By Prashant Batra at Pulse Secure
While most enterprises are still recovering from WannaCry, the world has now been hit yet again with a large-scale ransomware attack. On June 27, many businesses and end-users woke up to Petya taking control of their devices.
With the Digital Age comes a new weapon, cyberattacks!
Critical Questions Every Enterprise Should Ask
- How should enterprises prepare against cyberattacks?
- What can we learn from previous cyberattacks to implement a strategy to better protect ourselves, our interests, and take control of our fate?
- How does ransomware take hold of enterprises so quickly and easily?
- How can businesses protect data if users won’t upgrade their machines?
Petya is an example that we can learn from and prevent by first understanding its anatomy. How does this attack work? It might sound like a broken record but these types of attacks exploit vulnerabilities in software systems, in this case within an older release of Windows known as “EternalBlue.” You might be asking yourself: If this is a known vulnerability, why hasn’t it been addressed by Microsoft? Guess what – it has been and for quite some time.
It turns out, that making security patches/updates available does not necessarily translate into those patches getting installed on machines.
If You Avoid Change, You Invite Cyberattacks
Specifically, in the enterprise world, where every change is best avoided, patches are slow with their uptake and not always implemented. Even when businesses decide to deploy a security patch, it does not translate into users actually accepting and installing those patches. In the case of Petya, it’s not just about patching alone. It’s about a strategic combination of security practices and solutions that seamlessly deliver accessibility of resources. This continues to remain a challenge within the growing landscape of other technologies like BYOD and IoT, adding more to the layer of challenges IT teams are presented with each year.
Meet the Secure Access Suite, from Pulse Secure.
Pulse Secure solutions are built with the notion of ‘WHO’ gets access, from ‘WHAT’ device, to ‘WHICH’ resources. In our world, we don’t rely on the ‘authenticated’ user but we go a step further and define our authentication as a mix of User Identity + Device Compliance. A valid user coming from a ‘Compliant’ device gets access to resources. A valid user coming from a ‘Non-Compliant’ device can get limited or no access while a valid user coming from a ‘Partially compliant’ device gets access to limited resources.
Pulse Secure solutions are built with a component called ‘Host Checker’. Host Checker is the ability to scan a connecting endpoint, assess its security posture, and uses that to define the level of access to enterprise resources.
So how could this have protected you against Petya? Admins can set up a policy requiring minimum security patch versions to be installed on connecting devices. If not found, there is limited to no access. This would encourage users to apply the needed patches to their machine, without which they wouldn’t get access to anything.
Ransomware is here to stay, evolve, and attack again. Let’s stand up to ransomware together and strategize on the right solution for your enterprise.