Ransomware Prevention: What Your Security Architecture Must Do

2 min. read

Ransomware can bring your business operations to a halt, ­encrypting sensitive data and forcing you to pay the attacker to regain access. Keeping your organization safe requires a fundamental shift toward ­prevention, and away from simple detection and remediation ­after infection. The right architecture can make prevention real. You can use this checklist to implement a true prevention-based platform.

Related Video

Ransomware (Part 1)

Step 1: Reduce the Attack Surface

  • Gain full visibility and block unknown traffic.
    Identify all traffic on the network and block unknown, potentially high-risk traffic.
  • Enforce application- and user-based controls.
    Restrict access to SaaS-based tools for employees who have no business need for them.
  • Block all dangerous file types.
    Not all file types are malicious, but those known to present higher risk, or associated with recent attacks, can be controlled.
  • Implement an endpoint policy aligned to risk.
    Enforce policies that restrict noncompliant endpoints from connecting to critical network resources.

 

Step 2: Prevent Known Threats

  • Stop known exploits, malware, and command-and-control traffic.
    Blocking known threats raises the cost of an attack and ultimately reduces the likelihood of an attacker attempting a breach.
  • Block access to malicious and phishing URLs.
    Prevent users from inadvertently downloading a payload or having their credentials stolen by blocking known malicious and phishing URLs.
  • Scan for known malware on SaaS-based applications.
    SaaS-based applications represent a new path for malware delivery and must be properly secured.
  • Block known malware and exploits on the endpoint.
    Endpoints are common targets for attacks. Ensure you are keeping your endpoints secure by blocking any known malware or exploits.

 

Step 3: Identify and Prevent Unknown Threats

  • Detect and analyze unknown threats in files and URLs.
    As new files are submitted, detonate, analyze and look for malicious behavior.
  • Update protections across the organization to prevent previously unknown threats.
    Automatically push protections to different parts of your organization’s security infrastructure.
  • Add context to threats, and create proactive protections and mitigation.
    Developing protections requires context to better understand the attacker, malware and indicators of compromise.
  • Block unknown malware and exploits on the endpoint.
    Once unknown threats or trends of suspicious behavior have been identified and blocked, block unknown malware and exploits on the endpoint.