Jul 15, 2020

Rapid7: Ransomware Playbook - prevention and action

William Girling
3 min
Ransomware
In our last article on Rapid7’s newly released Ransomware Playbook, we explored how ransomware is changing and how to identify risk...

In our last article on Rapid7’s newly released Ransomware Playbook, we explored how ransomware is changing and how to identify risk.

Whilst knowing the shape of the cybercrime landscape is a vital part of combatting it, no security strategy can be complete without informed details on how best to prevent a cyberattack or deal with one already underway. 

The best defence is prevention

With cybersecurity, as with physical health, it is far better and easier to nip problems in the bud before they take on larger, more serious proportions.

First and foremost, importance should be placed on ‘user education’ regarding ransomware to ensure an organisation has a solid surface-level defence.

“User education is the first line of defence in our preventative arsenal - people should not be clicking suspicious links or visiting websites that are known carriers of malvertising networks. Organisations should look to add technology and content that reminds the user to be cautious when the user needs to be cautious,” says the report.

Other useful methods for prevention include:

  • Reducing the company’s ‘attack surface’ by segmenting system networks to prevent total infiltration from a single point, as well as siloing mission-critical systems from others.
  • Administrate account permissions.
  • Use mail scanners to filter suspicious files or attachments.
  • Scan for vulnerabilities regularly and thoroughly and patch any weaknesses quickly.
  • Monitor processes and macro scripts which could facilitate malware.

Taking direct action

Establishing a good culture of ransomware prevention should stand you in good stead for avoiding a cyberattack in most instances. However, if a threat has been detected, it is often too late and consider further prevention. Instead, Rapid7 states that organisations must take swift and decisive action.

Three options are immediately available:

  1. Isolate and remove the infected system from the rest of the network to contain the threat.
  2. Ensure that all files are backed-up regularly and can be restored at short notice if required.
  3. Where possible, issue new assets in cases where you have reason to suspect that old equipment has been compromised or poses a substantial risk.

Most importantly, Rapid7 advocates that companies do not succumb to the temptation of paying a ransom to restore systems, even if it initially appears the most expedient solution:

“Most stances, ​including the US FBI​, recommend not paying the ransom demanded by cybercriminals. Similar to other criminal actions, it’s recommended not to negotiate since there is no guarantee the criminals will send you the decryption keys and you’ll regain access to your files. 

“Paying the ransom will encourage criminals to continue carrying out these attacks by funding their activity.”

How can Rapid7 benefit your business?

As its Ransomware Playbook makes clear, Rapid7 is an expert on every layer of cybersecurity which can help ensure the integrity of mission-critical systems and valuable data. 

For risk management and preventative measures, the company’s InsightVM​ solution will identify and prioritise core assets that some organisations might not consider as being at risk from malware.

Regarding incident detection, InsightIDR “uses a variety of mechanisms to detect ransomware in your environment utilising the configured foundational event sources and the endpoint agents.” 

It does this by tackling the four distinct stages of ransomware, namely: initial ingress, code execution/download/deployment, defence evasion and spread.

“Beyond curated threat signatures, InsightIDR comes with pre-built Attacker Behavior Analytics (ABA) detections built by the Threat Intel team. 

“ABA applies Rapid7’s existing experience, research and practical understanding of attacker behaviours to generate investigative leads based on known attacker tools, tactics and procedures (TTP),” says the report.

Proper utilisation of these tools, in addition to Rapid7’s constantly expanding library of plugins and workflows (Extensions), will make an organisation thoroughly resilient to the trials of modern cybersecurity.

Education, practical knowledge and strong partnerships will all play their role in ensuring that ransomware doesn’t impact your business; Rapid7 is amongst the best at fulfilling all three.

Share article

Jun 11, 2021

SLK Software: Optimising performance in the digital economy

SLKSoftware
AI
Automation
CNAInsurance
2 min
Recently featured in our profile of CNA Insurance, we take a closer look at how SLK Software is powering disruption in the digital era

Established in 2000 in Bengaluru, India, SLK Software recognises that fast-paced digital transformation is creating an unprecedentedly fertile period of opportunity for global businesses.

As such, with a firm belief in the power of simplification and automation to yield new and exciting experiences, the company has been challenging the status quo for over 20 years through an approach that is:

  • Relationship oriented
  • Strategically focused on a desired outcome
  • Reliant on automation tech

Believing in purposeful automation

SLK’s specialisation in automation tech is full spectrum: artificial intelligence (AI) and machine learning (ML), Computer Vision, Natural Language Processing (NLP), Robotic Process Automation (RPA), and more, are all part of its core competencies. 

Citing 90% productivity improvements, 30% business growth through better customer experiences, and up to 20x faster go-to-market capabilities, the reasons for its focus are clear.

The company currently serves the banking, financial services, insurance, retirement services, M&A, manufacturing, and supply chain sectors. Solutions offered include:

Accelerating workflow processes

In addition to these services, SLK offers three products/platforms: Avo Assist - RPA, Avo Assure - Test Automation, and Avo Discover - Process Discovery.

 

 

The latter is a tool specifically calibrated to enable business users an easy method for capturing document processes. This can occur across any application, with these individual tasks then seamlessly combined for both improved compliance and governance. 

Carol Castelloni, VP of Transformation at CNA Insurance, highlighted this as providing critical support in helping the company meet its business objectives:

“SLK’s Avo Discover tool accelerates how we can document workflow processes, measure impacts on enhancements, and identifies future automation opportunities.” Liberated from having to focus on these process-driven aspects of business, CNA Insurance has been able to refocus its attention on creative problem-solving instead.

Ultimately, this is the most important benefit that SLK brings: it optimises the back end so that clients can channel their energy towards what matters the most, customers.

Read more about SLK Software and CNA Insurance in the June 2021 edition of FinTech Magazine.

Pictured: SLK Software team (source)

Share article