By Prashant Batra at Pulse Secure

While most enterprises are still recovering from WannaCry, the world has now been hit yet again with a large-scale ransomware attack. On June 27, many businesses and end-users woke up to Petya taking control of their devices.

With the Digital Age comes a new weapon, cyberattacks!

Critical Questions Every Enterprise Should Ask

  1. How should enterprises prepare against cyberattacks?
  2. What can we learn from previous cyberattacks to implement a strategy to better protect ourselves, our interests, and take control of our fate?
  3. How does ransomware take hold of enterprises so quickly and easily?
  4. How can businesses protect data if users won’t upgrade their machines?

Petya is an example that we can learn from and prevent by first understanding its anatomy. How does this attack work? It might sound like a broken record but these types of attacks exploit vulnerabilities in software systems, in this case within an older release of Windows known as “EternalBlue.” You might be asking yourself: If this is a known vulnerability, why hasn’t it been addressed by Microsoft? Guess what – it has been and for quite some time.

It turns out, that making security patches/updates available does not necessarily translate into those patches getting installed on machines.

If You Avoid Change, You Invite Cyberattacks

Specifically, in the enterprise world, where every change is best avoided, patches are slow with their uptake and not always implemented. Even when businesses decide to deploy a security patch, it does not translate into users actually accepting and installing those patches. In the case of Petya, it’s not just about patching alone. It’s about a strategic combination of security practices and solutions that seamlessly deliver accessibility of resources. This continues to remain a challenge within the growing landscape of other technologies like BYOD and IoT, adding more to the layer of challenges IT teams are presented with each year.

Meet the Secure Access Suite, from Pulse Secure.

Pulse Secure solutions are built with the notion of ‘WHO’ gets access, from ‘WHAT’ device, to ‘WHICH’ resources. In our world, we don’t rely on the ‘authenticated’ user but we go a step further and define our authentication as a mix of User Identity + Device Compliance. A valid user coming from a ‘Compliant’ device gets access to resources. A valid user coming from a ‘Non-Compliant’ device can get limited or no access while a valid user coming from a ‘Partially compliant’ device gets access to limited resources.

Pulse Secure solutions are built with a component called ‘Host Checker’. Host Checker is the ability to scan a connecting endpoint, assess its security posture, and uses that to define the level of access to enterprise resources.

So how could this have protected you against Petya? Admins can set up a policy requiring minimum security patch versions to be installed on connecting devices. If not found, there is limited to no access. This would encourage users to apply the needed patches to their machine, without which they wouldn’t get access to anything.

Ransomware is here to stay, evolve, and attack again. Let’s stand up to ransomware together and strategize on the right solution for your enterprise.

View the original article by Pulse Secure.

Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7

Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

Connect-the-Classroom scheme  is allowing schools to upgrade their infrastructure to a solution that should last 10 years

Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package

IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.

We provide an automated Cybersecurity awareness training solution covering both simulated phishing and training courses.

Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.

Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.