Enterprise ransomware protection
Enterprise ransomware protection has become the top cybersecurity concern and protecting computers from ransomware it is a top priority.
The general advice on how to protect against ransomware, such as user training, deployment of anti-ransomware, antivirus and backup technologies, applies to small and large environments. However, there are unique challenges when such advice is implemented in an enterprise.
1. Enforce anti-ransomware and antivirus protection using Network Access Control to ensure enterprise ransomware protection
First, enterprise environments are vast and dynamic. There are many computers which require protection, while many other employees and visitors come and go with their laptops. This implies a large attack surface for ransomware. All these assets must be managed before they can access the network. Any ransomware attack on a computer connected to the corporate network, having access to network shares and, consequently, to corporate files, may compromise important information and generate significant downtime.
A good safeguard in this respect is an access policy for existing and new devices, which ensures that only machines meeting specific criteria are allowed to connect to the network. At a minimum, the rules should enforce:
- The existence of up-to-date anti-ransomware software;
- The presence of up-to-date antivirus software;
- The up-to-date status of the operating system and critical applications.
When using Microsoft Active Directory, such functionality can be configured via the Network Access Protection features.
2. Integrate business continuity strategy with anti-ransomware technology for optimal enterprise ransomware protection
Business continuity is an important IT responsibility in enterprise environments, and most companies implement complex strategies that include various backup options. When it comes to the ransomware threat, there are two important considerations regarding business continuity and backup: make sure that the online backups are ransomware-proof and make sure no compromised files make it into the main backups. Both considerations imply the use of anti-ransomware technology able to:
- protect existing online backups in real time against ransomware in safe vaults, and ensure a safe transition from online backups to offline backups;
- deliver a source of valid files to feed the online backup systems, ensuring data in the backups is recoverable;
3. Integrate and support enterprise ransomware protection in the corporate security strategy
Adding enterprise ransomware protection as an item in the business security strategy is an important step that involves aligning existing security solutions with the anti-ransomware technology, to reduce the risk of ransomware infection further. Most security strategies incorporate patch management, privileged access management, vulnerability assessment, SIEM and incident management systems. These deliver functionality that acts as critical security layers against ransomware attacks. This feature can be leveraged to contribute to enterprise ransomware protection when properly configured and integrated with anti-ransomware technology.
- SIEM solutions can be set up to identify suspicious situations that may increase the risk of ransomware attacks: they can detect attempts to uninstall or disable anti-ransomware and anti-virus software, signal highly active user accounts accessing many files or network shares over short periods of time and the elevation of privileges.
- Patch management ensures all systems and applications are up to date, reducing the risk of ransomware attacks that take advantage of existing vulnerabilities to propagate;
- Vulnerability assessment solutions can be configured to detect the presence and up-to-date status of anti-ransomware and antivirus agents, as well as vulnerabilities in other applications and systems;
- Privileged access management solutions limit the use of administrative privileges to minimum, reducing the chance of ransomware infection, for those attacks that are unable to execute a privilege elevation, or restrict the scope of the attacks to nonprivileged user files;
- Incident management systems can be fed with incidents reported by anti-ransomware technology allowing a seamless response.
Conclusion
Enterprise ransomware protection should be a key element of the corporate security strategy and good anti-ransomware solutions, able to deliver adequate protection and, at the same time, integrate with the existing security infrastructure become increasingly important.
For more information, follow us on social media and subscribe to our newsletter.
Thanks for sharing this, can you elaborate on how such technology actually protects the online backups? Thanks!
Hi,
The technology that we have implements a real-time local backup of files being manipulated in a risky manner before they are actually changed by the process that operates on them. This means that whenever ransomware attacks online backup repositories, they get backed up to a protected vault on a disk before damage is done. Ransomware (or any other process) cannot write to the protected vault. If ransomware activity is detected, the files get rolled back to their original state. If ransomware activity is not properly detected, you can manually recover the online backup files from the protected vault.