By John Kozej,VCDX #245
Ransomware over the past few months can be described very easily with 3 little words.
OUT OF CONTROL
I’m honestly going to VENT a bit here but I want to vent in a way that so it can be resourceful! Ransomware not only needs to be stopped but prevented because these attacks are now crossing the line in many ways. When hospitals across the globe are being affected and impacts people who need medical treatment, especially CHILDREN…it’s time to bring this issue to the forefront of any conversation. WannaCry decimated many organizations this past spring and as I sit here and type this the Petya ransomware attack is hitting globally. Striking companies across Europe and disrupting organizations in just about every market. Ukraine was heavily hit where everything from the government, power companies, banks and the airport in Kiev were all affected. As the day went on companies in the U.S. began to feel the affects of Petya.
In order to stop these things from happening in the future we simply need to “rethink” our approach to security from a NETWORK and a DATA PROTECTION point of view. Perimeter firewalls are just not enough and legacy backup solutions are great but again…they’re just not enough sometimes.
Perfect example scenario…what happens if your Windows based backup server becomes compromised by ransomware?
- Do you have a procedure in place to recover that system?
- Have you honestly tested this “corporate doomsday” scenario?
- Do you honestly feel prepared and confident in your current strategy to both protect and recover from a ransomware attack?
Chances are you answered NO to all of the above questions. So again, we need a different approach by thinking outside the box a little bit more and ask the question…
“What can be done to enhance security INTERNALLY?”
Yeah…think OUTSIDE by thinking INSIDE. That’s exactly where to begin!
Let’s start with enhancing the existing network infrastructure. Don’t rip and replace what you already have. That’s nonsense and too costly for any organization. Simply utilize/leverage VMware NSX to take the level of network security in your infrastructure to an entirely new level and use it to compliment the existing security measures that are already in place.
See the small problem with the perimeter firewalls is once they are exploited by either hacking straight through them or using a trojan horse from an email or any other means…once they’re in, THEY’RE IN and they wreak havoc because there is not enough internal security to prevent it from spreading. It is beyond a dumpster fire. It literally spreads like a California wildfire and there is just not enough being done internally to put that fire out. A majority of these major bugs and exploits hit before any type of vulnerability patch or security definition can be created to detect and stop it. Network security needs to be more than just a speed bump.
So how do you combat this effectively without deploying physical firewalls for every piece of equipment in your data center? That’s the ideal solution in perfect world but let’s be more realistic. There is a reality to that equation and it is possible to accomplish security to that degree by introducing just one solution..
VMware NSX Microsegmentation managed by Distributed Firewall will PROTECT every single virtual workload in your vSphere environment all the way down to the vNIC level of the VM. You cannot beat or find that type of rich, fine-grained security anywhere else. NSX will literally CRUSH RANSOMWARE before it even has a chance to start. If a vulnerability is detected it can be immediately quarantined before it gets anywhere else.
These exploits from WannaCry and Petya are attacking vulnerabilities in Windows. A virtual administrator and network administrator in NSX simply create a DFW firewall rule by blocking:
- 137 UDP NetBIOS Name Service
- 138 UDP NetBIOS Datagram Service
- 139 UDP NetBIOS Session Service
- 445 TCP Microsoft CIFS
Literally ONE SIMPLE FIREWALL rule in NSX and your entire virtual data center in vSphere is PROTECTED!!! WannaCry and Petya cannot get in or spread!
What else can be done to protect against ransomware? Very simple. Take advantage of secondary storage technology ASAP to PROTECT THAT DATA!
Two major vendors of secondary storage come to my mind…Cohesity and Rubrik. I cannot swear allegiance to either one at this moment because when it comes to protecting systems from ransomware that’s affecting children globally…I really don’t care which one you pick at this point. Get something to help protect your data and prevent from this happening now and in the future.
Cohesity and Rubrik protect you in the event that your storage (data) is still somehow compromised. Ransomware has taken it completely over and the clock is ticking. It’s like the movie SPEED from the 90’s….corny as all hell referencing that movie at this point but it fits! So yeah…the clock on ransomware is ticking and you need a solution QUICK before time runs out. Your data are the people on that bus in SPEED and you need to save it quickly!
These two solutions can perform near-instant data recovery and enable your organization to resume operations in MINUTES!!!! In some cases the RPO’s can be down to a single minute. A SINGLE MINUTE!!!!
I’m going to let these two solutions speak for themselves! They are both great and ultimately your decision on which one comes down to which one fits what you are ultimately looking to accomplish in both the short and long-term.
Cohesity and Rubrik possess some of the following qualities…
- Converged data protection
- Simple, fast and cost effective
- Both are Enterprise Ready
- Keep your business up and running
- Recovery almost instantly and never pay a ransom
- Most important word when it comes to combating ransomware….AVAILABLE!
- …and much more!
Overcoming Ransomware Cyberattacks with Cohesity (video from PunchingClouds)
Cohesity and VMware NSX: Slayers of Ransomware – WannaCry (PunchingClouds Blog)
Keeping Your Data Secure with Cohesity (by Tarang Vaish)
Veeam with Cohesity Storage Platform (PDF) — yes you read this correctly…Veeam and Cohesity working together in harmony!
Langs Stops Ransomware Attack with Rubrik (video from Rubrik)
The Accelerating World of Ransomware (by Andrew Miller)
Combating the Evolving Landscape of Ransomware (by Chris Wahl)
We are experiencing a new threat with ransomware. Much different than the threats we have seen and managed in the past. These new threats require new strategy, new forward thinking and reacting quickly to prevent these events from happening. Don’t fall victim to the next ransomware attack just because you were not prepared in advance. Take all of the necessary precautions, be very diligent and take advantage of these solutions. They don’t cost anywhere near as much as what it will cost you and your organization if you data becomes hijacked or permanently deleted. It is not worth the risk.
Do you need to completely rip and replace what you have? No. Use VMware NSX on your virtual network; Cohesity or Rubrik to enhance your data protection. Take it to another level internally to protect from those outside threats. These solutions allow you to both proactively prevent and efficiently recover when necessary.
Most importantly…rethink strategy.