Can endpoint security stop ransomware attacks?
- By Chris Crider
- Aug 22, 2016
In the realm of malware, ransomware is reaching plague-like proportions. And just like any infectious disease, the No. 1 cause of transmission is the one thing no one can avoid: human beings.
The consequences can be brutal. In the first three months of 2016 alone, cybercriminals collected $209 million through ransomware attacks, according to FBI estimates. And the costs aren’t just financial. Public health and safety organizations also face risk, with hospitals and law enforcement agencies increasingly falling victim to attacks unleashed by malicious emails opened by unwitting employees. Since these organizations need urgent access to the compromised files, they often wind up paying the ransom.
Of course, as with any illness, prevention works far better than a post-outbreak cure. And, sure, prevention ideally starts with basic common sense. Realistically, however, people make mistakes -- often costly ones. For human diseases, we have vaccines. For ransomware -- not to mention countless other cyberthreats -- we have advanced endpoint security software.
Where existing safeguards fall short
Current regulations require federal agencies to provide antivirus support on all network devices. This is great for guarding against signature-based malware and legacy viruses, but it falls short when it comes to ransomware.
Why? Because while all viruses are malware, and not all malware involves viruses. With that in mind, catching ransomware requires more than antivirus measures because an initial ransomware attack may not include recognizable, signature-based malware.
Agencies also abide by defense-in-depth protocols designed to protect their networks through multiple independent security layers. Where one measure fails, another might not. There are also rules of ‘least privilege’ in place, meaning users only have privileges relevant to their roles.
While these are great steps forward in stopping ransomware, cybercriminals are notoriously adaptable -- so much so that recent breeds of ransomware don’t even require deliberate user action to initiate. And, because ransomware attacks a network in phases, it requires real-time protection. This is where advanced endpoint security becomes critical.
How does advanced endpoint security solve this problem?
Today’s security professionals are pivoting away from reactive approaches and instead turning to more proactive measures, just like those offered by advanced endpoint security software.
Unlike antivirus protection, which only identifies specific signatures, advanced endpoint security provides real-time analysis of file movement and behavior across a whole network. Whenever a file is opened or sent, it’s analyzed against a database to determine its potential risk based on how similar files have behaved.
This behavior-focused strategy stems from lessons we’ve learned from other threats, such as zero-day attacks. If a malicious file slips through and infects a device, endpoint security software can use retrospective analysis to quickly track where a malicious file has landed within the network and, more important, from where it came. This helps network engineers to identify its origin, quarantine infected machines and prevent the malware from spreading further.
Beyond security, advanced endpoint technology easily integrates into an existing network. Network engineers can access it directly from the cloud for immediate use, without interrupting end users or their productivity. The software is also low-impact. It doesn’t perform CPU-sapping malware scans and only activates when files are moved or opened.
A solution we can’t afford to ignore
Ransomware takes down networks suddenly and with incalculable financial and reputational damage. And it’s not going away. By the end of 2016, ransomware attacks are projected to cost up to $1 billion, according to FBI estimates, with additional consequences to health, safety and the economy.
Organizations need defenses that account for both the determination of cybercriminals and the certainty of human error.
If we want better odds of avoiding the flu, we get a flu shot. If we want to avoid foodborne illness, we buy pasteurized dairy products and cook meals appropriately. And for ransomware, we have advanced endpoint security software.
Chris Crider is senior technical consultant at Force 3.