Originally posted on CTECH
The recent REvil ransomware attack has revealed that our computer systems are vulnerable to unknown and surprising pathogens, similar to our vulnerability to Covid-19. The hackers claim that the attack penetrated more than a million workstations, and demanded about $70 million to unlock them. However, the most important question is how the damage could have been reduced or prevented. Let’s take a step back. Antivirus software comprises the first defense line (the IT immune system, if you will). The antivirus operating principle is simple: if malicious code is detected, it is signed by the various antivirus manufacturers and its hash is distributed as an update to the local antivirus installation. Thus, antivirus software can identify most malware and prevent them from damaging the computer.
Nevertheless, similarly to biological systems, some viruses and vulnerabilities are unrecognizable by antivirus software. About 30-50 IT companies, including many Israeli ones, work to discover the meager number of yet undiscovered malware and yet unabused vulnerabilities. This activity is expensive and carries large premiums, but numerous organizations around the world would pay for such protective measures. Think about it – if a security operation is attacked by 1,000 different malware a month, the damage of even a single penetration would be catastrophic. Therefore, an antivirus that prevents 99.9% of attacks will not suffice.
However, systems identifying unrecognized threats are prone to false alarms. No wonder – anyone trying to find a new type of threat is likely to be sensitive to any anomaly or change. Yet the high number of false alarms that these systems provide causes many to ignore them or to disable the systems, quite similar to muting the sound of a cardiac monitor, thus remaining unprotected yet again. One of the methods of containing the damage might sound familiar in the post-COVID world – isolation. For example, in the latest REvil attack, Kaseya software, serving as part of the supply chain, was damaged. The company warned customers over the weekend to disconnect their devices from the internet to prevent encryption of their information, as the malware was raging outside and a cure for it was yet to be found. A network control system, like an internal epidemiological investigation array, can sometimes be useful in stopping the malware spread and preventing some of its damage.
Isolate, test, and decide
NAC (Network Access Control) systems test every device and every user individually – who is the user attempting to connect? What is his role? What hardware does he use? Does he have an antivirus? Are there security updates installed? All these parameters are calculated to a security ranking, according to which network access is granted or denied. In some cases, it is possible to prevent or restrict the use of plug-in USB devices, and in extreme cases, it is even possible to deny usage completely and isolate the “sick” computer from the outside world.
An internal epidemiological investigation array mitigates the risks instead of trying to eliminate them completely. The truth about the Covid-19 pandemic, as well as for computer systems, is that complete isolation of our homes or computer stations will prevent us from catching the virus, but it will also prevent us from functioning. Therefore, IT systems and humans need to establish risk-mitigating measures which will balance the existing threat of infection and the need to connect, meet and interact with the outside world.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com
About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.
About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.