RANSOMWARE PREVENTION:
What Your Security Architecture Must Do?

Ransomware can bring your business operations to a halt – ­encrypting sensitive data and forcing you to pay the attacker to regain access.

Keeping your organization safe requires a fundamental shift toward ­prevention and away from simply detecting and requiring remediation ­after infection. The right architecture can make prevention real; you can use this checklist to implement a true prevention-based platform: 


STEP 1: REDUCE THE ATTACK SURFACE

Gain full visibility and block unknown traffic

Identify all traffic on the network and block the unknown, potentially high-risk traffic.

Enforce application- and user-based controls

Restrict access to SaaS-based tools for employees who have no business purpose for using them.

Block all dangerous file types

Not all file types are malicious, but those known to present higher risk, or associated with recent attacks, can be controlled.

Implement an endpoint policy aligned to risk

Enforce policies that restrict non-compliant endpoints from connecting to critical network resources.

 

STEP 2: PREVENT KNOWN THREATS 

Stop known exploits, malware, and command-and-control traffic

Blocking known threats raises the cost of an attack and ultimately reduces the likelihood of an attacker attempting a breach.

Block access to malicious and phishing URLs

Prevent users from inadvertently downloading a payload or having their credentials stolen by blocking known malicious and phishing URLs.

Scan for known malware on SaaS-based applications

SaaS-based applications represent a new path for malware delivery and must be properly secured.

Block known malware and exploits on the endpoint

Endpoints are common targets for attacks. Ensure you are keeping your endpoints secure by blocking any known malware or exploits.

 

STEP 3: IDENTIFY AND PREVENT UNKNOWN THREATS

Detect and analyze unknown threats in files and URLs

As new files are submitted, detonate, analyze and look for malicious behavior.

Update the protections across the organization and prevent previously unknown threats

Automatically push protections down to different parts of the organization’s security infrastructure.

Add context to threats and create proactive protections and mitigation

In order to develop protections, context is necessary to better understand the attacker, the malware, and the indicators of compromise. 

Block unknown malware and exploits on the endpoint

Once unknown threats or trends of suspicious behavior have been identified and blocked, block unknown malware and exploits on the endpoint.

 

 

               Related Articles:

Ignite 2017 Vancouver