Ransomware is becoming a viable business for cybercriminals and a rapidly growing threat for enterprises, healthcare organizations and end users alike. Widespread incidents like the WannaCry attack -- where victims must pay not just ransom to recover their data and systems, but also expenses related to downtime and system recovery processes -- mean ransomware defense should be a top priority in every organization. According to the FBI, ransomware attacks were estimated to cost victims $1 billion in 2016. Endpoint security provider Carbon Black found that ransomware attacks rose 50% in 2016 compared with 2015.
While enterprises are likely already using some or most of the relevant tools that prevent malware attacks, they may have been deployed years ago and not updated with the latest ransomware defense features. Enterprises should revisit their system management, endpoint security and email security tools to see if they could be better deployed or should be replaced.
Organizations should evaluate these three tools based on features that contribute to a different portion of ransomware defense. A good system management tool not only enforces and automates endpoint patching, but can also do a software census, helps remediate vulnerabilities in applications and handles multiple different configurations based on business need.
Endpoint security tools now extend beyond firewall and antimalware capabilities to include application whitelisting and blacklisting, URL filtering and behavioral analysis features. Email is one of the most common ransomware infection vectors, and security for it has undergone a big shift to include more malware detection and blocking features.
This buyer's handbook explores how organizations can improve ransomware defense with key security tools and features, essential knowledge for all infosec pros.