Petya and WannaCry are the tip of the iceberg in a new...

Petya and WannaCry are the tip of the iceberg in a new era of global, distributed cyberattacks that are affecting all industries and geographies. If organizations are not preparing for this new reality, they’ll likely soon be stung by it..

1417
0
SHARE
Print Friendly, PDF & Email

Ransomware is a variety of malware which is targeted to extort money through primarily crypto currencies such as Bitcoins, by locking computers and data. It can cause damage even without the need for administrator or elevated access to computers. With new variants of ransomware springing up frequently, standard security techniques prove insufficient; leaving organizations and departments struggling for answers.

According to reports, 60% ransomware attack attempts by WannaCry virus in India were targeted at enterprises, the rest were at individual customers. The 5 top cities impacted by the ransomware attack were Kolkata, Delhi, Bhubaneswar, Pune and Mumbai.

About 60% ransomware attack attempts by the malicious WannaCry virus were targeted at enterprises, while the rest were at individual customers. There have been over 700 distress calls by customers in the last few days, following the discovery of the attacks which has impacted 150 countries globally.

The computers running on the desktop and server editions of the Microsoft Windows operating system are most impacted. Systems which did not apply a patch update for this vulnerability were affected by the WannaCry ransomware which uses wormlike behaviour to affect vulnerable systems on the network. Indian computer systems have largely escaped a global ransomware attack as the government and companies installed security patches to gain an upper hand against the first wave of an unrivalled global cyber attack.

Over 200,000 computers in at least 150 countries are said to have been infected by the WannaCry virus, according to Europol, the European Union’s law enforcement agency. In India, only a few isolated incidents in Kerala, Andhra Pradesh, Tamil Nadu, Gujarat were reported.

There are two types of ransomware in circulation.  Encrypting ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more. And, Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.

Some locker versions can even infect the Master Boot Record (MBR). The MBR is the section of a PC’s hard drive which enables the operating system to boot up. When MBR ransomware strikes, the boot process can’t complete as usual and prompts a ransom note to be displayed on the screen. Examples include Satana and Petya families.

Crypto-ransomware, as encryptors are usually known, is the most widespread ones, and also the subject of this article. The cyber security community agrees that this is the most prominent and worrisome cyber threat of the moment.

Scenario of Ransomware Attacks in IndiaSunilSharma

According to Sunil Sharma, Vice President – Sales, India & SAARC, Sophos, the rapid growth of cyber threats in India argues for urgency in seizing opportunities to improve upon the current foundation of IT security best practices. The recent WannaCry / Petya ransomware attack was an awakening for individuals and businesses across the globe. Its ability to spread like a worm by exploiting Microsoft vulnerability was certainly new ground for a ransomware campaign. But to reverse the trend of increasing breaches a synchronized approach is required that can effectively secure today’s businesses by making security components work better together to respond to security incidents.”

“Wannacry was not very successful, as it generated very little revenue for its developers. This was due, in part, to the fact that researchers were able to find a kill switch that disabled the attack. Petya/NotPetya uses the same attack vector as Wannacry, exploiting the identical Microsoft vulnerabilities that were uncovered by the Shadow Brokers earlier this year. However, because additional attack vectors were used in this exploit, patching alone would have been inadequate to completely stop this exploit, which means that patching needs to be combined with good security tools and practices. Fortinet customers, for example, were protected from all attack vectors as they were detected and blocked by our ATP, IPS, and NGFW solutions. In addition, our AV team issued a new antivirus signature within a few hours of the discovery to enhance the first line of defense,” said, Jitendra Ghughal, Director Channels, India & SAARC, Fortinet.

“Indian organizations have been victims of cyber-attacks and in some cases; India has been in the top ten victim countries. Having said that being one of the fastest adopters of new technologies, most organizations have been scaling their IT infrastructure and security continuously. This, in turn, has helped to defend their networks from cyber-attacks. Whereas, some of the mid to large organizations having legacy systems or lacking strong IT policy deployments have fallen prey to the growing cyber-attacks,” said, Govind Rammurthy, MD & CEO at eScan.

“There are no confirmed reports or data about past for Cyber- attacks or Ransomware attacks and after “WannaCry” attack what are coming are not sure if they are really infected but possibility of major cyber-attacks in India. Most of the Corporates don’t openly acknowledge. The reason for this was some of the corporate was still using windows older version Computers which were not patched. We wish to inform that all our Bitdefender users are already protected from this most of the Cyber-attacks & Ransomware attacks Like “WannaCry”.  Those with poor IT maintenance or not having proper security suites are going to be affected badly and sadly we have many SMB and institutions where they still do not take the need for a proper security software seriously,” said, Baswaraj Vastrad, Technical Head, BD SOFTWARE PVT LTD.

