Defending Against Ransomware Attacks with Zero Trust
As more enterprises migrate to hybrid, multi-cloud, and other cloud-based models, more questions – and risks – arise surrounding data security. Lately, there seems to have been an uptick in stories surrounding security breaches at major corporations. In recent years, and even weeks, there have been several breaches citing ransomware as the culprit of compromised data.
The 2021 The State of Cybersecurity Resilience Report showed a 31% increase in the average number of cyberattacks per company since 2020. This is proof successful attackers have become more sophisticated and lethal in their methods. In recent years, several major multinational corporations were victims of one of the most insidious malware attacks to date. This attack is the perfect illustration of lateral movement across a network that didn’t have the right protocols in place.
This begs the question – how do these attacks continue happening? And from there stems another question – how can they be prevented, especially in complex hybrid and multi-cloud systems?
That’s where zero trust comes in.
What is zero trust?
Zero Trust is a mitigation measure based on the simple premise of “never trust, always verify.” Imagine your workplace. These are people you (generally) trust. Now imagine your workplace contacts have been “whitelisted” – meaning rules are in place stating you can only communicate with your colleagues and only via email. You now have a select subset of people you can talk to only through a certain channel. This is how zero trust works within a network – protocols are established to limit trust and lock down certain communications between different applications and their associated ports.
Traditional security models have operated with implicit trust – giving access to everyone and everything once inside the network. This seems like a simple and sensible solution – but it is inherently risky, particularly as companies move closer toward the adoption of the cloud at scale. Transitioning to cloud-based solutions, all dealing with different technologies like AWS, Azure, and others, as well as the surge in remote work and usage of user-owned devices, increases the potential attack surface.
Implementing a Zero Trust strategy enhances data protection by safeguarding the network at all points – locking down communications between specific applications, and providing access only when and where it’s needed.
How Zero Trust Can Stop Ransomware
To paint a full picture of how Zero Trust can be deployed for ransomware containment, look again at the attack in 2017. In a matter of seconds, entire networks were rendered useless by NotPetya – the most invasive malware deployed to date in an ongoing cyberwar between Russia and Ukraine. Again, NotPetya was not the typical model – this particular ransomware was purely destructive. But it shows just how rapidly these attacks can spread across a flat implicitly trusted network.
In any attack, malware/ransomware should not be able to move laterally across networks at such a rapid pace. The damage inflicted in this instance cost each corporation upwards of nine figures and paralyzed operations for substantial periods. How was something so invasive able to penetrate so deeply into systems that handle large amounts of sensitive information? Too much trust (among a few other factors).
At Caveonix, we believe zero trust is always the best approach for heightened security. Had a Zero Trust strategy been implemented before the 2017 attack, there would have been no point of entry for the malware to infiltrate. Policies would have been established to limit access and control communication between applications, mitigating its ability to spread – which is the key to containment.
Implementing Zero Trust
While Zero Trust policies can be built out manually, it’s very time-consuming and labor-intensive. Our team at Caveonix recommends investing in a digital risk management solution with zero trust capabilities that make managing this process in a cloud-based environment simpler and more manageable.
Our new full-stack digital risk management platform makes zero trust as easy as – literally – the push of a button. We can set consistent, platform-agnostic policies by first collecting all the network flows from every endpoint across the hybrid cloud landscape. Once this visibility to the communication has been built, the endpoints, the session ports, and protocols are then added to a set of ‘whitelist’ policies per cloud platform (AWS, Azure, GCP, IBM Cloud, VMware NSX, and others) and deployed from a unified console. This creates a Zero Trust implementation and is visually shown as fully managed communication paths on the dashboard. If there is a case of a malware infection on an endpoint, all outbound communications from the host are restricted to the whitelisted ports and protocols only, and the spread of infection is prevented. Our platform also can analyze traffic and automatically lock down the server – in the event of an emergency.
We firmly believe every enterprise should implement zero trust as one of its basic security measures. Our Zero Trust capabilities further enhance continuous monitoring support, reducing threat levels and ensuring your data is safe.
Click here to request a demo and learn more about our digital risk management solutions and zero trust capabilities.