3 Ways to Contain the Next Ransomware Attack

By: Absolute Editorial Team | 6/5/2017

The recent WannaCry ransomware attack underscored the importance of better visibility into dark endpoints. Our own audit data found that as many as 20% of endpoints are “dark" and represent hidden security cracks.  Here are tips that can help your IT department contain the next ransomware attack...

1. Gain Visibility Over Dark Endpoints

Organizations invest heavily in securing their environments through anti-malware, anti-virus and patch management solutions. Most organizations assume that more than 95% of endpoints are compliant with required applications and patches.

But the reality is that nearly 20 percent of these endpoints are dark -- either off the network, lost, stolen, or don't have the latest version of critical security applications to manage risk and compliance. If critical security solutions are not running, present, or updated, the device is left vulnerable to attack.

The recent WannaCry ransomware attack crippled thousands of Windows machines and affected organizations in more than 150 countries. This attack targeted endpoints running older, unsupported Windows OS systems and unmatched devices. And, it's these kinds of vulnerabilities that allowed WannaCry to spread so rapidly.

Absolute's technology is built right into the firmware of devices, giving IT pros constant visibility over endpoint devices, data and applications -- whether they're on or off the network. Admins can easily run an OS Systems Update Report within the Absolute Management Portal to find out which devices may still be vulnerable to attack -- and can take appropriate remedial actions.

And, on Absolute's Security Posture Dashboard, you can also benchmark your security metrics, as well as monitor the health of your SCCM, anti-virus, anti-malware and encryption solutions to ensure that devices are protected and secured.

2. Add Resiliency to Business-Critical Applications

If organizations had the visibility into all their devices to know about the presence and health of patch management and endpoint security applications, they would be able to proactively minimize risk. With Absolute, much of this can be automated to ensure that security solutions are installed and effective.

Absolute’s Persistence technology, embedded in more than 1 billion endpoint devices, gives us the unique capability to add resiliency to third-party security solutions. If an application is removed, disabled, or tampered with, Application Persistence initiates an automatic, zero-touch reinstallation so you can proactively eliminate vulnerabilities and prove compliance in the event of a security incident.

3. Improve Containment Capabilities

Increased visibility into the endpoint allows organizations to develop resilient isolation strategies to protect the network from attack, if the worst were to happen. Even with the latest patches, new vulnerabilities are always being found and exploited.

Organizations need to respond faster to emerging threats, often when no patch is available or systems cannot be easily maintained. Absolute’s post-infection detection and Containment capabilities help IT pros easily identify and contain infected devices faster and more effectively than traditional manual processes. This capability also allows an organization to segregate infected devices from the corporate domain to prevent further spread.

Absolute: Take a Firm(ware) stance against ransomware

With malware and ransomware attacks on the rise, organizations need to do what they can to reduce threats and increase responsiveness. We give IT pros the tools they need to spot and remediate dark endpoints, and quarantine infected devices before attacks can spread to other systems.

Questions or concerns about security issues? Contact one of our security consultants in North America or the UK.

Financial Services