Ransomware remains one of the top cybersecurity challenges for all organisations – often severely disrupting Business Continuity. Hielke Veltman, Channel Alliances Manager at NetWitness, guides us through the NetWitness Professional Services approach to ransomware protection and highlights why proactive thinking provides peace of mind for understaffed security teams.
It’s a terrifying thought: at any moment your organisation’s digital infrastructure could be brought down by ransomware. Some unknown cybercriminal, sitting in some cozy spot anywhere in the world, can inflict immeasurable harm without any recourse. Your environment suddenly changes and normal operations are halted.
There’s a feeling of powerlessness involved, but you can take proactive steps to defend your organisation. Guidance such as ‘Stop Ransomware’ recommendations from the US Cybersecurity & Infrastructure Security Agency (CISA) are a great starting point. You can view this by visiting cisa.gov/stopransomware.
Current, offline backups are essential, as is a detailed response plan. Other best practices include vulnerability scans and regular patching.
But now there’s more that you can do.
NetWitness Professional Services has a long history of helping customers prepare for, defend against, and respond to cyberattacks. Our security experts – incessantly battling with the bad actors working to profit from attacks (including ransomware) – have built a body of knowledge and specific assets to help your organisation fight back.
NetWitness Ransomware Defense Cloud Services, a subscription-based service to help protect against ransomware and prepare in case you are attacked. This proactive approach to ransomware augments other strategies and adds peace of mind that you’ll be safeguarded in this threatening new environment.
With NetWitness Ransomware Defense Cloud Services, your servers and client systems leverage NetWitness Endpoint, a specialised endpoint agent specifically designed to watch for anomalous behaviour and quickly alert you before damage can be imposed.
Like any other advanced persistent threat (APT), ransomware must perform operations like reconnaissance, network traversal, and credential harvesting before it can detonate its dangerous payload. Having visibility into these activities is critical, and knowledge of the specific tactics, techniques and procedures (TTPs) of ransomware campaigns help protect your organisation from damage.
The NetWitness Professional Services team manages the service on the back end, able to alert your security team when a known TTP is found. Also included in the service is periodic threat hunting sessions that can help your analysts grow their skills.
This added level of protection helps give you confidence that you are doing meaningful things to defend your infrastructure, data and assets.
But there are always novel attacks such as supply chain events. In the event of a ransomware attack, the data collected from the IR services can help response activities, including the ability to figure out how it happened and what the attackers achieved.
Optional NetWitness Incident Response services are available to help your organisation hit the ground running. So, while ransomware is inducing a lot of sleepless nights for IT and security professionals, there are ways to defend your critical infrastructure. NetWitness Ransomware Defense Cloud Services is a great way to tilt the playing field back in your direction.