Ransomware is the scourge of the modern IT security team. If allowed to spread through your IT environment it could shut down the organization, denying access to mission critical data for potentially days, or even indefinitely. The result? The disruption of service delivery, lost productivity and a hefty hit to reputation and profits. Some believe the best answer is to block it at the email/web gateway and train staff to better spot suspicious emails. While this is critically important, it’s not the whole story. Cybercriminals are also looking to follow another attack vector, aiming straight for your servers – exploiting unpatched vulnerabilities and out-of-support systems.
That’s why server security forms an essential part of the layered defense organizations need to put in place to effectively mitigate the risk of a ransomware attack.
Time to patch
Servers are where your most valuable data resides, so it’s only natural that the bad guys are heading straight for this part of the IT infrastructure. It can be seen in new threats such as SAMSAM, which instead of arriving in the form of a malicious URL or email attachment, exploits unpatched vulnerabilities in servers. SAMSAM has already forced a temporary shutdown of 10 Maryland hospitals which were part of the MedStar network, and has been causing similar problems in the education sector.
No IT security professional can deny the importance of patching. But it’s not always that easy. Modern IT environments are complex heterogeneous systems which require IT departments to manage multiple disparate patching mechanisms. For mission critical systems, patches are sometimes delayed because organizations simply can’t afford the downtime needed to test and roll-out fixes. It’s estimated that it takes enterprise firms 100-120 days on average to patch newly discovered bugs. It only takes one exploit to get through for your organization to hit the headlines as the next major ransomware victim. In addition, for either operational or financial reasons, many organizations are running out-of-support systems like Windows 2003, for which no security patches are available, and in so doing are further exposing themselves to infection.
Increasingly, organizations are running a mix of physical, virtual and cloud environments, adding greater complexity to the security set-up. This complexity can leave gaps which cybercriminals are only too ready and willing to exploit. You might have put in place perimeter security, for example, but what if a compromised endpoint accesses a vulnerable file server? Then you have an attack which started inside the network, bypassing traditional security controls. And of course, there is no perimeter in the cloud…so what then?
Strength in depth
The answer lies in advanced server security solutions like Trend Micro Deep Security. It’s been designed to protect servers in physical, virtual and cloud environments with host-based security to shield servers from a wide range of threats including ransomware. Having one product with multiple controls is a great way to both increase security and reduce IT management overhead. Deep Security includes multiple critical controls that can help stop ransomware from hitting your data center:
Deep Security also offers additional ransomware-specific protection:
Ransomware black hats have found a great way to make easy money. But they’ll keep on adapting their attacks to outwit corporate defenses. So we must be clever and adapt our own security posture to minimize risk at all possible infection points. Trend Micro recommends server security as the final piece in a layered defense strategy encompassing protection at the email and web gateway, the endpoint and the network.
At Trend Micro, we say NO to ransomware! The key is to block the malware before it even reaches the organization – through layered security, including email and web gateway, endpoint, network and servers.
Click here to read Part 6: Visibility is Power – Fighting Back Against Ransomware.