According to a survey commissioned by Fortinet, 94% of organizations indicate that they are concerned about the threat of a ransomware attack. It's not a surprise since 67% of them also said they have been targeted by a ransomware campaign. Ransomware is likely to change and become more sophisticated, but it's certainly not going away.
For MSSPs, preventing ransomware attacks is critically important to customers. But when security is deployed ad hoc, the inevitable vendor and solution sprawl creates complexities that limit visibility and restrict control. Not only is it a management and logistical challenge for an MSSP, it offers new opportunities for cybercriminals who are always looking for new ways to circumvent security controls and infiltrate networks. The only way MSSPs can cost-effectively serve multiple customers is to standardize on a platform that makes it possible to provide robust security that can scale.
Amid all the alarming headlines about new tactics that cybercriminals are using, it's easy to lose focus on the fundamentals. While ransomware is certainly grabbing many headlines, its potential to cause havoc is really symptomatic of structural issues in security architecture. At the heart of the ransomware threat is lack of visibility and control, as well as the need for enhanced detection and mitigation at speed and scale. Traditional multi-vendor, siloed solutions simply are not up to the challenges of today’s sophisticated threats. To help better manage risk, MSSPs need to consider these five areas help reduce ransomware risk and mitigate damage in the event of an incident.
1. Sandbox Inspection and Analysis Of Incoming Payloads
Email is one of the most popular attack vectors for cybercrime. A secure email gateway solution provides advanced multilayered protection against the full spectrum of email-borne threats, and sandboxing provides an added layer of protection. Although cybercriminals create custom code and attempt delivery through multiple avenues, in the end, malware needs to run to complete its objective. Integrating sandbox inspection to examine runtime behavior is a powerful technique that goes beyond looking at static attributes.
2. Real-time URL Inspection
Cybercriminals can use the web to host and change malicious payloads as easily as updating a website. It’s essential to check the rating and content of URLs at the time of a click, ideally in an isolated environment, not just when an email passes an inspection point. A web application firewall also helps protect web applications by filtering and monitoring HTTP traffic to and from a web service. It's a critical security element because it acts as the first line of defense against cyberattacks.
3. Endpoint Hardening
It's more difficult for cybercriminals to gain unauthorized access if the endpoint attack surface is reduced by disabling unused services, restricting user privileges, and performing physical or virtual patching of vulnerabilities. Traditional antivirus technologies don’t always do a good job, and as threats continue to evolve, it's more difficult for them to keep up with the changes. Endpoint devices should be protected using advanced endpoint detection and response solutions.
4. Zero Trust Implementation with Multi-factor Authentication.
The zero-trust security model assumes that anyone or anything that attempts to connect to the network is a potential threat. With zero trust, every user or device that attempts to access the network or application must undergo strict identity verification using multi-factor authentication (MFA) and posture checks before access is granted. MFA requires users to provide multiple credentials before they are granted access. Requiring more than a user name and password helps prevent cybercriminals from gaining “authorized” access using stolen credentials. Adding a third factor for authentication is an easy and effective way to improve security.
5. Firewalls and Network Segmentation
As cloud adoption increases, network segmentation is increasingly important, particularly in multi-cloud and hybrid cloud environments. Network segmentation partitions a network into smaller sections or subnets according to business needs. Access is granted according to role and current trust status, which helps prevent lateral movement of threats within the network. Segmentation also gives security teams increased control over traffic. Next-generation firewalls (NGFW) filter network traffic and provide advanced visibility, which can help identify and prevent advanced threats and malware.
MSSPs Must Continuously Monitor Security
Despite all the best technologies and training, incidents will inevitably happen. Fortunately, multi-stage ransomware campaigns often have indicators that can be detected before damage occurs. An expert 24x7 security team monitoring activity can recognize these indicators and work to contain the attack.
MSSPs need a cybersecurity mesh platform that can cover all potential entry points and attack stages of ransomware campaigns. By taking advantage of a platform that shares threat intelligence rather than trying to integrate an array of point products, MSSPs can more easily detect and protect against attacks and use advanced automation to further minimize the impact of incidents. All of the solutions in the Fortinet Security Fabric are fully integrated for converged security and networking that works to protect against today's evolving threats.
Author Jonathan Nguyen is VP of field CISO at Fortinet. Read more Fortinet blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.