Protect your PC

Ransomware Is Not a Detect & Respond Issue

A vast majority of today’s cyber security solutions are failing.

Many cyber security vendors are misguided when it comes to cyber security protection. One of the biggest “buzz phrases” in the security world is detect and respond. Therefore, cyber security vendors are deploying an endpoint detect and respond (EDR) component to their existing products. To be clear, this isn’t all bad. Having the ability to find and remediate malicious attacks is important. Unfortunately, it’s a moot point when dealing with today’s primary cyber threat, ransomware.

Ransomware is a form of malicious software, or malware, that encrypts a user’s files. Therefore they become locked and inaccessible. The only way to restore them is through backup files. If the organization does not have current backups, or if the ransomware encrypted them as well, the entity is out of luck. Detection and respose is not an option. The entity may be able to remove the ransomware through an EDR tool, but the files will remain encrypted.

Ransomware is not a detect and respond issue. Emphasis is in the wrong area. But why?

There are a few reasons…

The traditional approach has always been to detect and respond. This goes all the way back to the very first antivirus solutions, and the technology many still use today — a blacklist. This method allows unknown files to run and only blocks what is known to be bad. The blacklist is no longer adequate due to the fast-paced evolvement of cyber threats.

Additionally for major analyst firms, such as Gartner, to recognize a solution as an endpoint protection platform, it’s required that an EDR component exists. Again, this is important. However, it’s being represented as a silver bullet. It is far from it.

Beyond EDR

As mentioned above, when ransomware infiltrates a system, EDR isn’t going to help to restore the integrity of the company’s files. Detection and response is not an option when facing this threat. As an alternative, entities should be taking a proactive approach to their cyber security. This can be done by deploying a whitelist add-on feature to their existing cyber security solution, or by replacing their cyber security protection with one that includes a whitelist as its primary method of malware detection.

To be fair, whitelisting has traditionally had a bad reputation for creating a plethora of work for IT professionals, may be hard to deploy, and is time-consuming. And for some options, that is still the case. Although, there are programs available that utilize a whitelist that will not bog down hardware or IT resources. IT professionals are encouraged to do their due diligence when it comes to choosing either a whitelist replacement or an add-on program, as they are not all built the same.

Prevention is key

Prevention is critical when facing ransomware. Unfortunately, many businesses, schools, and government entities do not believe they will fall victim or believe their existing cyber security solution is sufficient, that is until it is too late. At least that is what we can speculate Havre Public Schools, Union Grove High School, and Rockdale County officials are all thinking after falling victim to ransomware over the last week.

For more information on ransomware attacks, and which security solution is failing American entities, click here.

333 total views, 9 views today

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.