Don’t Get Held Hostage: Innovations Address Ransomware
By: Orhan Yildirim
Ransomware is a troubling trend in the world of enterprise security.
When a computer in an enterprise is “infected” with ransomware, it automatically and persistently tries to jump other computers and propagate through the network.
One employee (out of thousands) can accidentally (or intentionally) install ransomware, and until now, it has been almost impossible to prevent it.
Agentless security now makes it possible to isolate two networks (end-user computer networks and enterprise server networks) from each other, stopping ransomware from jumping from an individual user’s domain, when privileged access systems and policies are put in place.
Ransomware attacks are becoming increasingly sophisticated as cybercriminals have more incentive to hack into corporate and government systems, and more money to invest in new means of attack, so much so that the US FBI has issued warnings.
For example, it is no longer necessary for a person to click a link to cause an infection to occur. Websites are now seeded with malicious code that can infect a user when that user simply visits the site and spends time on that page.
And while many more companies and governments than we will ever know about pay hackers to stop the attacks – “the ransom” – paying means more resources for cybercriminals to use, so it is imperative that those responsible for protecting data, systems, and networks mitigate ransomware threats.
There are, of course, the standard practices for “safe computing” including educating employees about email attachments, links, and downloads, having policies in place to shut down the network and notify law enforcement and partners, backing the system up in the event of a shut-down, and more.
But above all, a solid access management system built into the overall security architecture, with a strong Privileged Access Management (PAM) platform, is both preventative and practical.
Ironsphere’s agentless PAM security is done through virtual appliances. Agentless-based security is managed through APIs that interact with appliances managed by the host. A virtual appliance is deployed to the host on the system, with all scanning and recording managed through the appliance.
Because of the flexibility and scalability of our PAM agentless technology, this also means everything can be managed from a single view, a “single pane of glass” that can oversee physical, virtual and cloud-based infrastructure security.
We deploy agentless-based security directly to each physical or cloud server and manage them from a single console, using a unified set of policies and workflows, permissions and auditing capabilities – which also means that, when a ransomware attack becomes apparent, it can be identified faster, with the offending end-point immediately shut down.
Using agentless PAM also means a lot more economic and operational efficiency: with no agent to deploy, there are no updates, no pattern files, and minimized management requirements, particularly given the automation Ironsphere’s solution provides.
This extends into the ROI – with agentless PAM from Ironsphere, not only are enterprises saving on the ransom, they save on operational costs, given the reduced resource utilization and licensing fees.
There is a new set of “best practices” when it comes to ransomware when agentless PAM is in place.
IT and OT will still need to white list applications but can also automate more security measures by writing access to certain files, and limiting permission to fewer directories, and keeping in place privileged user access to infrastructure elements and policies.
Bottom line – ransomware can be addressed, preventing the spread of debilitating code at the source. To learn more about how a solid PAM strategy can mitigate ransomware impact, please contact us.
Over the past two decades, with the rise of the Internet and the growth of cloud services, enterprises, and organizations, including government agencies, have transformed the way they do business and serve their constituents.
Depending on the nature of their work, IT superusers have or need root access to be efficient and productive. Creating a team of superusers makes sense, especially for large organizations, with thousands of servers under management. With a well-managed sysadmin team, their work can be streamlined, and mistakes can be reduced when the team shares the same root accounts on all servers.
Weak passwords have long been the Achilles heel of IT teams, and despite all the best intentions, corporate policies, education, and workarounds, passwords aren’t going away any time soon. There is some buzz around password-less access, but there are good arguments to suggest that passwords should play a fundamental role in authenticating access.