Story image

Four steps for preventing the next ransomware attack

05 Dec 17

As we approach the end of 2017, it’s clear that enterprise ransomware continues to be a huge issue for businesses all over the globe. Once ransomware enters your network undetected, your data is immediately encrypted and inaccessible or your systems are locked down. 

In some cases, ransomware goes after the back-ups and if they are connected to the network, the data may be completely unrecoverable. Here are some tips on how to better prevent ransomware damages:

Apply behavioural-based detection   

It’s crucial for organisations to shift to proactive cybersecurity techniques focusing on identifying malicious behaviour, relating to ransomware even when no signatures or known exploits are present.

Instead of being reactive and shoring up defences when you detect an Indicator of Compromise (IoC), or a “known bad,” organisations should track Indicators of Attack (IoAs) that identify adversary behaviour, related to ransomware, such as code execution or lateral movement.

This enables organisations to prevent, detect, and respond to both known and unknown attacks. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features.

Augment analytics with artificial intelligence/machine learning

AI/Machine learning (ML) is critical in helping to detect ransomware that might otherwise be missed. To be truly effective, ML must have enough relevant data so results can be meaningful and adjust to ensure the balance of true vs. false positives.

A signature-less ML combines behavioural analytics with ML and is able to learn what files are malicious without having to be fed new datasets every day. This approach is far superior in helping detect the malware and ransomware of today, much of which is unknown variants and ultimately leads to better classification of what is malicious or not, helping your organisation’s IT team in the long run.

Bolster your defence with proactive hunting

Rather than waiting for ransomware to appear and take hold in your organisation, it is better to spot the problem at inception and close it down immediately. This is what proactive threat hunting looks like, and leveraging threat hunting teams can help defenders shift the advantage back to themselves.

Threat hunters look for evidence of potential malicious behaviour that might exist in a broad pool of behavioral data, but may be too subtle to warrant a response.

From there, threat hunters can follow even the faintest suggestion of possible threat activity to put together a picture of whether an attack is in progress, or if the behaviour is irregular but does not represent malicious activity in your IT environment.

Threat hunters make it possible to find damaging attacks before they are able to be detected using automated security tools. This is a key fundamental for true visibility into your network.

It’s time to solve the patch problem

Vulnerability scans are no longer adequate in defending the network in real-time against modern-day threats. Many legacy approaches only report patch information collected from checking the registry for listing of installed patches. As a result, failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status.

This leaves organisations with major blind spots that can turn into massive vulnerabilities in the event of attacks like WannaCry. Vulnerability management needs to work in real-time and have full visibility into the environment to create a capability of proper prioritisation and patching.

Article by CrowdStrike. 

Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.