Ransomware is one of those things that we see in the news constantly, but seem to think will never happen to us. According to Sophos’ The State of Ransomware, 51% of organizations were hit by ransomware last year.
Those aren’t very good odds. If you were wondering why you should care about ransomware, you can stop right now, because you absolutely should.
Let’s talk about some basic strategies for protecting yourself around ransomware.
Defense in Depth and Ransomware
If you aren’t familiar with some of the IT security basics, let’s take a moment to talk about Defense in Depth. Defense in Depth is simply an approach to protect an asset at multiple layers.
Think of all the layers of an onion for a visual representation. When we think about this principle, we should be protecting ourselves at multiple levels.
Now, let’s talk about some of how we can accomplish this, but first, let’s understand what this example is going to target, which is a server.
Think of your favorite server in your environment (yes, we all have one), because Ransomware breeching a single server is all that needs to happen.
Network Level Ransomware Protection
First and foremost, let’s start with our network. Our network is our point in, our point out, and everything in-between.
We need to protect our network in a number of different ways. First we need to make sure no one can get into our network, and if by some chance they do, we have to make sure they can’t actually get around our network.
This, of course, has a number of different layers as well.
First is securing our network perimeter to prevent intrusion, Intrusion Protection Systems (IPS), and detection if something gets past the perimeter with Intrusion Detection Systems (IDS).
We should also be monitoring our network activity in general, and learning how the network operates over time, so we can detect variations and take action.
Server Level Ransomware Protection
Let’s say we are unlucky enough that someone or something does get into our network. We then need to be keeping a close eye on our servers, and making sure they are behaving properly.
Your Favorite Server is a great example here. You probably know how it runs, the average CPU and Memory utilziation, how many processes run on it, etc.
Too bad every server can’t be our favorite, right?
This is where VMware’s Carbon Black comes in. VMware’s acquisition of Carbon Black in my opinion may be the best acquisitoin VMware has ever made.
Why? Simple, the ransomware statistic we started with. It isn’t a matter of if you get hit by ransomware, but a matter of when. By integrating security features into vSphere, or at least making it easy enough for people who are fluent in vSphere to use, VMware really has corner the market in this area.
Protecting Your Data from Ransomware
So we’ve protected our network, and we’ve protected our server…we’re done, right?
Not quite. At the end of the day, designing and running an infrastructure is all about reducing risk, and we know the risk is real.
We MUST have at least one more layer of protection, and that layer is for protecting our data. We need to be backing it up, so that if the rest of our layers fail, we can restore from a good backup.
There’s a lot that goes into architecting a backup solution correctly, but most importantly, we need to make sure we can restore from our backups. This ties back to disaster recovery as well, and after all, isn’t ransomware a disaster?
I hope you’ve started to look at Ransomware a bit differently after reading this article, and that now you at least have some ideas on where to start protecting yourself.
Remember, a good ransomware defense comes in layers, but of course we know we won’t boil the ocean at night. With a statistic of 51% of organizations seeing ransomware, any defense is better than no defense.
Want to learn more, check out this post about Ransomware here!