Stay up to date with our latest news and industry insights.

Ransomware Wake-up Call – What You Need to Know

By Avi Chesla

“Ransomware” – it’s been screaming from headlines around the globe in the last 24 hours – almost a hundred nations attacked, the British health system paralyzed, likely billions in damages, and an already weary world had its sense of security shaken, yet again.

Companies and organizations worldwide are now scrambling to rethink their readiness, and being inundated by hundreds of security technology providers who claim their solution is the one that can protect from future attacks.

Here’s what you need to know: this recent wave of ransomware attacks proves that it’s not possible to depend on program updates (“patches”) and existing defenses, because the base of the attack is social engineering – human error (people who downloaded the malware, insiders etc.). Although it’s not possible to prevent malware penetration 100% of the time, through data and communication footprints in the system, it’s possible to know who has been affected and prevent further spread of the attack, and in this way lower the risk dramatically.

So what you need to know and do?

The attack can start from the outside through typical social engineering channels, like phishing, and infect your users, whether they are at work, home or traveling. Or maybe an angry employee (insider) has decided to cooperate with a cyber criminal organization – or both.  Eventually the malware will get in and you need to identify it and contain it, fast!

In terms of tools, make you have strong end-point protection tools (UEBA – “User and Entity Behavior Analytics”) and “hunters,” good threat-intelligence feeds and obviously switches and firewalls that are well-distributed throughout the network, and can contain an attack quickly and effectively.  But even if you have all these, it’s not enough.

You need to make sure you have a security analytics system, on top of your security tools and systems, collecting the data to identify patterns of infections and propagation of the ransomware. To act fast enough you need this analytics system to automate investigation (diagnostic) actions in order to understand the capabilities of the malware and validate active infections, and predict next steps. Lastly you need the system to automate containment accordingly through the network and end-point.

Yes, all this sounds – and is – really complicated, but the area of security analytics, orchestration and automation deals exactly with these challenges, helping security IT groups, CISOs, security managers, compliance managers, insider threat managers and SOC’s perform these actions seamlessly.

Your best investment to protect against ransomware attacks is to implement Prescriptive Analytics with accompanying with orchestration and automation.

Read more on how to effectively prevent ransomware attacks in empow’s ransomware case study here, or leave us your details and we will contact you to discuss how empow can help you in defending against ransowmare.

Recent Posts

Interview With Avi Chesla – empow

The idea of empow intrigued Safety Detectives’ Aviva Zacks, so when Founder and CEO Avi Chesla agreed to an interview, she got ready. She asked him about empow’s technologies and how they work to stop cyberattacks. Read More

Mickey Singer / October 1, 2020

empow Announces the Launch of a new XDR Product

i-XDR is an intent-based Extended Detection and Response (XDR) platform designed to work alongside the organization’s existing SIEM and security tools, to get rid of the noise in your network, so analysts can focus on only the truly high-risk attacks. Read More

Mickey Singer / August 13, 2020

How Voice Activation Can Assist SOCs

If you’re a child of the 80’s you’ll remember how Knight Rider talked to Kitt. Back then we thought that in 2020 everyone would be talking to appliances. While that’s still not the case,  voice activation is making inroads into some arenas. In the security arena it could be a real… Read More

Mickey Singer / August 11, 2020