5 WAYS TO TACKLE RANSOMWARE ATTACKS
Ransomware attacks are continuing to threaten the stability of government authorities, healthcare organizations, utility companies and critical data in all industries. It has been a year since WannaCry hit and businesses are still feeling the after-effects of a worldwide ransomware attack. Now in 2018, SamSam, a targeted ransomware attack, hit nationwide predominantly moving laterally in the network of the City of Atlanta, before paralyzing systems in 13 local government departments. This attack on the City of Atlanta prevented residents from paying water bills, forcing the police department to file paper reports and most notably, the attackers destroyed years of police footage. The City of Atlanta’s network was paralyzed by SamSam for at least a week and cost them nearly $3,000,000 to recover. They are still not completely recovered, due to destroyed files. enSilo teams are continuing to evaluate the future of ransomware attacks and compiled five ways to tackle threats before a ransomware attack hits.
- OS-Level Protection
enSilo’s patented technology is in tune with operating systems and has the ability to detect and block malicious file related activity triggered by ransomware. enSilo amplifies protection all the way to the core of an operating system. enSilo supports a variety of operating system and protects:
- Microsoft Windows, including legacy versions
- Virtual Desktop Infrastructure (VDI) environments in VMWARE and Citrix
- Small Footprint
We understand that business continuity is the heart of keeping businesses fully operating. The enSilo Endpoint Security Platform was designed for seamless deployment, only utilizing less than 1% CPU and only 40MB of RAM, making it possible to easily install on point of sale (PoS) systems.
- Protecting Threat Gaps
Educating end users will not prevent user errors. enSilo’s real-time automated endpoint security capabilities will help CISO’s sleep better at night. As any malware, ransomware can also move laterally within an organization. SamSam as WannaCry exploited vulnerabilities, which allowed the infection to bypass traditional first line of defense tools such as NGAVs and execute on the target device. Incident response systems, such as Endpoint Detection and Response (aka EDR) were also short handed given the fast pace of encryption. Infiltration detection and incident response tools continue to fail. However, enSilo’s award winning post-infection protection, is agnostic to the infiltration method and contains the ransomware, even after a successful execution. Our unique patented technology not only contains unknown malicious ransomware, but also allows custom based responses. No delays, zero breach response time.
- Layered Protection Platform
enSilo’s mission is to protect data. We created a single lightweight agent with modular layers of protection. These layers effectively eliminate threats at the endpoint. Our customers’ first line of defense include our in-house, publically tested NGAV, eliminating and filtering known threats. The second layer of defense is an automated EDR for out of the box data protection, that effectively protected patient zero from ransomware such as WannaCry, BadRabbit, Synack, Scarab, before publicly detected. Some include fileless code injection techniques that have been recently integrated into a new ransomware to bypass detection.
- Orchestrated Event Management
Event classification, complete with tailor made course of action transforming security operations to automate tasks such as remediation, isolation, threat hunting and alert ticketing management as part of MDR offering. Orchestrating events for security teams reduces the operational cost and burden from the incident response teams. It is evident that stronger security is effective when security feeds are enabled, paired with automated and customized course of action, which the enSilo Endpoint Security Platform effectively stops known and unknown threats and protects data in real-time.
*Bonus* Real-Time Detection
In order to speed up threat detection, enSilo improves the time to containment with real-time detection. Once, malicious activity is identified deep in the operating system, enSilo blocks any outbound communication blocking threats that could potentially take down an organization. enSilo defends in real-time against any type of breach, at any stage of the attack, under any circumstances.
enSilo's single lightweight security agent gives customers comprehensive pre-infection NGAV as a first line of defense and post-infection automated, blocking-enabled EDR as a last line of defense, enabling security teams to contain attacks, prevent data leakage and block malware communications in real time to stop post-infection impact.