The White House released a memo on June 2, 2021, urging corporate executives and business leaders to increase cyber defenses and immediately prepare for ransomware attacks. The memo lays out the U.S. Government’s recommended best practices to help organizations assess their security posture, prepare for future ransomware attacks, and restore operations in the event of a breach. To accomplish this, the memorandum outlines five key focus areas for agencies to focus on:
Legacy solutions have proven to be obsolete in combating ransomware attacks. An effective cyber defense requires advanced AI-powered security – automated across agencies’ networks and endpoints.
Palo Alto Networks has long been positioned to help our customers address ransomware threats, and we regularly promote such practices. Much of our portfolio of products and services can help organizations fight ransomware attacks across the enterprise, from prevention and discovery through remediation. And our Unit 42 threat researchers have been at the forefront of ransomware threat intelligence for years.
One key solution in our ransomware defense is Prisma Cloud. The solution helps organizations implement the recommended ransomware best practices for the cloud, including patch management and network segmentation, all with minimal time and effort.
Ransomware attacks are increasing and adversaries are becoming more brazen. In the 2021 Ransomware Threat Report, Unit 42 researchers shared that:
The most successful ransomware attacks target businesses' critical systems, as the attacker can request higher ransom payments if a company is unable to operate. For example, JBS, the world’s largest meat processing company, was recently hit by a cyberattack that disrupted its North American and Australian operations. The company paid the attackers nearly $11 million to restore operations, which is believed to be the largest ransom ever paid.
Recent ransomware attacks have not only hindered companies' logistics, in some cases, they have impacted the global economy. With the spike in volume and growing economic impact of ransomware cases, The White House has called on business leaders to increase their cyber defenses and prepare for more ransomware attacks.
The recent White House memo lists five best practices for safeguarding against ransomware attacks, including patching your systems and segmenting your networks, but why?
Networks are good at one thing – connecting systems. Users, devices and business-critical applications all communicate over reliable network pathways. However, hackers are very good at exploiting vulnerabilities using the same network paths available to users and applications. Often they will use three basic steps in a ransomware attack:
So businesses must do two things to reduce risk in a scenario like this: Minimize the number of vulnerabilities on systems by patching them, and enforce segmentation to limit a system's exposure to the internal network.
Vulnerabilities are easy targets for exploits, so minimizing the number of vulnerabilities on the internal network creates fewer opportunities for attackers. The White House memo highlights the need to update and patch systems promptly. However, traditional cybersecurity tools are unable to provide meaningful context regarding vulnerabilities, making it difficult for security teams to assess their cyber risk and expedite patching. And for systems that cannot be patched, these tools lack workarounds or compensating controls to reduce risk.
Microsegmentation, also known as Zero Trust Segmentation, is a cloud network security control that segments systems to reduce the attack surface. In the event of a compromise, microsegmentation contains the breach and prevents lateral movement of malware by limiting the number of possible pathways on the internal network. While organizations may agree that microsegmentation is critical, many security teams find it too complex and time-consuming to implement.
To support these ransomware best practices for the cloud, Prisma Cloud delivers vulnerability management for hosts, containers and serverless functions with Cloud Workload Protection and simplified microsegmentation with Identity-Based Microsegmentation.
Cloud Workload Protection supercharges lifecycle vulnerability management with several different features.
Where patching isn’t possible, or to protect against zero-day threats, then Prisma Cloud Web Application and API Security (WAAS) virtual patching provides compensating controls to protect vulnerable services.
Prisma Cloud Identity-Based Microsegmentation makes microsegmentation easy. You can move from a flat network to a segmented, Zero Trust network across private and public clouds in four simple steps.
Prisma Cloud enables you to insert network separation among regulated environments, business-critical application groups, and individual hosts/containers without changing the underlying network infrastructure.
As the White House memo states,
"...companies that view ransomware as a threat to their core business operations, rather than a simple risk of data theft, will react and recover more effectively. To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations."
It is not enough to understand that ransomware is a threat – organizations must quickly and actively implement these ransomware best practices for the cloud.
The Cloud Workload Protection and Identity-Based Microsegmentation capabilities described above can help do just that, and are fully integrated into the Prisma Cloud platform.
Request a 30-day trial for Cloud Workload Protection and Cloud Network Security to get valuable hands-on experience with risk-based vulnerability management, runtime protection, and microsegmentation.