How a Layered Approach to Patching, Antivirus, Antimalware and Cloud Backup Protects Against Cybercriminal Extortion

Ransomware Decryptor Lockout Screen

Ransomware is one of the biggest and most nefarious threats to networks today. The results of a successful attack are devastating. In a ransomware attack, data on exploited machines is encrypted in an unbreakable way, leaving not just an unusable the machine, but also causing information that may have taken years to create to disappear.

While some have recovered data by paying a ransom, usually in Bitcoin, in most cases not even that payoff will get the information back.

There are three ways to avoid a ransomware disaster.

Prevention Tip 1: Most ransomware attacks are against unpatched computers. With automated patch management, your machines are up to date and impervious to attack.

Prevention Tip 2: Ransomware is spread as a virus or malicious software invoked by clicking a malicious link or visiting a malicious website. Having strong antivirus and antimalware solution that is applied to all endpoints and automatically and regularly updated is critical. Blocking malicious software.

Amelioration Tip: If you or one of the endpoints you manage is struck by ransomware, you are in real trouble unless you have a full recent backup for all impacted systems.

Old-style backup systems such as tape are difficult to manage, expensive, don’t always have current backups, and are far from guaranteed when it comes time to restore. Cloud backup is the best solution. A good cloud solution offers automated backup for all managed devices, can keep up with data changes

These three technologies are just the tip of a layered security protection scheme. We will dive deeper into each of these and then lay out a broader layered security approach.

Patching Priorities

Ransomware is a wakeup call for those that do not take patching seriously, as these exploits tend to target non-updated machines. Ovum is one research house that has been sounding the patch alarm. “Customers may shy away from addressing regular patching or overdue software upgrades because they have concerns about price, time, or complexity. However, based on our conversations with customers, an ‘only as-needed’ approach to software support is short-sighted, and could expose customers to security and compliance risks, not to mention losses in employee productivity and business revenue,” wrote Ovum analyst John Madden in his “Avoiding security risks with regular patching and support services.”

The Answer is Automated Patch Management

Patching is 100 essential but is not easy for organizations that rely on end-user vigilance or manual IT means. You need an automated patching solution so patches are installed when they become available – on all your endpoints and servers.

The simpler, more complete route is to automate all steps in the patch process. Ovum’s Madden believes automation is the way customers want to go. “Once a customer has made a decision to initiate a regular software patching and maintenance program, what they want most is automated tools and support from their vendors to make such a program run as seamless as possible,” he wrote.

The first step in patch management is conducting an inventory of all your machines, even mobile devices. This asset management audit should include information on operating system and status, and all applications – with their patch and update status.

Next, the tool should gather all needed patches, and based on policies and priorities you define, automatically install them.

The Antivirus/Antimalware Component

Ransomware spreads in two ways, through social engineering attempts to get a user to click a malicious link or through traditional virus behavior. Either way, you want to make sure all your endpoints are protected and that protection against malicious software is always up to date.

With proper security protection against malicious software across all your systems, incursions such as WannaCry and Petya will be spotted, blocked and purged. Like patching, an automated solution that installs and updates security across all your systems is essential.

Cloud Backup – an Essential Safeguard

Ransomware works by encrypting data, but only truly succeeds of there is just one copy of that critical, important information.
Routine, reliable (and encrypted) backup and recovery is a vital component of any comprehensive layered security approach. Complete and regular backups are also a hearty defense against ransomware attacks.

For SMBs and MSPs, this cloud approach offers great visibility into the data and easy, complete restores.

Automation Brings Efficiency to Your Layers

Most large enterprises and all those on the upper scale of the IT maturity curve automate their IT security. That means the systems automatically discover all of the devices that need protecting and continually update that list. Based on the audit, key security tools are applied to endpoints automatically. At the core of this is antivirus and antimalware protection. Here not only is the software pushed out based on IT–defined policies, but new definitions and other security data is constantly updated and applied.

At this level of maturity, patches and updates are not parceled out on a piecemeal basis, and antimalware software is not applied or updated when there is an “oops.” All of this is handled continuously without bogging down the IT admin staff.

Again, an audit shows your devices, in this case the OS, and update status. After that, patches are sent out when they need to be and installed. When there is a problem with a patch, it can be uninstalled, tested, and reapplied when the issues are resolved.
The best way to keep these devices updated and running, not to mention all your servers, is IT automation. Consider automating as many IT functions as possible, including:

• Discovery of your computing assets including non-approved apps
• Safe and disciplined software deployment
• User privileges and access
• Password management
• Auditing and reporting
• Malware and virus interdiction
• Detection and remediation of system problems

To learn more about how to establish comprehensive protection against ransomware, download our  whitepaper “Ransomware: How a Layered Approach Protects Against Cybercriminal Extortion.”

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

Patch Management Policy Features, Benefits and Best Practices

In 2020, Ryuk Ransomware operators shut down Universal Health Services by exploiting the zerologon vulnerability to gain control of domainRead More

Endpoint Security Basics: What It Does, How It Works, Controls, Technologies and More

Each new endpoint added to a corporate network expands its security perimeter, and since endpoints serve as gateways to aRead More


Endpoint Protection: Why It’s Important, How It Works & What To Consider

Endpoint protection, also known as endpoint security, involves the use of advanced security tools and processes to secure various endpointsRead More

IT Risk Assessment: Is Your Plan Up to Scratch?

A risk assessment is a process by which businesses identify risks and threats that may disrupt their continuity and haltRead More

Download the 2022 IT Operations Survey Report - Click Here
2022 Benchmark Survery Results