How businesses can overcome the scourge of ransomware

 Increasingly, sophisticated ransomware attacks have upped the security ante for organizations and government agencies in Asia Pacific. In the last two months alone, the Hong Kong Computer Emergency Response Team (HKCERT) and CyberSecurity Malaysia, the country’s national cyber security agency, issued alerts after seeing a surge in Locky ransomware and various other cyber blackmail attacks on home users, educational institutions, and businesses.

From South Korea and Mongolia to Malaysia and Sri Lanka, coalition members of the Asia Pacific CERT have been cooperating to investigate and respond to evolving ransomware attack techniques like Gameover ZeuS and Cryptolocker. Their goal is to raise user awareness and build robust security controls and incident management capabilities to help prevent sensitive data from being stolen or held hostage.

No respite in sight for 2016

All things considered, 2016 is becoming a tougher year then ever for security professionals.

As the HKCERT anticipated, the adoption of cloud computing, mobile payment, and Internet of Things (IoT) is fuelling all variety of cyber security challenges, including the uptick in ransomware, phishing, and point-of-sale attacks.

Ransomware, in particular, has been effective and lucrative for cyber criminals, simply because victims will often pay for fear of losing sensitive or personal data or having potentially embarrassing online behavior exposed.

Trend Micro, a Gigamon ecosystem partner, noted that individuals and businesses worldwide who were hit last year by CryptoWall ransomware paid US$325 million to their extortionists. And already within the first five months of 2016, it has detected 50 new ransomware families, which is more than in 2014 and 2015 combined.

In response to this growing threat, many organizations have implemented a multi-layered defense strategy. But is this enough?

See more, secure more

Gigamon, the leading provider of traffic visibility solutions, is rallying IT organizations to rethink their cyber security architecture by providing the ability to unify access to any traffic for any security tool and enable security tools to see more and secure more of the infrastructure.

Gigamon’s quest for pervasive network visibility is supported by a broad and growing ecosystem of industry-leading partners that includes CA, Check Point, Cisco, Damballa, FireEye, Forescout, Fortinet, LogRhythm, RSA, Tenable, and more.

By teaming up, the cyber security vendors aim to be more effective in stopping ransomware from not only breaching networks and servers, but also remaining within them undetected longer than before. To achieve this, they are providing organizations with visibility into network traffic, ports and protocols across both physical and virtual segments of their network.

This is where the Gigamon GigaSECURE Security Delivery Platform raises the efficacy of security tools by providing access to the right traffic at the right time and network metadata from across physical and virtual infrastructures. The platform features Gigamon’s patented Flow Mapping technology, GigaVUE Fabric Nodes, GigaVUE-OS software, and filtering intelligence that identifies and directs incoming traffic to single or multiple tools based on user-defined rules.

The pervasive visibility it provides benefits security tools such as email and web gateway solutions that prevent ransomware from reaching end users; endpoint protection tools that minimize the risk of ransomware infection by performing behavior monitoring and application control; and deep packet inspection tools that detect and block ransomware from reaching enterprise servers.

For example, IT organizations can add a layer of visibility and traffic mirroring for more comprehensive analysis and protection against ransomware and other cyber threats by combining Gigamon’s GigaVUE Fabric nodes with Trend Micro’s Deep Discovery suite of security tools.

The technologies provided by Gigamon and its ecosystem partners enable organizations to detect any ransomware attempts to use trusted credentials or devices to access data or applications; identify indicators of ransomware infiltration, such as attempts to communicate with an IP address known for malware command and control; and the protocols and segments of the network affected by a ransomware attack.

“Despite the vast sums invested in security solutions, breaches continue to increase,” said Paul Hooper, CEO of Gigamon. “Gigamon believes that when you can see everything that is going on in your network, you are in control and, in turn, can defend yourself and turn the tables on the attackers. You don’t have to be a victim anymore.”

This is a QuestexAsia feature commissioned by Gigamon.