Stories of people and organizations getting ransomware have been all over the news lately – on a global level. Cyber-crime has become a lucrative business, which is a large part of why it is so common. Unfortunately, anyone is susceptible to this type of threat.
We commonly hear about someone who clicks an attachment or finds a USB and plugs it into their computer. Then all of a sudden, their workstation and entire company’s data is “locked” by the virus. Many organizations have reliable backups to fall back on. Others are not so lucky and must pay the ransom to get their data back.
In this post, we will review what Advanced Threat Protection is, and why it is so important to implement it in your business’ IT security plan.
What is Advanced Threat Protection?
Advanced Threat Protection (ATP) uses next-generation sandbox technology including full-system emulation to catch advanced persistent threats, zero-day malware, and all advanced malware designed specifically to evade detection. Barracuda, Cisco, Microsoft, and many others are now offering this service as an added level of protection on their devices and services. For instance, Advanced Threat Protection on Barracuda NextGen Firewalls ensures flexible and simple deployment into existing networks because no additional hardware is required. It can even be added to your Office 365 Exchange for enhanced email security.
Besides applying the more traditional approaches, like URL filtering (which prevents users from going to bad sites in the first place) and a regular antivirus and firewall solution, ATD provides an additional layer of protection that analyzes what the actual file being downloaded really does once executed. A process called sandboxing is used to do this. Barracuda uploads the file to their cloud, running the file to classify if it is benign or malicious. If the file is malicious it is blocked. However, if it is determined to be safe it is then passed down to the user.
Why is ATP Important?
It’s not just Fortune 500 companies or state and government organizations that are under constant attack with these advanced persistent threats. Due to the fast-moving commercialization of advanced malware toolkits, which can easily be purchased online, any and every company a susceptible target.
According to a 2012 Trend Micro study, 91% of data breaches began with a spear-phishing attack. So for instance, someone received an email with a link or attachment, clicked it, which then released the malware. With this in mind, minimizing the ability to click links that are known compromised sites or blocking certain attachment downloads will significantly decrease the issue.
Advanced Threat Protection is often coupled with Malware Protection when being added to your firewall. This again provides a layered security approach that enhances and strengthens your network against potential viruses and malware at the gateway.
Educate, Educate, Educate!
Although education should not be a replacement for the technology devices in place, like AV and your firewall, it should be a highly focused area. As mentioned above, the majority of ransomware attacks are delivered through email though social engineering. Meaning, the user is deceived or manipulated to click or download something for the hacker to gain information and control of data. Your user community is constantly exposed to these types of emails, which raises the need to provide ongoing education for your organization.
Security Awareness Training helps your users keep security top of mind. By simulating phishing emails, you can see which of those will open or even click – thus, giving your Phish-prone percentage. The primary question is do you know, or do you think you know? The numbers may surprise you, as to how your users pose a risk.
Contact Centrality if you would like to enhance your organization’s network security, and implement a security training program.