Ransomware remains a top threat for organizations, yet many still treat symptoms rather than tackling the root causes. Microsoft research reveals that over 80% of ransomware attacks stem from common configuration errors, therefore, hardening your configurations is the best protection.
Ransomware is one of the biggest fears of businesses of all sizes. It is one of the terms which not only the IT departments are talking about and dealing with regularly, but everyone all the way up to the C-Suite.
The deal with Ransomware is that it needs to get access to a device on an organization’s network, gain elevated privileges and start the malicious process. Then the visible effects like encryption of data and other ways to extort money from the victims is starting.
As you can see, there is a first step: Get access. There are numerous ways, including the classic social engineering type attacks where you make an employee click a malicious link. However, depending on how access control is managed in an organization, even a malicious script on a single computer may not allow an attacker to gain access. It is further a question of something usually referred to as “blast radius”. Therefore, the simple action of infecting one computer alone is not the root cause. It is what people can do with that ability.
Microsoft’s research team concluded recently that “over 80% of ransomware attacks can be traced to common configuration errors in software and devices”. Hence, CoGuard’s mantra from day one, namely to pay attention and harden configurations at all layers of the infrastructure, holds not only true as a prevention mechanism against downtime and breaches, but also serves as a valid mitigation against Ransomware attacks. The truth is, many organizations are still practicing the egg-shell defense—hard shell from the outside, but most or even everything is accessible from the inside—instead of defense in depth. In order to make it near impossible for a malicious actor to get access to critical data or infrastructure, you need to make sure that every server software configuration is hardened. Deploying hardened images is not enough, since everything needs to remain hardened through the software development lifecycle. This is, given the existence of CoGuard, an achievable task that gives you 80% more confidence not to be the next victim of a Ransomware attack.
One can even push the boundaries and argue that more than 80% confidence can be achieved as a result of this approach: In the remaining 20% of all attacks, there is a large portion where a CVE is involved as an entry-point, as the additional low hanging fruit to exploit as an attacker. By using CoGuard and its configuration hardening recommendations in your processes, your ability to update quickly and with confidence will improve significantly, and keeping all software pieces at the latest version will be part of an automated process. In this way, your reaction time to a new CVE as well as your general update-policy will improve.
The first step is to know your infrastructure, and every process and any dependent exposed process that is running. WIth the help of the CoGuard CLI, you can discover these software pieces, i.e. create an infrastructure bill of materials (IBOM).
Then the CoGuard scans will help you secure each service, and enforce a proper authentication and authorization mechanism on each. This will ensure that every application and user is able to access the services they need, and perform the needed operations. Nothing more, nothing less, and with a quick and reliable process to potentially elevate permissions temporarily. With continuous scanning, you make sure that this state is maintained.
By gaining confidence in the change management of your installed services, you will be able to create a proper update process, ensuring that your organization stays on top and can address published CVEs in a timely manner.
Schedule a call to see just how quick and easy it is to get CoGuard setup and running-protecting your critical assets from ransomware.
