Ransomware prevention techniques with AutoNSX
Protecting Ransomware is not a trivial task, especially in complex environments. Some organizations can revert back to paper in case of IT failure others are more sensitive to poor IT service. Imagine an entire wind turbine to stop producing energy.
Anti-ransomware techniques includes multiple areas of defence, including:
- Proxy Server/ Web Filter
- Spam Filter
- DNS Sinkhole
- Network Segmentation
- Virtual Machine Segmentation
- Network Intrusion Detection and Protections (IDS/IPS)
- Fully patched and Updated
- No Unnecessary Applications and Services
- No Admin Rights and many more
In this study we are focusing on Network Segmentation in the Data Centre and particularly not implementing incorrect rules to the firewall. How an organization can leverage AutoNSX Software Solution to limit Ransomware across their Data Center. Firstly, let’s briefly touch on what segmentation is.
Segmentation is a technique that isolates traffic patterns to a minimum level so Application can serve clients but at same time not allow more that is needed, a.k.a Zero Trust. Implementing segmentation is not so easy as it requires deep knowledge of traffic patterns and personnel knowledge of the tools to enforce segmentation. While segmenting an application, usually a specific application has communication flows outside the DC to the Internet. Some of the hosts to which the Application has communication might be C&C (Command and Control) of the Ransomware and while segmenting Security Operations would like to block such traffic. Digging in every single flow will take decades, especially when segmenting the entire Application landscape in DC.
AutoNSX are segmenting Applications in minutes in comparison with other tools on the market that require days and weeks to achieve same goals.
To enhance segmentation, AutoNSX Software Solution has built in detection possibilities, based on user defined criteria to highlight if a particular IP address is present in traffic flows while implementing micro-segmentation and warn user of potential hidden dangerous.
In AutoNSX Software, users can create a rule condition to match specific criteria for Ransomware vulnerable IPs. The IP address lists can be simple copy pasted in the Source/Destination fields. Those rules created for Ransomware vulnerable IP addresses will be reused and conditions will be applied on every single segmentation process.
AutoNSX- Segmentation made easy.