The latest ransomware attack known as “Petya” paralysed many organisations in Europe and the US. This is the second worldwide ransomware attack in the past two months, and we believe these attacks will only increase in frequency and become more sophisticated. The continuous string of attacks means that we need to face the reality that we are in a state of continuous compromise when it comes to cyber attacks.
Traditional Endpoint Security Solutions fall short
An antivirus software is not sufficient to protect you from advanced malware attacks. A fragmented approach to managing endpoint security does not work. Furthermore, agent-based, resource intensive software slows performance on endpoint devices.
How can security professionals leverage software to better defend against a state of perpetual breaches, get actionable data and insight, and ensure that users can do their jobs?
Adaptive Security to the rescue
More and more companies are getting behind what is known as an adaptive security, recently identified by Gartner as a “Top Technology Trend to Know for 2017”. This architecture model integrates the traditionally siloed capabilities of prevention, detection, response, and prediction for complete protection against advanced threats like the recent cyber attacks. It provides organisations with a layered, defense-in-depth protection strategy. The goal is to identify system changes through behavioural and contextual analysis to recognise and stop a program attempting to operate in a manner inconsistent with known acceptable behaviour. Advanced systems can also use deception techniques to further entice malicious actors to show their intent while digitally recording those behaviours.
How ISIT’s Adaptive Security Solution blocks Ransomware like WannaCry, Petya & other Variants
ISIT’s adaptive security solution with real-time detection, hunting, deception, protection & prevention, response and investigation and remediation is an all in one solution that protects you from ransomware attacks. Wannacry ransomware and the latest variant “Petya” run multiple processes during the deployment phase that our behaviour based solution detects and blocks. This ransomware is also known to create child processes that are unsigned, and our solution would automatically block such processes. It would also block the process injection that utilises the icalc.exe file which elevates privileges on the target host allowing encryption of the entire filesystem.
- Back up your data at regular intervals. More frequent backups mean fewer data lost. Preferably this data should not be offline on tape or the cloud, and it should be encrypted.
- Users should also not click on email links from suspicious email Id’s or click on links asking for access to personal information.
- Keep your Windows PC updated with the latest patches, service packs and updates
- Deploy ISIT’s Next Generation Adaptive Security solution that is contextual and behaviour based and sits at the kernel level of the endpoint.
To learn more about ISIT visit www.isit.ae