Ransomware is the top form of malware used by attackers to line their pockets and cause disruption. Many organizations primarily focus on tools that help prevent ransomware, however it’s just as important to have the means to stop its spread should it slip past those defenses.
Find, Contain, and Stop Attacks in Their Tracks
REDUCE MEAN TIME TO IDENTIFY AND RESPOND
Identify Risks and Vulnerabilities
Every attack leaves behind breadcrumbs and ransomware is no different. Telltale signs usually point to command-and-control in some part of the encryption and exfiltration process. FireMon’s SiCL search can be used to find known ransomware sources and identify policy vulnerabilities that can facilitate spread across the network.
- Detect encryption and exfiltration on ports commonly used by ransomware
- Stop potential infections by closing vulnerabilities in firewall security policies
- IP blocking of known ransomware sources to limit exfiltration of ransomware
If ransomware penetrates your defenses, network segmentation can help limit its lateral spread across the environment. FireMon’s security policy management tools can be used to create network partitions based on business needs with access granted only to trusted users and/or devices.
- Restrict ransomware damages to a specific subnet
- Protect vulnerable devices that can’t be defended as well as others
- Buys critical time to upgrade other devices before they are potentially exposed
FIND VULNERABLE EXFILTRATION PATHS
Network and Device Discovery
A first-rate ransomware defense strategy ensures every element of your network is running the latest software, is updated regularly, and is configured correctly. The first step in this process is to have a complete picture of every device including infrastructure, clouds, and endpoints.
- Real-time network visibility and alerts for environmental changes
- Comprehensive discovery and identification of every network and cloud asset
- Threat prevention with vulnerability and leak path detection
FIND AND ELIMINATE MISCONFIGURATIONS
Defend the Cloud
Misconfigured cloud accounts, in particular overly-permissive identities, are vectors that can be exploited by ransomware if compromised. FireMon’s DisruptOps platform monitors your environment against industry best practices to detect critical risks that could lead to or spread a ransomware attack.
- Support CIS Cloud Benchmarks and PCI DSS
- Configure policies to enforce MFA for admins
- Ensure no administrative ports are open to the public internet