Stay up to date with our latest news and industry insights.

Ransomware Wake-up Call – What You Need to Know

By Avi Chesla

“Ransomware” – it’s been screaming from headlines around the globe in the last 24 hours – almost a hundred nations attacked, the British health system paralyzed, likely billions in damages, and an already weary world had its sense of security shaken, yet again.

Companies and organizations worldwide are now scrambling to rethink their readiness, and being inundated by hundreds of security technology providers who claim their solution is the one that can protect from future attacks.

Here’s what you need to know: this recent wave of ransomware attacks proves that it’s not possible to depend on program updates (“patches”) and existing defenses, because the base of the attack is social engineering – human error (people who downloaded the malware, insiders etc.). Although it’s not possible to prevent malware penetration 100% of the time, through data and communication footprints in the system, it’s possible to know who has been affected and prevent further spread of the attack, and in this way lower the risk dramatically.

So what you need to know and do?

The attack can start from the outside through typical social engineering channels, like phishing, and infect your users, whether they are at work, home or traveling. Or maybe an angry employee (insider) has decided to cooperate with a cyber criminal organization – or both.  Eventually the malware will get in and you need to identify it and contain it, fast!

In terms of tools, make you have strong end-point protection tools (UEBA – “User and Entity Behavior Analytics”) and “hunters,” good threat-intelligence feeds and obviously switches and firewalls that are well-distributed throughout the network, and can contain an attack quickly and effectively.  But even if you have all these, it’s not enough.

You need to make sure you have a security analytics system, on top of your security tools and systems, collecting the data to identify patterns of infections and propagation of the ransomware. To act fast enough you need this analytics system to automate investigation (diagnostic) actions in order to understand the capabilities of the malware and validate active infections, and predict next steps. Lastly you need the system to automate containment accordingly through the network and end-point.

Yes, all this sounds – and is – really complicated, but the area of security analytics, orchestration and automation deals exactly with these challenges, helping security IT groups, CISOs, security managers, compliance managers, insider threat managers and SOC’s perform these actions seamlessly.

Your best investment to protect against ransomware attacks is to implement Prescriptive Analytics with accompanying with orchestration and automation.

Read more on how to effectively prevent ransomware attacks in empow’s ransomware case study here, or leave us your details and we will contact you to discuss how empow can help you in defending against ransowmare.

Recent Posts

No-Rules SIEM Solutions with Avi Chesla of empow

Is there another way to deploy, manage, and maintain SIEM solutions? It’s a question more and more enterprises are asking as threat detection becomes the Archstone of modern cybersecurity platforms. To learn more, we spoke with Avi Chesla, Founder and CTO of SIEM solution provider empow, about no-rules SIEM and… Read More

empow team / October 3, 2018

empow Named “SIEM Solution of the Year” in 2018 CyberSecurity Breakthrough Awards

Next-gen SIEM recognized for innovative use of native artificial intelligence, natural language processing and cause-and-effect analytics to automatically detect and respond to cyber attacks BOSTON – Oct. 2, 2018 – empow, creator of a new kind of security information and event management (SIEM) system that detects and responds to cyber-attacks… Read More

empow team / October 2, 2018

empow Adds Native UEBA Functionality to Become First SIEM to Automatically Detect and Respond to Threats Across the Entire Cyber Kill Chain

empow’s native artificial intelligence, natural language processing and cause-and-effect analytics now ingest user and account activity logs to correlate all data source types covering all stages of the attack lifecycle Boston – September 25, 2018 – empow, creators of a new kind of security information and event management (SIEM) system… Read More

empow team / September 25, 2018