Playing in the sandbox to combat ransomware By Brook Chelmo Sr. Product Marketing Manager, SonicWall
ecurity companies have been making great strides in protecting and preventing cybercrimes. According to the SonicWall 2017 Annual Threat Report, point of sale malware has decreased 93 percent since 2014 and encrypted traffic grew by 38 percent, very positive numbers going forward. Unfortunately for all the good, there have also been some challenges companies large and small had to handle. Last year the Australian Cyber Security Centre found that of those surveyed, 90% faced some form of attempted or successful cyber security compromise. Ransomware is still a threat to Australian businesses and large-scale global attacks known as WannaCry and NotPetya prove that ransomware is definitely something to worry about. As ransomware becomes ever so much more complex and costly, it is imperative that businesses and security professionals incorporate sandboxes to their preferred methods of combating ransomware, targeted attacks, and zero day threats. Once IT professionals understand the challenges they are facing, the different protection methods that can and canâ€™t keep malicious code out and the risks associated with some protection methods, security professionals will have a better understanding of why using a multi-engine network sandbox to catch evasive malware is the best way forward. IT Teams Nightmares As hackers have combined the opportunistic nature of automaton with a software vendorâ€™s mindset the growth of security threats has grown astonishingly. Hackers are
32 | Australian Security Magazine
continuing to refine their craft creating threats that are continually evolving and nearly undetectable. The real problem however, lies not in the ransomware that has already had devastating effects on organisations but the targeted attacks and zero-day threats that are most dangerous to companies. Targeted attacks involve never-before-seen code built for the organisation that is being attacked, while zero-day threats exploit newly discovered vulnerabilities that vendors have yet to issue patches. There are a couple of choices in how companies decide to detect malicious attacks and eliminate the threats. The real trick to the trade is to detect and remove malicious code as close to the source of the attack as possible. As far as where to address an attack, companies typically fall into two groups: endpoint security, in which malicious code makes its way to an endpoint and is then detected and stopped, or Network Security in which malicious code is identified and destroyed before it enters the network by using gateway security and multi-engine sandboxing. Organisations like SonicWall promote the idea of embracing both disciplines but finds the network security approach to be the most effective at eliminating the highest number of threats. Keeping the Good Away from the Bad If protecting a network is like protecting a house, the first step is to lock all the points of entry and control who
Published on Oct 5, 2017
The Australian Security Magazine is the country’s leading government and corporate security magazine. It is published bi-monthly and is dist...