Defending the endpoint in the age of remote working
With many employees now working from home , organisations are exposed to a vastly increased attack surface and must re-assess their endpoint security strategies to ensure they are equipped for this new environment . Tamer Odeh , Regional Director at SentinelOne in the Middle East , tells us how enterprises can best improve their endpoint security and why prevention is crucial for defending against sophisticated attacks .
tTell us about ransomware – how much of a
threat is it to modern organisations ?
Ransomware attacks continue to pose a threat to modern organisations , especially during the COVID-19 pandemic . In fact , the increasing diversity and total volume enabled by RaaS and affiliate schemes , along with the low risk and lucrative returns , only serves to suggest that ransomware will continue to evolve and increase in sophistication for the foreseeable future .
There are different types of ransomware . Examples like DopplePaymer ransomware employ lightning-fast payloads to perform over 2,000 malicious operations on the host in less than seven seconds . This means that legacy detection and response methods are failing to prevent infections , and defenders ’ response to ransomware often starts after the ransomware has achieved its objectives .
Moreover , in the case of Maze ransomware , it has plenty of time to encrypt tens of thousands of files . Unfortunately , if a business relies on the cloud , for virus signatures or reputation lookups , time plays a huge role in the process .
Huge damages can occur in one minute . In one test , SentinelOne ’ s Labs recorded 23,969 events triggered by Maze within the span of a mere 60 seconds . Each one of those events is a file being encrypted in preparation for hackers heavily threatening a company ’ s head and demanding a ransom to unlock its data .
All this damage underscores why local protection models – as in , those that are located on endpoints and don ’ t need to pause to fetch marching orders from the cloud – are superior to products that suffer from cloud lag and the dwell time it grants attackers .
Can you give us a summary of the methods of infection ?
There are various methods of infection based on various situations . Some ransomware criminals take advantage of the challenges and vulnerabilities created by BYOD , IoT and Digital Transformation initiatives using technologies like social , mobile , cloud and software defined networks . Remote workforces demanding the ability to work from anywhere at any time while accessing company data and using cloud applications also create challenges and increase the attack surface .
However , usually methods of infection include the below :
• Breaches through phishing and social engineering
• Infection via compromised websites
• Malvertising and breaching the browser
• Exploit kits that deliver custom malware
• Infected files and application downloads
• Messaging applications as infection vectors
• Brute force through RDP
Other ransomware criminals recruit employees inside the firm as a means of breaching security controls which is a technique one would normally associate with nation-state actors engaged in espionage .
Are remote workers more vulnerable to ransomware attacks ?
Yes , they definitely are – with millions of people working from home , there is an enormous attack surface ripe for the taking by malicious actors . It is no trivial task to provide the same levels of security for all these employees , operating outside the ( relatively ) safe perimeter of their offices and local intranet .
82 INTELLIGENTCIO www . intelligentcio . com