Ransomware Readiness Part 4

Ransomware Readiness Part 4

By Michael Hawkins
Posted in Security
On December 20, 2021

It is that time of the year when the festive spirit comes out of all of us and we spend additional time with our families and friends. At the same time though, hackers and criminals become more focused on finding ways to wreak havoc or extort ransom money from unprepared victims. It is for that reason that we are taking a quick look at three key security technologies that are a crucial part of any ransomware strategy.

Data Loss Prevention (DLP)

Data that is exfiltrated from an organization and falls into a bad actor’s hands exposes that organization to the risks of extortion, business interruption, or severe reputational damage. DLP can be enforced on the endpoint, but that is a topic for another blog. Our particular focus is to protect data at its stored location, which is on the file system itself. A system that monitors files at rest on their host systems and monitors those files when in transit is optimal. A system that monitors and alerts for potential or real damaging behaviors on the file system and the operating system that hosts the file system is also optimal. Varonis’ Data Security Platform provides that functionality. Not only does the platform provide DLP capabilities, it also provides compliance, data governance, classification, insider threat protection, and threat detection and response.

Privileged Account Management (PAM)

Next up we have privileged account management or PAM. This important function allows an organization to better control administrative accounts (or any account with elevated privileges), ensuring that hackers are unable to hijack those accounts if and when they manage to infiltrate your network. Different PAM solutions do not suit all organizations, so it is important to find the right product that fits an organization’s needs. Products are available from a significant number of vendors but Gotham has chosen to work with four. Those are CyberArk, Thycotic, Beyond Trust, and Remediant. Depending on the use case, one or more of those vendors should be appropriate for most organizations.

Security Operations Center as a Service (SOCaaS)

Many organizations do not have a security information and event management (SIEM) solution. For those in that position, the move to a SOCaaS solution may mostly be a budgetary and product performance decision. For those that do have a SIEM, they often struggle to operate and manage it. Worse still, the organization may have little or no budget to hire a security analyst, so the SIEM often winds up being unmonitored and unmaintained, which severely undermines its purpose. A better way is to outsource the SIEM function to a SOCaaS provider who will expertly manage, monitor, and react to the various data sources in your organization. A SOCaaS is essentially a SIEM provided as a service along with important value adds such as dedicated security analyst staff and more. A SOCaaS takes most of the hard work out of operating a managed detection and response (MDR) system. The hassle of management and monitoring of data sources is removed from the organization. The threat detection and response monitoring is also handled by the SOCaaS provider. This means that the organization is relieved of the hardest aspects of running a SIEM. For SOCaaS, Gotham partnered with Arctic Wolf who provides the leading SOCaaS with a concierge security analyst business model.

These three technologies are a very important part of your security defenses. If you would like to talk more about any of these or other security controls, feel free to reach out to us.

Michael Hawkins

Michael Hawkins

Michael is a creative and results-driven expert in the design, development, and delivery of cost-effective, high-performance technology solutions. An accomplished leader and project manager, Michael's experience includes building motivated and productive teams for large-scale networking and infrastructure engagements.