Ransomware Protection: Focus on Context and Users
Christoph Buschbeck from VMware explains how companies protect their networks and data in a multi-cloud world.
Recent examples show once again that classic security concepts are no longer up to the task of responding to modern threat situations. In the meantime, companies that have fallen victim to a ransomware attack are in the majority.
User data on platforms is especially relevant for ransomware protection. For this, it is important to authenticate the identities of hackers and monitor traffic to detect anomalies in time. The beginning here is the end – the so-called endpoint security for the protection of desktops, laptops, servers and permanently installed devices. After all, these devices are the easiest gateway into the network.
Detect attackers early
Endpoint Security combines multiple attack prevention, detection, and response technologies with intelligent services from an advanced platform. It effectively helps organizations detect attackers early before they can cause major damage, monitor and track attackers’ actions to identify and stop intrusions, and identify root causes as well as vulnerabilities.
Endpoint security technologies protect endpoints from unknown attacks, while traditional security measures such as antivirus software protect a computer or device from already known threats – for example, malware. Endpoint security stands out because it combines prevention with detection and response. In this way, it does not remain reactive, but works proactively.
Modern mechanisms follow zero-trust architecture
By using only perimeter firewalls, for example, IT staff only statically protect against the intrusion of attackers. However, there is no assumption that the laptop or smartphone could have gotten into someone else’s hands or that the attackers could have gained access to the corporate network in some other way.
Modern mechanisms follow a zero-trust architecture, which is based on trusting no one. This architecture includes five pillars: Identity, Devices, Network, Applications/Workloads and Data. With Zero Trust, virtually each of these areas is assumed to have been compromised. Thus, every workload is protected against everyone and only truly necessary connections are allowed.
Simpler network and micro-segmentation
Another key requirement for a modern security concept is microsegmentation. It can enable a secure and dynamic communication network in data centers and cloud environments that isolates each individual communication path, protects it separately, and automatically quarantines the application in the event of an attack. To do this, it is fundamental to have network segments, virtual security zones and partner domains fully mapped as software. Then, an internal Layer 7 firewall can be integrated directly into the hypervisor, making East-West traffic more secure.
See what others don’t
Going a step further, VMware Contexa leverages the full range of network and endpoint technologies to monitor and evaluate all endpoint processes and network packets. The approach is intrinsic transparency. In some cases, most vendors are only able to put security-related information into perspective. Especially for early detection, but also for forensic analysis, one needs access to all data. Faulty configurations and rights are examples to exploit gaps.
Capturing context-produced threat data
Context is important. Context helps to better understand or analyze the infrastructure, the devices and their behavior. The claim to be able to do this as automatically as possible and to make intelligent decisions accordingly is a matter of course. The integration between the different solutions within VMware, but also the cooperation with all well-known security vendors, ensures a seamless security strategy.
Christoph Buschbeck
is Director Central EMEA, VMware Cloud, at it-sa in Hall 7.