Another defense to ransomware
Ransomware continues to be a relative nightmare. These have the ability to quickly ruin the CISO’s day and wreak havoc on operations. A simple click can shut down portions of operations. In Michigan, as an example, a utility’s email system and accounting department were shut down for an extended period. The management finally paid the ransom fee so the operations could continue. If this is not enough of an eye-opening example, we simply have to remember WannaCry and its derivations.
One method to assist in defense is to segment the network. Generally, the Admins point to being knowledgeable of the hardware and software on the system, approved communication paths, whitelisting for the applications, and encryption. Network segmentation is an immense assistance this endeavor. The segmentation limits the amount of potential compromised network area the attackers are able to traverse. Without this, the successful attackers are able to work through the compromised system. With this in place, the attacker’s area to work through is limited by the segment itself. As the attacker is active through a much smaller area, the activity should garner more attention. With the network segments in place, the attacker’s work is increased significantly for a full system compromise. Although this is a viable tool, the implementation may be problematic. The Admin needs to have a full inventory of the network, be able to update this, and maintain a visibility into the network. The best practice with this security method is to implement the security profiles near the endpoint. This is a break from the traditional model of focusing on hardening primarily the perimeter. When configured correctly, this allows for a zero-trust model. No security model is perfect; however, this provides for a greater depth for the network security.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.