Protection against ransomware requires a multi-layered approach, with both preventative measures and recoverability capabilities. Due to the variety of attack methods, there is no single silver bullet that will provide comprehensive protection. As no protection is 100% effective, organizations must ensure they have recoverability capabilities in place for when they are compromised. Hararei can help organizations to implement a comprehensive approach to ransomware protection.
Preventative measures may include both endpoint protection or perimeter protection, or both. Endpoint protection is typically provided by anti-virus (AV) products. Perimeter defence is provided by Internet Firewalls/Gateways. Ultimate protection is provided when both solutions are deployed, however that approach may be cost–prohibitive.
For endpoint protection, Hararei offer the Cylance AV product. This product is a top-rated AV product which does not require signature updates or endpoint device scanning, but uses Machine Learning (ML) techniques to identify malware. The Cylance product may include a device control option for the control of USB drives. The product is top-rated by Gartner for endpoint protection.
For perimeter protection, Hararei offer the Zscaler cloud platform (Security–as–a–Service):
The Zscaler solution is top-rated by Gartner.
No protection can be absolutely guaranteed, so it is important to be able to recover from an attack if the worst happens. Recoverability measures help to recover from Ransomware attacks.
This protection essentially involves maintaining an inaccessible, offline backup of data. Hararei believe this offline copy is best offered in the Cloud, so therefore recommend Druva InSync for desktop backups, and Druva Phoenix for server backups. Druva offers an incremental forever approach to backups, which ensures recoverability to any point in time before the ransomware attack.
Hararei recommend that organizations begin to implement ransomware protection as soon as possible. We have seen many Ransomware attacks, and in most cases, the client was still deliberating which way to proceed. Inaction increases the likelihood of an attack. Hararei recommend commencing with a programme to protect/recover your data in the first phase, and then start to increase preventative controls over time as budget and resources permit.