When a computer in an enterprise is “infected” with ransomware, it automatically and persistently tries to jump other computers and propagate through the network.
One employee (out of thousands) can accidentally (or intentionally) install a ransomware, and until now, it has been almost impossible to prevent it.
Agentless security now makes it possible to isolate two networks (end user computer networks and enterprise server networks) from each other, stopping ransomware from jumping from an individual user’s domain, when privileged access systems and policies are put in place.
Ransomware attacks are becoming increasingly sophisticated as cyber criminals have more incentive to hack into corporate and government systems, and more money to invest in new means of attack, so much so that the US FBI has issued warnings.
For example, it is no longer necessary for a person to click a link to cause an infection to occur. Legitimate websites are now seeded with malicious code that can infect a user, when that user simply visits the site and spends time on that page.
And while many more companies and governments than we will ever know about pay hackers to stop the attacks – “the ransom” – paying means more resources for cyber criminals to use, so it is imperative that those responsible for protecting data, systems and networks mitigate ransomware threats.
There are, of course, the standard practices for “safe computing” including educating employees about email attachments, links and downloads, having policies in place to shut down the network and notify law enforcement and partners, backing the system up in the event of a shut-down, and more.
But above all, a solid access management system built into the overall security architecture, with a strong Privileged Access Management (PAM) platform, is both preventative and practical.
Kron’s agentless PAM security is done through virtual appliances. Agentless-based security is managed through APIs that interact with appliances managed by the host. A virtual appliance is deployed to the host on the system, with all scanning and recording managed through the appliance.
Because of the flexibility and scalability of our PAM agentless technology, this also means everything can be managed from a single view, a “single pane of glass” that can oversee physical, virtual and cloud-based infrastructure security.
We deploy agentless-based security directly to each physical or cloud server and manage them from a single console, using a unified set of policies and workflows, permissions and auditing capabilities – which also means that, when a ransomware attack becomes apparent, it can be identified faster, with the offending end-point immediately shut down.
Using agentless PAM also means a lot more economic and operational efficiency: with no agent to deploy, there are no updates, no pattern files, and minimized management requirements, particularly given the automation Kron’s solution provides.
This extends into the ROI – with agentless PAM from Kron, not only are enterprises saving on the ransom, they save on operational costs, given the reduced resource utilization and licensing fees.
There is a new set of “best practices” when it comes to ransomware, when agentless PAM is in place.
IT and OT will still need to white list applications, but can also automate more security measures by writing access to certain files, and limiting permission to fewer directories, and keeping in place privileged user access to infrastructure elements and policies.
Bottom line – ransomware can be addressed, preventing the spread of debilitating code at the source. To learn more about how a solid PAM strategy can mitigate ransomware impact, contact us.
Author: Evgin Duyarli