Avatar

Ransomware. Certainly not a new form of cybercrime, but one that has dominated mainstream headlines in recent months. High-profile cyberattacks on critical infrastructure and sectors in the global economy, such as government agencies, a major U.S. fuel pipeline, and one of the world’s largest meat processing plants have put a giant spotlight on ransomware. Ransomware has advanced from being a nuisance to a legitimate national and international security threat.

But first, what is ransomware? At a basic level, it’s a form of malware where attackers steal, encrypt, and hold ransom an organization’s business-critical data unless the organization pays a sum of money to restore access to and decrypt their data. Over the years, attackers have refined their techniques – such as big game hunting and double extortion attacks – for bigger, more widespread impact.

In addition, ransomware-as-a-service is now the dominant business model on the dark web, allowing cybercriminals to streamline operations by specializing in different areas of attack. All of this significantly raises the stakes and attacker demands for payout. Average ransomware payouts have increased; most recently, the meat processing plant confirmed that they paid out $11 million to restore their data.

So how do you proactively defend against ransomware attacks when cybercriminals are becoming increasingly more sophisticated, and their demands more costly? The most effective way to protect your organization is to fight threats on multiple fronts, at the most critical control points: your network, users and endpoints, applications, and the cloud edge. You can do this by taking an intelligence-driven, platform approach to security.

Through the breadth of products working together within the Cisco Secure portfolio, you can improve your security posture with a comprehensive ransomware defense solution.

  • Web security: Most ransomware attacks use DNS. Before threats reach your network or endpoints, Cisco Umbrella stops them over any port or protocol.
  • Email security: Email is still the #1 threat vector. Cisco Secure Email blocks ransomware delivered through spam and phishing emails and identifies malicious attachments and URLs.
  • Endpoint security: With the workforce racing to remote work last year and the current transition to a form of hybrid work, new devices on the network bring new vulnerabilities. Cisco Secure Endpointmonitors and blocks ransomware files from opening on endpoints.
  • Access security: We now know that the infection vector in one of the recent major breaches was a compromised password made possible with single-factor authentication. More than ever, this underscores the need for multi-factor authentication. Cisco Secure Access by Duo prevents adversaries from using stolen credentials to establish a foothold, move laterally, and propagate ransomware.
  • Network analytics: Monitor your network traffic and detect anomalous activity – such as command and control infrastructure (C2) traffic – with Cisco Secure Network Analytics multilayer machine learning and entity modeling.
  • Investigation and response: When your security works together seamlessly, you get comprehensive visibility across your entire security environment – on and off network – so you can detect and protect quickly, and at scale. With the Cisco SecureX integrated platform and Talos Incident Response retainer, you get proactive and emergency services to help you prepare, detect, respond, and recover from an attack.

And not only do Cisco Secure products work together, which simplifies security to help you better defend against ransomware, but now your buying experience is simpler and more flexible with the Cisco Secure Choice enterprise agreement (EA). Buying disparate security products from different vendors that don’t work well together can be time-consuming and error prone. On the other end of the spectrum, signing a typical enterprise agreement that includes products you won’t use doesn’t make sense either. Instead, choose Cisco Secure Choice – so you can buy only what you need now in a single agreement. Secure Choice also comes with a built-in 20% growth allowance, so as your organization flourishes, you’re free to grow as well. Newly added optional product suite to the Secure Choice EA is the Talos Incident Response retainer service, giving you both proactive security services as well as priority 24/7/365 emergency response in the event of a breach.

It’s easy to get started. Need only cloud security with endpoint protection to start? You can buy that through Secure Choice. Or you may only need email and access security to round out your ransomware defense. You can also buy that through Secure Choice. You don’t need a complex contract standing between you and your security deployment when time is of the essence to protect against the next ransomware attack. Let Cisco Secure Choice help you beef up your ransomware defense.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn



Authors

Jolene Tam

Product Marketing Manager

Security