Virtualization Technology News and Information
Full Enterprise Visibility Holds the Key To Preventing Next-Generation Ransomware Attacks

By Kate Kuehn, Senior Vice President of Alliances, vArmour

Enterprises are awash in data from disparate sources due to their multi-cloud IT infrastructure. While many tools exist to correlate information from these walled gardens, there remain significant known gaps in visibility, especially when trying to understand the relationships and dependencies among users, workloads and applications. This lack of visibility leads to a critical failure in understanding the threats and vulnerabilities organizations face and, in turn, creates a playground for hackers to exploit.

Using traditional static solutions to try to manage applications and access is not only time-consuming and expensive for security, but often ultimately fails to comprehensively identify all application relationships and dependencies. The end result when trying to leverage legacy thinking? Vulnerabilities that are allowed to fester and grow, leading to significant security and compliance risk exposure.

Human attack surface and static security architecture exacerbate vulnerabilities

Ransomware groups like DarkSide and REvil are taking advantage of these systemic visibility issues and demanding all-time high sums of cash. They're succeeding by exploiting the human attack surface, which has significantly increased as companies move to a work-from-anywhere model. This operational change has created an opening for cybercriminals attempting to launch the initial penetration phase of a ransomware attack. They rely upon a lack of network visibility in order to launch successful attacks, and are highly savvy when it comes to exploiting the human attack surface and app-to-app relationships to maximize profit.

Protecting every endpoint is no longer enough to guarantee security. The human attack surface has expanded significantly, and security teams must invest in protecting it and curbing poor security hygiene that makes its organizations most vulnerable. To prevent exploits, businesses must ensure that employees have the right level of access to do their jobs in a secure way, and that's only possible with full visibility: from the network, to the apps connected, to the end-user.

By using emerging technologies and dynamic tools that focus on full enterprise visibility between applications as a critical component of a true zero-trust architecture, organizations can now easily visualize, understand, manage and protect the relationships between applications, users and devices across the entire enterprise.

Address attack surface sprawl and blindness proactively

Real-time, dynamic visibility into both app-to-app and user-to-app communication and behavior within an enterprise environment.will become critical to prevent widespread breaches and mitigate advanced campaigns. To adjust to the new threat reality, companies should consider:

  1. Enabling near real-time, continuous management and inventory controls of all assets, applications and users
  2. Ensuring proper understanding of all app-to-app and user-to-app dependencies and necessary policy enforcement
  3. Executing a credential audit, then removing all default credentials and latent permissions
  4. Implementing and enforcing least privilege access policies, or creating a more robust zero-trust architecture
  5. Budgeting for third-party penetration testing to identify other areas of improvement
  6. Leading table top exercises to understand the impact of breach on potential Common Vulnerabilities & Exposures (CVE) and build plans to address them

You cannot protect what you cannot see or understand. An organization must have a complete picture of its applications and users and how they interact with each other across every environment. Recent attacks have given us a reason to quickly shed some of the event-driven security thinking that no longer serves us, and step into active defense with a clear relationship-based, dynamic security model that puts control back in the hands of security teams.



Kate Kuehn 

Kate Kuehn is the senior vice president at vArmour, where she focuses on driving alliances between vArmour and giants in the tech industry. She was previously U.S. CEO for Senseon and currently serves on the board for RedShield. Kate also is passionate about cyber startups and cyber education initiatives, and spends much of her free time as an advisor to early stage companies. In nearly 20 years in the cybersecurity industry, Kate has led some of the industry's most innovative programs in DDOS, Ethernet as a network (CPA), SaaS, and IaaS.

Published Monday, June 14, 2021 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>