ISIT Offer Adaptive Security Solution as Long-Term Answer to Ransomware Like WannaCry and Petya

Hits: 1057

The latest ransomware attack known as “Petya” paralyzed many organizations in Europe and the US. This is the second worldwide ransomware attack in the past two months, and we believe these attacks will only increase in frequency and become more sophisticated. The continuous string of attacks means that we need to face the reality that we are in a state of continuous compromise when it comes to cyberattacks.

Traditional Endpoint Security Solutions fall short

An antivirus software is not sufficient to protect you from advanced malware attacks. A fragmented approach to managing endpoint security does not work. Furthermore, agent-based, resource intensive software slows performance on endpoint devices.

How can security professionals leverage software to better defend against a state of perpetual breaches, get actionable data and insight, and ensure that users can do their jobs?

Adaptive Security to the rescue

More and more companies are getting behind what is known as adaptive security, recently identified by Gartner as a “Top Technology Trend to Know for 2017”. This architecture model integrates the traditionally siloed capabilities of prevention, detection, response, and prediction for complete protection against advanced threats like the recent cyberattacks. It provides organizations with a layered, defense-in-depth protection strategy. The goal is to identify system changes through behavioral and contextual analysis to recognize and stop a program attempting to operate in a manner inconsistent with known acceptable behavior. Advanced systems can also use deception techniques to further entice malicious actors to show their intent while digitally recording those behaviors.

How ISIT’s Adaptive Security Solution blocks Ransomware like WannaCry, Petya & other Variants

ISIT’s adaptive security solution with real time detection, hunting, deception, protection & prevention, response and investigation and remediation is an all in one solution that protects you from ransomware attacks. Wannacry ransomware and the latest variant “Petya” run multiple processes during the deployment phase that our behavior based solution detects and blocks. These ransomware are also known to create child processes that are unsigned, and our solution would automatically block such processes. It would also block the process injection that utilises the icalc.exe file which elevates privileges on the target host allowing encryption of the entire filesystem.

Recommended steps

  • Back up your data at regular intervals. More frequent backups mean fewer data lost. Preferably this data should not be offline on tape or the cloud, and it should be encrypted.
  • Users should also not click on email links from suspicious email Id’s or click on links asking for access to personal information.
  • Keep your Windows PC updated with the latest patches, service packs and updates
  • Deploy ISIT’s Next Generation Adaptive Security solution that is contextual and behavior based and sits at the kernel level of the endpoint.