Appgate CybersecurityAugust 27, 2020
Stop Ransomware in its Tracks with Zero Trust Network Access: Appgate SDP
Ransomware attacks are increasing in volume and sophistication at an alarming rate since the massive remote workforce transition brought about by COVID-19. AppGate’s Software-Defined Perimeter (SDP) solution can help mitigate ransomware and prevent it from spreading laterally and causing more damage.
In a recent Appgate blog post, we talked about how an electric company was targeted by a ransomware attack, demanding $14 million in cryptocurrency. Ransomware attacks are devastating to any organization, and difficult to recover from. Detection and mitigation are key when it comes to stopping the spread of ransomware and preventing it from invading an organization’s network.
AppGate’s Software-Defined Perimeter (SDP) solution can help mitigate ransomware and prevent it from spreading laterally and causing more damage. AppGate's SDP is a secure network access solution that helps you implement a strategy grounded in the principles of Zero Trust. Apply granular access controls based on identity that connects users to authorized functionality rather than the network. While SDP is not designed to protect against an initial ransomware infection on its own, it can significantly reduce the impact and spread of ransomware.
Device Ringfencing helps reduce the impact of ransomware in several ways. Through Ringfencing, you can control a device’s outbound connections, limiting an infected device’s ability to receive data from command and control servers (CnC). It also prevents a compromised device from reaching out to other devices on the network. Many of the newer sophisticated ransomware infections have a networking or human component, where they attempt to search, infect and encrypt data across the network. Ringfencing also controls inbound connections, which helps prevent the spread from an infected device that reaches across the network looking for other devices to attack.
Granular Access Control
Another way SDP limits the spread of ransomware is through dynamic granular access control. You limit a user’s network access to only the resources that are approved for the job function. Access to specific ports and protocols are off-limits, which reduced the internal attack surface, especially in flat networks. Reducing the internal attack surface is imperative when it comes to stopping the spread of ransomware and other network-aware malware.
Lastly, Appgate SDP is also integrated with Immunity Innuendo, a sophisticated post-compromise implant framework that models advanced data exfiltration attacks. Innuendo has sophisticated technology that is proven to detect ransomware early in the infection stage. It detects malicious processes that are trying to take over a device. When Innuendo detects a potentially malicious process, it prompts SDP to isolate the infected device and notifies administrators of the ransomware attack. You can configure additional rules to dynamically restrict other access in the event of a ransomware outbreak. This quickly stops the spread of malware by limiting what the attacker can see. AppGate’s SDP can easily integrate with existing Endpoint Detection & Response (EDR) and Endpoint Protection Platforms (EPP) to provide the same level of ransomware protection.
Though the potential for ransomware attacks can often be worrisome, there are solutions that can help mitigate the damage caused by these attacks. Taking a dynamic and proactive approach and having security measures in place provides peace of mind against the ever-increasing level and sophistication of ransomware attacks.
Contact us today for a demonstration of the integration of AppGate’s SDP and Immunity’s Innuendo to stop ransomware in its tracks.