“Across the globe, countries have woken up to the lingering threats of massive cyberattacks that cybercriminals propose to unleash in the near future, and India too seems to be on their radar. India has emerged as one of the top targeted nations by cyber criminals. The inventive tools used by cyber criminals to hijack business dealings and steal valuable customer information are leading to business destruction in in both small and medium enterprises,” said,   Sharda Tickoo, Technical Head, Trend Micro India.

Why Corporate Sector failed with Wannacry ransomware?

“There are several reasons why organizations fall victim to attacks like Petya and WannaCry, but chief among them is the issue of complexity. Every organization in the world is grappling with complexity. Sprawling networks with millions of assets and vulnerabilities, mobile devices, disconnected security controls, hybrid and multi–cloud environments, legacy systems that are outdated, and a threat landscape that is always changing. Most companies don’t have the tools or time to examine the complex relationships between these things, or to orchestrate the response to the risks demanding immediate attention. To protect against attacks like Petya and WannaCry, security pros need to rethink their approach, starting with gaining complete visibility of their attack surface and exposures. They should also be automating everything from risk assessments to analysis to remediation priorities. We’ve seen how quickly Petya can spread; relying on manual methods to combat it is from now on out of the question,” said, Ravid Circus, VP of Products for Skybox Security. Jitendra Ghughal

“In spite of the highly publicized disclosure of the Microsoft vulnerabilities and patches, and the worldwide nature of the follow-up to Wannacry attack, there are apparently still thousands of organizations, including those managing critical infrastructure, that have failed to patch their devices. So far, two things are clear. First, far too many organizations practice poor security hygiene. When an exploit targets a known vulnerability for which a patch has been available for months or years, victims only have themselves to blame. Key elements of this attack targeted vulnerabilities for which patches had been available for some time. And,, These organizations also do not have adequate tools in place to detect these sorts of exploits,” explained, Ghughal of Fortinet.

“As discussed above one of the key reason corporate failed to defend the Wanna cry attack is the lack of strong IT policy measures and legacy systems which were not updated with the vulnerabilities. While Microsoft has stopped supporting XP OS support long back and still they provided the patch for their Eternal Blue exploit. Many organizations failed to take notice and update their IT infrastructure which resulted in the Wannacry outbreak. Apart from this one of the weakest links in an organization is human error which aggravated the outbreak further,” said, Rammurthy of eScan.

“The reason for WannaCry attack was many Corporates, Government, Banks, Hospitals, educational Institutions was still using windows older version Computers which were not updated with security patches also doesn’t have Proper Cyber Security policy in place. Also, Many of SMBs doesn’t have Security infrastructure,” said, Vastrad of BD Software Pvt Ltd.

“Traditional security mechanisms no longer provide the organisations the protection that they need.Sharda_TickooBreaches will occur and when they do, leaders must ensure they’ve protected the most vital aspect to them and the core of their business – the data. Companies need to understand that being breached is not a question of “if” but “when”. By using Three-Step Secure The Breach approach, organizations can remain in control of their data by using encryption, secure key management and secure authentication to protect the data against two primary category of breaches – Data Privacy Breaches and Data Integrity Breaches. According to Gemalto’s recently released, 2016 Breach Level Index, breaches are becoming far more effective and doing more damage than ever, in India data breaches led to almost 36.6 million data records being compromised last year,” said, Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto.

Impact of latest Ransomware attack

“We are seeing big impact at few of the Indian corporate and PSUs. Mainly corporate which are not in high-tech are more vulnerable as they have lots of legacy OS installations that were ignored as they were used for non-intensive purposes like data entry. We saw that lots of intellectual property data was locked out during the Wannacry event. SinceGivind Rammurthy Petya is not only exploiting the same ‘EternalBlue’ vulnerability but additional known vulnerability that was exposed from prior leaks, we are expecting a wider impact this time. We are also expecting that lots of home users would be affected too,” said, Rakesh Kumar Singh, Datacenter lead, Juniper Networks India.

