Most recent

So you WannaCry or get Petya-rified, or you Wanna-Be-Safe?

By Eitan Bremler
WannaCry or Petya

It’s another day and another global cyber attack, which is debilitating companies all over Europe and the US this time by ransomware known as, Petya.  Organizations have come to the conclusion that protecting information is key to keeping customers and maintaining business stability.   However, the way in which information and assets are protected must change because the current model just isn’t keeping hackers from the vital business assets.

It is believed that the Petya ransomware attack first began in Russia and quickly spread across Europe and into the US.  Microsoft first released a patch for the exploit known as Eternal Blue in March of 2017, but many businesses did not patch their systems at that time and were also affected by WannaCry last month.

Traditionally, organizations have attempted to protect their assets by securing the network from the outside in, using a series of firewalls. This traditional approach separates the internal network from the outside world.  In essence, this allows trusted internal users to get out of the network and blocks untrusted external users from getting inside. This approach is outdated and not working because the increase in use of self-managed mobile devices by employees, the need for untrusted external users to gain access to information inside the network and various types of malicious attacks hitting the network at an alarming rate.

With regulation changes that keep knocking on the door, business must take a different approach to securing assets. The overall complexity on corporate management has increased incredibly over the past several years, especially in the U.S., U.K. and in Europe. Organizations are struggling to keep up with the volume and velocity of these changes, while access to high-risk protected services and information across identified or anonymous entities are also dramatically increasing each year.

Watch the Demo for Ransomware Prevention

Without perimeter protection and governance assurance, corporate faces the 'ultimate unknown threat' of having hackers reign over their corporate lifeblood putting their protected services and information at maximum risk.  Only recently the two ransomware attacks (WannaCry and Petya), raised havoc amongst numerous organizations around the world.

This in turn forces organizations to manage risk in the face of regulatory and compliance mandates (PCI, SOX, GDPR, HIPAA, GLBA, etc.) more often, as a result of data breaches, data loss and destruction and the associated outcomes.

So, what do you do to stay safe? You need to rethink your perimeter security architectural perception, which has not changed in decades. The current perimeter has many different security layers – Firewalls, Deep Packet Inspection solutions, VPN Gateways, reverse-proxies, IDP, etc. But it also allows different services to enter – Web, RDP, SMB/CIFS, SFTP, SMTP, etc.

This perimeter design has two main flaws:

  1. It’s visible to the world – today we “put ourselves out there” for anyone to see, especially hackers, allowing them to attack our exposed services
  2. It has a software signature – the network and software elements we place in the perimeter can be “seen” and have known and zero-day vulnerabilities

So why not hide from the outside world and only be visible to the good guys. And even more, why place elements in your perimeter at all if you don’t need to?

Safe-T’s High-risk Data Security Solution (HDS) can help you move from the current paradigm of continuously patching and securing your signature rich perimeter, to a new perimeter paradigm which reduces cybercrime and zero-day attacks, keeping potential intruders outside in the dark while preventing the next cyber-killer-attack and threats of malware/ransomware from spreading throughout your corporate infrastructure. 

Using Safe-T HDS the orchestrator of perimeter protection, high-risk Perimeter-Security-Assets can be protected in a whole new way:

  1. New Firewall Security design - Bi-directional traffic over outbound connection only, closing all incoming ports, providing logical defense for network perimeter security by simply hiding services and applications.
  2. Software Defined Perimeter (SDP) - A single application layer access (HTTP/S, SSH, RDH5, Secure Internet File System (SIFS)), as opposed to network layer access, completely hide corporate true IP location and infrastructure from unauthorized users.
  3. VPN less access - Remove the need to distribute VPN clients and certificates to users
  4. Logically segment corporate networks - deploying a Zero Trust model to reduce the risk of cyber-attacks from reaching internal network segments, or laterally moving throughout the network.
  5. Multi-factor authentication – user and application authentication workflow API (Negotiate/Kerberos/NTLM/Multi-factor/IDP/Header-Auth/AUTH2/Smart-Cards/etc)
  6. SmarTrasferTM SIFS (Secure Internet File System) – secure NTFS file share and access with internal and external entities.
    • Although SmarTransfer SIFS is an extension to HTTP Protocol, it supports file I/O operations on remote file servers with full file functions capabilities such as copy, create, move, delete and NTFS complimentary permissions associated to users/groups. It’s clientless capabilities minimize the complexity of managing desktop client installations and upgrades, and it is transparent to any operating systems (Windows/Mac/Linux) by using HTTP URL only and authenticating using standard authentication methods: Kerberos/Negotiate/NTLM/Multi-factor/IDP/Header-Auth/AUTH2/Smart-Cards/etc. 
    • SmarTransfer SIFS server side capabilities maximize the security on overall users file transmission ensure secure and controlled access to any file types and content, acting as a secure file gateway between users and remote file servers while enabling third party integration and enforced policies (AV/DLP/etc.) to help prevent any unauthorized access or usage (changing file original format, encrypting files, Ransomware attacks, etc.). Here we should also mention that from the user’s perspective this would act as any mapped drive, including sharing links to the mapped drive with other users.

So you see, the old ways of creating perimeters to protect assets are not written in stone, they can and must be changed or businesses will continue to face the frequent challenges of cyber attacks and information loss.  

Contact us to hear more on transforming your perimeter.

Ransomware Prevention Webinar


Editor's Note: This post was originally published in December 2016 and has been updated for accuracy and comprehensiveness. 

All posts