Can endpoint security stop ransomware attacks?


Can endpoint security stop ransomware attacks?

In the realm of malware, ransomware is reaching plague-like proportions. And just like any infectious disease, the No. 1 cause of transmission is the one thing no one can avoid: human beings. 

The consequences can be brutal. In the first three months of 2016 alone, cybercriminals collected $209 million through ransomware attacks, according to FBI estimates. And the costs aren’t just financial. Public health and safety organizations also face risk, with hospitals and law enforcement agencies increasingly falling victim to attacks unleashed by malicious emails opened by unwitting employees. Since these organizations need urgent access to the compromised files, they often wind up paying the ransom.

Of course, as with any illness, prevention works far better than a post-outbreak cure. And, sure, prevention ideally starts with basic common sense. Realistically, however, people make mistakes -- often costly ones. For human diseases, we have vaccines. For ransomware -- not to mention countless other cyberthreats -- we have advanced endpoint security software.

Where existing safeguards fall short

Current regulations require federal agencies to provide antivirus support on all network devices. This is great for guarding against signature-based malware and legacy viruses, but it falls short when it comes to ransomware.

Why? Because while all viruses are malware, and not all malware involves viruses. With that in mind, catching ransomware requires more than antivirus measures because an initial ransomware attack may not include recognizable, signature-based malware.

Agencies also abide by defense-in-depth protocols designed to protect their networks through multiple independent security layers. Where one measure fails, another might not. There are also rules of ‘least privilege’ in place, meaning users only have privileges relevant to their roles.

While these are great steps forward in stopping ransomware, cybercriminals are notoriously adaptable -- so much so that recent breeds of ransomware don’t even require deliberate user action to initiate. And, because ransomware attacks a network in phases, it requires real-time protection. This is where advanced endpoint security becomes critical.

How does advanced endpoint security solve this problem?

Today’s security professionals are pivoting away from reactive approaches and instead turning to more proactive measures, just like those offered by advanced endpoint security software.

Unlike antivirus protection, which only identifies specific signatures, advanced endpoint security provides real-time analysis of file movement and behavior across a whole network. Whenever a file is opened or sent, it’s analyzed against a database to determine its potential risk based on how similar files have behaved.

This behavior-focused strategy stems from lessons we’ve learned from other threats, such as zero-day attacks. If a malicious file slips through and infects a device, endpoint security software can use retrospective analysis to quickly track where a malicious file has landed within the network and, more important, from where it came. This helps network engineers to identify its origin, quarantine infected machines and prevent the malware from spreading further.

Beyond security, advanced endpoint technology easily integrates into an existing network. Network engineers can access it directly from the cloud for immediate use, without interrupting end users or their productivity. The software is also low-impact. It doesn’t perform CPU-sapping malware scans and only activates when files are moved or opened.

A solution we can’t afford to ignore

Ransomware takes down networks suddenly and with incalculable financial and reputational damage. And it’s not going away. By the end of 2016, ransomware attacks are projected to cost up to $1 billion, according to FBI estimates, with additional consequences to health, safety and the economy.

Organizations need defenses that account for both the determination of cybercriminals and the certainty of human error.

If we want better odds of avoiding the flu, we get a flu shot. If we want to avoid foodborne illness, we buy pasteurized dairy products and cook meals appropriately. And for ransomware, we have advanced endpoint security software.  

About the Author

Chris Crider is senior technical consultant at Force 3.

inside gcn

  • ARL seeks private cloud to modernize IT infrastructure

Reader Comments

Mon, Aug 22, 2016 Bill Caelli

Well - remember the Orange Book (TCSEC of 1983-1985) and the B2 specification? Look at the rationale and you can readily see why it relates almost in toto to today's situation - ransomware would not have the necessary "profile" to perform such functions. We have a total failure of government and politicians to take cybersecurity and protection of citizens in cyberspace seriously through regulation of the ICT industry itself - just like for cars, pharmaceuticals, air transport and - well - practically all other industries. The base OS should by now be well and truly at that B2 level for all systems - oh, well - wishing thinking!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group