customers in the adoption and management of technology architectures designed to transform their organization. We hold Cisco Master Specializations in Collaboration, Security, Cloud & Managed Services and is one of only 25 partners in the US to receive the Cisco Advanced Customer Experience Specialization.