Ransomware attacks can take your entire organization hostage, locking up critical resources, such as web, email, and servers until you pay a ransom. Newsweek reported that “ransomware has risen by over 250 percent during the first few months of 2017.” New predictions for 2017 says costs could exceed $5 billion and reach $17 billion by 2021. Since law enforcement, including the FBI, is currently limited in its ability to help in most cases, it’s up to you to defend your organization.
As seen by WannaCry and Petya/Netya attacks, criminals are targeting all industries: healthcare, education, shipping, government agencies, manufacturing, and professional services. Their indiscriminate attacks mean that small, medium, and large businesses are all at risk. It’s not only about losing money directly to criminals, even if demands reach to millions of dollars, because newer attacks focus on operational destruction. These attacks cause:
- Drastic loss of business
- Costly repairs, including the need to overhaul entire infrastructures
- Direct harm to customers (for example, unable to treat medical patients)
- Legal fees and necessitate indemnification of customers and victims
The amount it would cost for you to fully recover from an attack should be considered in your security solution TCO analysis. Due to the persistence and sophistication of today’s ransomware attackers, it’s not a matter of if, but when an attack will occur. What if you could stay safer from ransomware regardless of how it attempts to infiltrate your organization?
Cloud Network Solutions is pleased to offer Cisco Ransomware Defense as part of Security offering. This solution provides a comprehensive security architecture to protect businesses using defenses that span from networks to the DNS layer and email to endpoints. Ransomware software is becoming increasingly pervasive and stealthy. It is quickly evolving beyond attacks on individuals to target entire networks. With more semi-automatic propagation methods, ransomware authors can capitalize on more opportunities to breach networks and move laterally. Recent trends even show groups using ransomware techniques to cause chaos without requesting a ransom.
Since ransomware software can infiltrate your organization in multiple ways, and has the potential to control your entire network, you need advanced, unified, and layered defense. The solution offers a portfolio-based approach, rather than a single product. These solutions work together to prevent ransomware attacks where possible, detect if they gain access to systems, and contain to limit the damage. Holistic, unified, and layered security protects your organization’s critical assets—data, users, customers, devices, and extended network.
The solution comprises of the following components:
- Cisco Umbrella: Blocks DNS requests and provides IP-layer protection in the cloud before a device can even connect to malicious sites hosting ransomware. Cisco Umbrella can also block access to the key exchange, which is required to demand the ransom.
- Cisco Advanced Malware Protection (AMP) for Endpoints: Blocks ransomware from gaining access and encrypting files on endpoint devices. Without taking the files hostage, the ransomware attack fails.
- Cisco Email Security with AMP: Denies spam and phishing emails as well as malicious email attachments and URLs. (Note: The AMP technology is the same that’s applied on endpoints, but it’s deployed at the email gateway for this solution.) Email is the most commonly used ransomware attack vector. Prevent the email from getting to the user, and you prevent the ransomware attack.
- Cisco Threat Grid: Uses static and dynamic file analysis to determine malware. It sends actions to all AMP-enabled devices (networks and endpoints), Cisco Firepower™ Next-Generation Firewall (NGFW), and Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS) to block malware trying to infiltrate your IT environment.
- Cisco Firepower® NGFW with AMP: Offers fully integrated threat-focused NGFW to mitigate advanced threats quicker (for example, blocks known threats and command-and-control callbacks) and streamlines operations.
- Cisco Identity Services Engine (ISE): Develops policies that the network enforces through Cisco TrustSec® These Cisco solutions work together to contain ransomware attacks through these policies. You can dynamically segment your network, which maintains highly secure access to services and applications. This also prevents the lateral movement of ransomware.
- Cisco TrustSec Technology: Performs dynamic segmentation and containment using the network infrastructure and ISE policy enforcement.
- Cisco Stealthwatch: Offers advanced network and data center visibility, analytics, and protection. It detects anomalous behavior, such as ransomware, and alerts ISE to push containment policies to the Cisco TrustSec infrastructure.
- Security Services: Provides advisory, implementation, and managed services to help you before, during, and after a ransomware attack. For example, you can take advantage of immediate triage in the case of incident response. You can also get expert help streamlining deployments of AMP, NGFW, and other solutions.
All of the Cisco security solutions offered by Cloud Network Solutions are backed by advanced threat intelligence such as Cisco Talos Security Intelligence and Research Group (Talos). Talos combats attack groups and develops counterpoint measures that integrate into Cisco security products to stop ransomware in the network. We are based in Toronto dowtown in the heart of financial district and partnering with Cisco also offer Incident response services for any secuirty events happened within an organization.
- Solution OverviewRansomware Defense Solution