With campaigns such as Digital India, and concepts such as Aadhaar, UID, and digital money gaining immense popularity, India is in the midst of a major digital revolution. However, as India steadily moves towards a digital future, we must be wary of the potential security risks which digitalisation brings. With WannaCry bringing many nations to a standstill, and even as several new attacks are predicted in the immediate future, the country cannot afford to have a reactive approach to cyber security, and rather have well defined strategy in place for any future eventualities,” Said, Tickoo of  Trend Micro India .

“As most of you know, over 20000 Computers in 150 countries hit across the world were hit with a massive ransomware attack called WannaCry. The Ransomware called “WannaCry,” exploits vulnerability in the Windows operating system encrypting users’ computers and demanding Ransoms in exchange for Decrypting files,” said, Vastrad of BD Software.

“The latest ransomware attack  was a global hit for businesses across industries crippling computers running on Microsoft Windows. This attack as not limited to any particular geography and had global fall-out including the impact in India. The recent set of attacks has again brought forth the attention to lack of robust Breach Notification laws across the globe as the lack of transparency only aggravates the problem,” said, Gupta of Gemalto.

“Based on a few captured NotPetya samples, we’ve Ranaconcluded that the author of this Petya variant has taken inspiration from the WannaCry epidemic that we witnessed in the month of May. However, unlike WannaCry, Petya encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that limits the access of its victims only to the ransom note and prevents the infected computers from booting. Due to this, Petya can be considered more dangerous and intrusive compared to WannaCry or any other strains of ransomware. NotPetya mimics WannaCry heavily in terms of the added SMB exploit functionality, which allows Petya to spread across the local area network. Security researchers have confirmed that a modified version of ETERNALBLUE has been used similar to WannaCry and is found targeting vulnerabilities addressed in MS17-010. Other than ETERNALBLUE, a remote code exploit known as ETERNALROMANCE has also been found in the current strains of NotPetya ,” said, Souti Dutta, Lead Threat Analyst – SOC Service, Paladion Network.

“As already reported the widely used MeDoc taxing and accounting software in Ukraine was the reason for the latest Petya ransomware outbreak which crippled many large corporate and government organizations across Ukraine and their associate offices worldwide. However, the ransomware was not designed to use random IP to spread itself widely using online networks. The attack remained largely limited to few organizations and their branch offices worldwide. The damage of the attack was used in terms of loss of data, man hours and inconvenience in general,” explained, Rammurthy of eScan.

“Cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai, Wannacry, and Petya, launched one after the other. The spread of WannaCry and Petya were quickly curbed unlike those worms of the past. But this isn’t just about scale. Unlike in years past, the new digital economy means organizations rely on digital data as both a critical resource and an essential source of revenue. And these new attacks are more sophisticated than ever. Wannacry’s worm functionality allowed it to spread rapidly across the globe, attacking thousands of devices and organizations. While the potential was there, the damage was quickly curbed due to an embedded kill switch. And just this past week we saw the emergence of a new ransomworm called Petya. This new malware uses the same worm-based approach of Wannacry, even targeting the exact same vulnerability, but this time with a much more potent payload that can wipe data off a system and even modify a device’s Master Boot Record, rendering the device unusable. Since very little money was made during this attack, we can say that this attack was certainly more focused on taking machines offline than monetization through ransom. Machine availability ransom like Petya may become a much larger problem in the future when spreading through a rapid ransomworm.I believe that the Wannacry and Petya attacks were simply shots across the bow. They are part of an insidious new opportunistic strategy of targeting newly discovered vulnerabilities with massive, global attacks and increasingly malicious payloads. This might just be the tip of the iceberg and potentially the start of a new wave of attacks in the form of ransomworms,” concluded, Ghughal of Fortinet.

Kind of Measures and Steps from such attacks

Dividing your network into functional segments to protect data and resources isn’t new. Unfortunately, like patching, most organizations fail to do this. They tend to have flat, open networks, and once the perimeter security has been breached, malware can create havoc. For those organizations that have seen their perimeters disappear, this is especially challenging.  In the case of vulnerable IoT devices, for example, they should be automatically assigned to a separate, secured network segment so if they begin to behave badly the rest of the network is protected. But segmentation alone isn’t enough. Organizations need to deploy a segmentation strategy designed to meet the security demands of today’s most complex networked environments. Like, Network segments need to be secure; Segmentation needs to be automated; Segmentation needs to support both vertical and horizontal traffic; Segmentation needs to be able to identify and isolate rogue and infected devices and Segmentation needs to span network environments. For security professionals, very little of this should be new. The difference is an incredible urgency for security hygiene and network segmentation to help minimize organizations’ risk exposure to attacks like last week’s Petya. And executive business decision makers need to understand that if the appropriate resources aren’t allocatedBaswaraj to do these things, they are putting the life of their organization at risk. These are not optional, nice-to-have security strategies; they are necessities for today’s new normal,” explained, Ghughal of Fortinet.

