Once again, the world is hit with another ransomware attack. Similar to the WannaCry Ransomware cyberattack last month, Petya is causing major pain among thousands of users, this time crippling banks and infrastructure in what cybersecurity experts called one of the most-devastating digital intrusions of its type. In fact, not only are we seeing an increase in the frequency and sophistication of threats, but security data is growing in volume and complexity, data assembly is labor and time intensive, and infrastructure scale and complexity make it hard to protect the organization.
These issues lead to
- Difficulty in identifying threats and detecting a breach
- Increased cost of threat detection and management
- Inability to respond to constant attacks
- Slow to translate threats into security policy changes
- Increased risk of compromise (e.g., data loss, data breach)
- Skilled employees focused on low-value operational tasks
- Outages – lost revenue, reduced business productivity and lost opportunity to improve security
- Data loss, tarnished reputation, cleanup costs and/or breach disclosure
If ransomware attacks are becoming commonplace, organizations need to have tools for reducing their security risk and increase their rapid threat response.
Reducing Security Risk
FireMon’s Risk Analyzer is a Risk Vulnerability Management tool that prioritizes risk remediation efforts. This tool overlays vulnerability data on network security configurations to identify contextual risk (e.g., exploitable hosts), scores vulnerabilities by level of risk to prioritize remediation efforts, and scores firewall rules by the risk they expose to prioritize remediation efforts.
Rapid Threat Response
For rapid threat response, an organization should implement tools that allow resources to spend time investigating events, rather than assembling data, present an unlimited volume of security data is organized, searchable and available, and promoting faster, and provide more efficient threat detection and response. These tools give the ability to aggregate and analyze massive amounts of data, leverage data from multiple structured/unstructured sources, have the ability to assemble disparate data, integrate with workflows for incident triage and response and include rapid data analysis. FireMon’s Immediate Insight finds unknown threats in your environment by providing real-time, automated data assembly to identify threats that evade defense systems, automating associations between data to uncover anomalous activity, and connecting events, users, systems and threat intelligence to discover specific indicators of compromise.
It’s all about being proactive
Cyberattacks are inevitable. The impacts don’t have to be. If an organization is proactive about their security practices, the impacts from these attacks like Petya and WannaCry can be marginalized. Using tools such as Immediate Insight for threat hunting and Risk Analyzer for contextual risk assessment to find network path vulnerability are key to whether or not an organization will be prepared for next time. And there will be a next time.