ctera minimizing the threat of ransomware with enterprise file services
Post on 15-Apr-2017
205 Views
Preview:
TRANSCRIPT
Enterprise File Services: Minimizing The Threat of Ransomware TrojansJeff Denworth • SVP of Marketing, CTERA
KASPERSKY REPORT: IT THREAT EVOLUTION IN Q1 2016
critical considerations forenterprise data loss
The probability of a natural disaster is not zero, but is a statistically insignificant threat to enterprise business continuity, versus the #1 contributor to business data loss.
Source: IT Policy Compliance Group, 2015
75% of ALL data loss is due to human error
Q1 2015 Q2 2015 Q3 2015 Q4 2015 Q1 2016
Ransomware Revenue
$24M in all of 2015 $209MQ1 2016
$1 Billion(est.) in 2016
35x y/y growth
Asymptotic
Digital Wallets
SMB
Files
delayed execution
2048-bit Keys
Average Ransom: .5-2 Bitcoins (XBT) per Crypto-Locked Computer
Low-End Ransom: $180 @ .5XBT/Computer
High-End Ransom: $1,500 @ 2XBT/Computer
Online Support
8/4/2016
Ransomware Exposure Is Measured By:• # of Systems That Become Infected• Locky: 90K systems per day @ 0.5-1 Bitcoin ea (Forbes)
• Operational Value of Infected Systems & Data
(rumored) Ransom of $3.4M 10-Day Data Outage Medical Records System Disabled Reverted To Pencil, Paper, Faxing Patients/Business Diverted Paid $17,000 in Bitcoins
Physical Firewalls & Email Security • Proper Employee Training
Rule #1: Implement The Right Safeguards
constant updating; open source derivatives
CryptXXX
source: http://trewmte.blogspot.com
Tips for Dealing with the Ransomware ThreatPrevention Efforts- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.- Patch operating system, software, and firmware on digital - Ensure antivirus and anti-malware solutions auto update- Manage the use of privileged accounts- Configure access controls, including file, directory, and network share permissions appropriately. - Disable macro scripts from office files transmitted over e-mail.- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts- Back up data regularly and verify the integrity of those backups regularly.- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
Source: FBI, “Incidents of Ransomware on the Rise” www.fbi.gov
Legacy Solutions Are Built To Back Up In 24+ Hour Increments
Legacy IT Solutions Make Backup RulesDifficult To Enforce For Mobile Workers
Lack of Source-Based, Global & Block-Based Dedupe = 2-5x Slower
Eg. HP Connected Backup Scheduler
Low Overhead (<2% CPU, 50KB RAM) • Global, Source-Based Deduplication • Service Continuance
Rule #2: Recover Systems With Modern Tools
Fun With ‘Delayed Execution’
The CryptXXX Ransomware downloads a delayed execution DLL file, which waits more than 60 minutes before launching on the victim's computer.
After the time has elapsed, CryptXXX carries out its attack, encrypting the victim's files and collecting important data and money in the form of Bitcoins.
• makes it harder for the victims to connect the incident to the source of infection.
• Delayed execution is also a known VM evasion technique
The Three Areas CTERA Focuses On Business Continuity
endpoints offices cloud serversfile sharing & data protection file servers & data protection data protection only
AVG TIME TO FILE VERSION
Sync Average Case:Sub-5 Minutes
Backup Average Case:Once Every 24 Hours
24 Hour Period Threat Minimized
23+ hrs of exposure contained
Rule #3. Sync (Apologies to the FBI)
OK, Yes.... Please Backup
Recover Your SystemTo A Consistent StateIn The Case Of Full Disk Crypto
But, Seriously … Sync.
A Day Is 1/250th Of A Work Year!
Sync is A Form Of Backup
Limitless File Versioning
Push-Button Restore of Backups or VersionsBackups = 1-24hr Granularity • Shares = 5 Minute Granularity
App for all leading smartphones and tablets:
Anywhere data access.Even when your PC is bricked
Access data from any web browser, recover files instantly.
Embedded Anti-Virus Scanning Upon File Download • Supplements A Strong Firewall
Rule #4: Care For What You Share
Does Cloud-Enabled File Sharing Increase The Blast Radius?
Con:Sharing is easer than ever.
Pro:- Central Governance- Global Scanning- Global Roll-Back
Not Really. Collaboration Isn’t New. Benefits Far Outweigh…
1
Fortify The Perimeter • Train Everyone
2
Use Modern Backup To Ensure RPO
3
Sync To Minimize The Blast Radius
4
Care About What You Share
Eliminate the threat of any natural or man made data disaster.
Recover data in real time using secure, cost-effective cloud technologies.
Questions?
top related