Technology Stack for Ransomware Protection

With Ransomware attacks becoming increasingly frequent, we thought of putting together a list of technologies that can help organizations protect themselves against ransomware attacks. Please note that even though this blog discusses technology measures, this does NOT mean people & process are secondary. There’s no single technology that can protect against ransomware, and for effective defense a combination of technologies along with right processes and skilled security professionals is a must.  Here’s the Technology Stack for Ransomware Protection:

 

  • Technologies for Ransomware Prevention

      • Security Awareness & Training – One of the most effective ways to secure any organization. Continuous security training & simulations can help reduce the risk significantly.

     

      • Vulnerability Assessment & Patch Management – Continuous VA & Patch Management is a very effective measure. Remember if people had patched their Windows after Microsoft released the patch for EternalBlue, they’d be protected against WannaCry.

     


  • Perimeter Security
    • Email Security Gateways – Email being one of the most common channels used to spread malware, requires a strong focus. Organizations can also consider dedicated email ATP technologies from major security vendors.

 

 

 

  • Endpoint Security

 

    • Application Whitelisting – There are dedicated solutions out there for this, as well as AV solutions and OSes with this capability.

 

    • Port Control – Restrict USB access by using solutions like Group Policies

 

      • Backup – A multitude of backup solutions exists, choose the one that suits your need so that you can quickly restore in case of an infection. Make sure that the backup is not infected. If taking cloud / network backup, do not map it as a network drive

     

      • Network Sandboxing – Helps analyze malicious files / payloads if they bypass the perimeter controls or can augment perimeter security controls

     

      • Network Segmentation / Micro-segmentation – A number of solution exists and infection in one segment will not spread to others if properly implemented

     

    • Browser Protection
        • Ad-Blocker – you probably already have this, check out the browser store in case you don’t have this.

       

        • Browser / Application Virtualization – Will prevent machine infections from malicious websites as the Application (Browser) is running in a virtual instance

       

 

  • Technologies for Ransomware Detection – i.e. Before you Seen the Demand for Bitcoins

     

      • Honeypots & Deception Tech – Strategically placed decoys or honeypots (files, devices etc.) across the IT infrastructure can help detect ransomware before it causes any significant damage

     

     

      • Threat Intelligence (TI) – TI feeds fed into SIEM, IPS/IDS, Perimeter Security and other solutions can help provide both prevention and early detection of threats

     

      • SIEM  The one solution to rule them all, enough said

     

     

      • UBA / NBA – Behavioral analytics at network / endpoint level can provide early signals of possible infections

     

And of course, a number of APT Security / ATP / ATA Solutions.

Views: 119

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service