CISA and MS-ISAC Ransomware Protection

Ransomware is an extremely costly threat which is often ignored by businesses until it’s too late. Unlike a traditional virus or general malware, ransomware is a form of terrorism with the goal of extorting large sums of money from a business.

The Cyber Security & Infrastructure Security Agency (CISA) has defined a national standard for best practices to avoid becoming a victim of ransomware. In addition to this, the Multi State Information Sharing and Analysis Center (MS-ISAC) organization has created benchmarks for industry best practices of secure configurations of operating systems and common applications.

We help businesses understand and implement the best protection against, and recovery from, ransomware using national CISA.gov and industry best MS-ISAC standards.

Part 1 – Best Practices

The first steps in protection are pro-active efforts to prevent vulnerabilities and the chances of exploitation. We have a comprehensive layered approach because an ounce of prevention is worth a pound of cure.

Internet Border Protection

The boundary between sensitive network services of your business and malicious users abroad is your firewall. The configuration of your firewall. Care must be taken to allow your staff the ability to access sensitive resources without inadvertently allowing illegitimate or unintended access.

Internet Interaction

The front lines of protection are your employees and how they interact with the internet. A common method of internal compromise is exploitation of personal browsing habits and lack of protection from malicious content. We have enterprise grade solutions for safeguarding personal interaction online.

Phishing

The easiest avenue of exploitation for a malicious attacker is to deceive someone on your network who has privileges and access to additional resources. We have resources to train staff members on what to look for and how to report suspicious content.

Malware

Software designed to open up back doors or exploit un-patched vulnerabilities are the bread and butter of malicious attackers. Detection of the malware is not the first step of a proper defense. We have a number of procedures and protective actions to help prevent an infectious compromise as well as solutions to isolate incidents and limit the effect they have on an organization.

MSP and Third Parties

It’s critically important that everyone who has access to a network or sensitive data follow best practices to avoid spreading infections between the clients and vendors they work with. We adhere to the same strict and rigorous standards that we promote to our clientele including recommendations from CISA, MS-ISAC, and NIST-800-171.

Part 2 – Response

In the event that pro-active measures were not enough to prevent exploitation of ransomware, we use a layered application of industry best practices to respond to incidents.

Detection

Infections may download additional resources and components from the web before antivirus definitions are able to catch it. Behavioral analysis and deep packet inspection are options beyond simple basic antivirus detection for detecting a malicious presence.

Analysis

Knowing what happened and how an attack became successful is critical for preventing further occurrences. A comprehensive review of logs and actions is invaluable for determining the vector of an attack or infection. This steps is made possible by pro-active processes of log management.

Containment

Containment of a workstation from other peers on the network is a step beyond beyond a basic antivirus quarantine. We have solutions to automatically fence off network endpoints from resources when suspicious activity or possible infections are detected.

Eradication

An unacknowledged issue with ransomware is the susceptibility of a business to be re-targeted by attackers. Paying a ransom does not guarantee the elimination of other back doors or protection from a second attack. We take a layered approach to ensuring exploits are eliminated

Recovery

Recovery involves actions taken inside the organization as well as actions taken with all effected vendors, customers, and clients. Ransomware can effect reputation if it’s not handled properly, however we have steps to help mitigate the effect to the entire supply chain involved.

Questions?

Let’s have a dialogue about your concerns and the need for protection.