Maksim Kabakou – Fotolia
Beyond the usual suspects – monitoring for attacks, patching vulnerabilities and regular backup checks – what else can we do to protect ourselves against ransomware? So many technologies have been heralded as the silver bullet to stop these threats in their tracks, but have hardly proved their mettle.
Artificial intelligence and machine learning has been discussed for years in the infosecurity world, and there are some applications of the technology that are helpful. But the technology is still, in my opinion, embryonic and when employed for threat detection beyond a limited scope, it can create a false sense of security and may lead to complacency.
It is hard to cut through the technology hype and marketing spin to uncover the technologies and methodologies that might deliver on their promises. Here are some of the ransomware protection tactics that I am keeping my eye on.
The old way of thinking about cyber security was imagining it like a castle. You’ve got the vast perimeter – the castle walls – and inside was the keep, where employees and data would live.
But now organisations are operating in various locations. They’ve got their cloud estate in one or more providers, source code residing in another location, and vast amounts of work devices that are now no longer behind the castle walls, but at employees’ homes – the list could go on for ever.
These are all areas that could potentially be breached and used to gain intelligence on the business. The attack surface is growing, and the castle wall can no longer circle around all these places to protect them.
Attack surface management will play a big part in tackling this issue. It allows security and IT teams to almost visualise the external parts of the business and identify targets and assesses risks based on the opportunities they present to a malicious attacker. In the face of a constantly growing attack surface, this can enable businesses to establish a proactive security approach and adopt principles such as assume breach and cyber resilience.
Next is security mesh architectures. This takes a defence-in-depth strategy to the next level. Rather than every tool running in a silo, a cyber security mesh enables tools to interoperate and talk to each other, exchanging security information and telemetry. For instance, if something malicious happens in an identity store or new threat intelligence is made available, the different technologies deployed can change their posture depending on the relevant information.
It is an interesting challenge to figure out how we can get everything to work with each other, as well as changing dynamically. While I feel that we are a couple years away from this coming to maturity, the idea of policy, intelligence, identity, interoperability and all those parts of cyber security coming together in one concept to collaborate could be game-changing. We have seen the start of this with technologies such as SOAR, Open Policy Agent and Kyverno, but this is only the start.
These technologies are somewhat in a distant future. But something that security and IT teams can, and should, look into now is privileged access management. I am a big believer that everyone needs to have some form of controlled identity on the corporate network. However, not everyone has to be an administrator and if everyone is, then it’s much, much easier for ransomware to proliferate.
You need to ensure that you have separation between high-privilege and low-privilege environments and users. While this might seem like the basics, once you get this in place, you can start thinking about implementing something more complex, such as attack surface management or mesh architectures, further down the line.
Paul Lewis is chief information security officer at Nominet
Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most …
A growing space industry is creating business opportunities in space, ranging from Earth observation and communications to space …
The potential for metaverse projects exist across a range use cases. Here are enterprise-focused and consumer-focused examples …
Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company’s ties to …
LastPass disclosed a new breach, related to the previously disclosed attack in August, that resulted in a threat actor obtaining …
Ethical hacking can be a rewarding career, but it requires tenacity, curiosity and creativity, among other traits. Oh, and you …
Wireless networking skills are in high demand. Having a top-notch wireless network certification can help networking newbies and …
This history of enterprise wireless takes you from WLAN development inside the enterprise to cellular data services outside the …
Enterprises must choose between single- or multivendor SASE approaches, as well as DIY or managed service options. Experts …
In a Linux system, IP addresses correspond with a public or private network. This tutorial outlines how to find public and …
In a software-defined network, SDN data center controllers are a crucial component. Consider factors such as performance and …
HPE rolls out lower-cost supercomputers designed to handle complex AI-based workloads. Dell looks to meet its longtime rival in …
Data observability benefits include improving data quality and identifying issues in the pipeline process, but also has …
The cloud giant expanded its data portfolio with a series of features designed to help organizations more easily scale database …
The cloud computing giant at its AWS re:Invent 2022 conference introduced a series of new capabilities to help organizations …
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info
source
—
Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…