For the second time in just a few weeks, British companies were exposed to ransomware attacks that their ageing security infrastructures couldn’t withstand. Not only did these malicious acts hold personally identifiable information to ransom, they also impacted medical procedures, airline travel and corporate share prices.
The evolving landscape
WannaCry as well as (Non) Petya relied on unpatched systems as an attack vector and helped to highlight businesses’ internal vulnerabilities. Ultimately proving that existing security tools are only adequate if they are updated with the latest software.
Following the impact of the recent of events, it’s become even more clear that quick analysis of threats and the action required is paramount. Especially if firms are to ward off future ransomware waves by strengthening their network security.
Is protecting the perimeter enough?
Unfortunately, for many – the traditional approach to defence has been to build strong perimeter protection around the data centre. The problem with this approach is that security experts need to accept that the company perimeter is changing – with many no longer knowing where it resides today.
In a cloud-based world with mobile workers and the growing trend of the Internet of Things, each device represents its own Internet perimeter and this weakens the traditional network infrastructure we’ve become used to.
That means that for each branch office and each employee, regardless of whether they are inside or outside of the organisation, security must be consistently applied, updated and delivered in real-time. Otherwise, there is no way to control access to the network or the cloud applications those employees are using. Security infrastructure must also provide the flexibility that companies need to adapt to the evolving threat landscape and changing attack vectors. Only recently we have observed evolving threats variants that were highly virulent in nature with Peyta and this game of cat and mouse, with enterprise playing catch-up, is only going to escalate. No company can strive for maximum security without examining new tools and techniques to thwart whatever new malware may appear in the future.
Patching isn’t the be all and end all of protection
Just taking WannaCry and (Non) Petya as an example, there are numerous ways to enhance security. Even if servers, browsers, browser plug-ins and operating systems are up-to-date, patch management lags behind. In fact, for many IoT devices, patching remains physically impossible with security functions not embedded from the get go.
In addition, the traditional security approaches that apply a range of best-of-breed technologies from different manufacturers is complex to administer and manage. Everything in an organisation’s security infrastructure will range from proxies and firewalls to sandboxing and SIEM systems, delivered by different vendors – making it increasingly difficult to keep all technology updated across all users at all sites. Furthermore, the latest WannaCry ransomware attack found this vulnerability loophole in the shape of a Microsoft Windows 7 patch which was not completely up-to-date across all company locations.
Staying secure with a real-time approach
To ensure complete protection moving forward, a highly-integrated security platform approach is required. Such an integrated approach, with modules for Web Security, Next Generation Firewall, Sandboxing and DLP, enables the real-time comparison of log information for better insight. It also means that separate modules can communicate with each other to provide the security function with a more accurate risk portfolio.
Having real-time capabilities means the data traffic can be scanned inline and that the malware and malicious codes can be blocked and stopped almost immediately. The detection of malicious code can be delivered through Big Data Analytics. This takes place within a platform and replaces the external, time-consuming effort of data analysis in a SIEM system. As a result, companies can monitor traffic via an intelligent processing method, within an integrated infrastructure and paint a clear and accurate picture of their risk exposure in real-time. This arms security teams with the data they need to pre-empt and thwart attacks.
Real-time monitoring also gives companies the advantage of speed need to get ahead of attacks. If attacks cannot be prevented, at least the malware can be identified and further damage and spread of infection can be mitigated.
By having real-time information, security functions able to stop WannaCry and (Non Petya) had the time to block ports 135, 139, and 445 of the firewalls to prevent further propagation. The problem however, is that few companies can manually update firewall rules across all sites in real-time. In addition, real-time analysis of the logs, often doesn’t occur.
Implementing an integrated security platform enables real-time policy updates and their enforcements so that all users across the entire company benefit from the update. A cloud-based platform can do this across all users, all locations and all devices, regardless of the location of the device.
Well equipped for the future of ransomware and the GDPR
Far more than the fear of an isolated breach, organisations are increasingly concerned about their ability to comply with the GDPR. Not only will this legislation call out those who are not cooperating with data privacy, but it will also hit them with a hefty financial fine of up to 4 per cent of the annual worldwide turnover of the preceding financial year. The real-time reporting functionality of an integrated security platform can support here, too.
For example, to report a breach within 72 hours, companies must better understand their data flows and provide an overview of their threat status. For this purpose, structured security emergency plans embedded with real-time capabilities, can help in the case of an infringement.
Only those organisations that stop viewing the GDPR as a hindrance and more of an opportunity to achieve a greater level of data hygiene will be the ones that get ahead. By addressing the lack of consistency in data handling across the business, organisations have this chance to protect themselves while regaining the trust of those they need the most: customers.
Ultimately, in an era of the cloud, real-time alerting and policy enforcement is imperative for the health and longevity of any business to monitor, mitigate and recover from any attack coming their way.
Chris Hodson, EMEA CISO at Zscaler
Image source: Shutterstock/Carlos Amarillo