facebook logolinkedin logoyoutube logo

Important information for former Skybox customers. Please click here to learn about FireMon’s migration programs

Learn More
Ransomware hero
A LAYERED DEFENSE

Ransomware

FireMon enhances your ability to identify and defend against ransomware attacks

Find, Contain, and Stop Attacks in Their Tracks

Ransomware is the top form of malware used by attackers to line their pockets and cause disruption. Many organizations primarily focus on tools that help prevent ransomware, however it’s just as important to have the means to stop its spread should it slip past those defenses.

Identify Risks and Vulnerabilities
REDUCE MEAN TIME TO IDENTIFY AND RESPOND

Identify Risks and Vulnerabilities

Every attack leaves behind breadcrumbs and ransomware is no different. Telltale signs usually point to command-and-control in some part of the encryption and exfiltration process. FireMon’s SiCL search can be used to find known ransomware sources and identify policy vulnerabilities that can facilitate spread across the network.

  • Detect encryption and exfiltration on ports commonly used by ransomware
  • Stop potential infections by closing vulnerabilities in firewall security policies
  • IP blocking of known ransomware sources to limit exfiltration of ransomware
Network Segmentation
CONTAIN OUTBREAKS

Network Segmentation

If ransomware penetrates your defenses, network segmentation can help limit its lateral spread across the environment. FireMon’s security policy management tools can be used to create network partitions based on business needs with access granted only to trusted users and/or devices.

  • Restrict ransomware damages to a specific subnet
  • Protect vulnerable devices that can’t be defended as well as others
  • Buys critical time to upgrade other devices before they are potentially exposed
Network and Device Discovery
FIND VULNERABLE EXFILTRATION PATHS

Network and Device Discovery

A first-rate ransomware defense strategy ensures every element of your network is running the latest software, is updated regularly, and is configured correctly. The first step in this process is to have a complete picture of every device including infrastructure, clouds, and endpoints.

  • Real-time network visibility and alerts for environmental changes
  • Comprehensive discovery and identification of every network and cloud asset
  • Threat prevention with vulnerability and leak path detection
Defend the Cloud
FIND AND ELIMINATE MISCONFIGURATIONS

Defend the Cloud

Misconfigured cloud accounts, in particular overly-permissive identities, are vectors that can be exploited by ransomware if compromised. FireMon’s DisruptOps platform monitors your environment against industry best practices to detect critical risks that could lead to or spread a ransomware attack.

  • Support CIS Cloud Benchmarks and PCI DSS
  • Configure policies to enforce MFA for admins
  • Ensure no administrative ports are open to the public internet