Perimeter and preventative cyber security controls are no longer enough to protect organisations from the ransomware onslaught – automated containment solutions are now necessary to help contain attacks in real-time and improve ransomware resilience.
Speaking during a webinar hosted by Solid8 Technologies and BullWall, in partnership with ITWeb, BullWall Co-Founder and Global CRO Morten Gammelgard and Engineering VP Andy Walsh said 24/7 automated containment solutions fill the gap between prevention and recovery solutions, and enhance overall resilience.
A poll of webinar attendees found that 48% believed their current preventative security measures would be able to stop a ransomware attack; 16% did not; and 36% were unsure.
Gammelgard said statistical data worldwide showed that most security solutions did not stop all ransomware. According to BullWall, 99% of ransomware attacks evaded EDR solutions during BullWall pentests.
“The cadence of the attacks is going up and the methods change all the time,” he said. “Ransomware attackers continue taking advantage of gaps in your security. They just need one weakness, or one user falling victim to social engineering, to get lucky. EDR, backups and the current security stack are no longer enough.”
Even the best traditional tools can be exploited, he continued. For example, attackers often target remote access security and scheduled task protection, and even SSH encryption of the VMware platform.
“Ninety-five percent of ransomware attacks involve remote access and/or scheduled tasks, or encryption of a virtual platform. This means attackers can neutralise or render ineffective your preventative security stack by turning it off or stopping certain processes from running,” he noted.
He emphasised that ransomware resilience is mission critical because ransomware can completely cripple core systems, causing massive financial losses.
Gammelgard continued: “Ransomware can encrypt up to 60 000 files per minute, so just one hour into an attack, millions of files could be encrypted. Even if organisations have immutable backup, the systems to make those backups available may be encrypted, and the time taken to restore millions of files is longer than most organisations have. Downtime could last weeks or months. If you automate your response, you can avoid those long downtime issues and high costs.
“As a result, we are seeing a shift from a cyber security product focus to a more holistic approach: moving away from stopping the attacks pre-breach to focusing on minimising damage, disruption, risk and cost to the organisations,” he said.
Gammelgard said a holistic approach included adopting an ‘assume breach’ posture and ensuring the organisation had the tools to recover fast, reduce impact and keep operations running.
“Organisations need last-line defences like BullWall to help contain attacks in real-time. Rapid detection and isolation minimise damage and downtime, and help recovery efforts. Regular resilience testing and incident response plans are also vital.”
Andy Walsh demonstrated how BullWall prevents hackers from disabling security tools prior to an attack. BullWall Ransomware Containment immediately detects, isolates and halts active ransomware attacks, while BullWall Server Intrusion protection reduces breach risk by securing remote server access and critical tasks.
“We onboard your critical infrastructure within our environment; all it requires is a service account to be created,” Walsh added. “We do the detections based on the different strains of ransomware, and when any are found, they are automatically pushed to the dashboard. For zero day exploits, machine learning automatically contains any data that is not your known good data, and also quarantines infected machines. It doesn't matter how your users are accessing the cloud, or the type of device they are using, we will see it.”
Share