“Organizations have to stay focused and implement VAPT solutions and routinely scan their networks and systems for known vulnerabilities. Apart from that, they should implement the patches provided by OEMs in time. Also, organizations should avoid using unlicensed software which could potentially be a bigger exploit, said, Rammurthy of eScan.

“Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. Additionally, the increasing use of the cloud and mobile devices has rewritten the rules of data security. However, many companies continue to rely on breach prevention as the foundation of their security strategies. From security perspective, Gemalto educates and prevents its customers via a three step Secure the Breach approach that takes into account, where your data resides, how you store and manage that data and who has access to it. By implementing a three-step approach like  Encrypting all sensitive data at rest and in motion,  Securely managing and storing all keys, and  Controlling access and authentication of users—organizations can effectively prepare for a data breach. This allows us to see through cybersecurity’s reality distortion field and transition from an approach optimized for “reality as it was”—breach prevention—to a strategy optimized for “reality as it is”—the secure breach strategy,” said, Gupta of Gemalto.

“Since this ransomware variant is targeting Microsoft’s Office/WordPad RCE Vulnerability and SMB Vulnerability, consumers should ensure that all security issues are patched.   Disabling SMBv1 is required. Network and host-based firewalls should actively block TCP/445 traffic from untrusted systems. Isolate any unpatched systems from the network to prevent it from getting infected..  Refrain from opening any .rtf, .doc, .xls files received from unknown sources or without validating it.. Keep an offline backup of critical data on desktops and servers and  use the vaccine to keep the hosts immune from the NotPetya massacre,” suggests, Souti Dutta, Lead Threat Analyst – SOC Service, Paladion Network.Souti Dutta

Adopting Cyber Security Polices framework which aims at protecting the public and private infrastructure from cyber-attacks, Cyber security policies provide clear guidelines to create, protect and manage security frameworks relevant to their specific Industry. These Cyber Security Policies need to be adopted & implemented seriously by Respective Organizations Like removing older versions of Operating Systems, applying Latest Security Patches & Updates. Applying Multi- Layered Security for the Infrastructure and basic Security Practices by everyone who is using Computers. Currently many are not doing much in these directions reasons are awareness among the People about Latest Threats and Practices to be followed, investment in the Cyber-Security Systems Investing on correct Security solutions as per Requirement,” explained, Vastrad of BD Software.

“Regular pathing of operating system is a must, not just on laptops/desktops but for all portable devices like mobile/tablets. Also it is a wakeup alert for all SMBs who avoided moving away from out-of-support operating systems. The main learning is that critical data should not be residing on user desktops. Cloud based solutions which ensure that the relevant data is made available to the user on demand but the storage of data itself is always on the cloud where it is easier to put security and anti-malware defences,” said, Singh of Juniper Networks India.

Vendor’s solution for Ransomware Attacks

Juniper has a cloud based zero-day anti-malware intelligence tied in to the corporate firewall which will detect real time progress of malware and the signatures derived from these events has been rolled to all our customer’s intrusion detection devices(IDP), to proactively put guards in place to stop downloading of the malware. Additionally, we have put out security advisory and information to public so they can actively take measures to patch up the vulnerability on the windows devices and be vigilant,” said, Singh of Juniper Networks India.

“The Fortinet Security Fabric integrates and automates multi-layered protections to defend organizations from both existing and novel attacks like WannaCry and Petya. Given the growing sophistication of Cyberattacks, it is easy to understand that within a couple of years it will be impossible for a business to have an online presence without building a full-fledged security architecture from the ground up.  Such an architecture must integrate the operational, security, and performance diagnosis of the environment, baseline those behaviors, use that intelligence to look for anomalies, and exchange local and global threat intelligence to automatically identify threats within the environment. The Fortinet Security Fabric can deliver this defence-in-depth architecture for a wide range of operating systems, applications, networks, and business. And in the near future, Intent based security will make sure that whatever protection the business needs, it will get – securely delivered, accountable, traceable, and with the integrity of the data intact. And in the case of a breach, the ability to understand where and how you were successfully attacked and learn from that exposure to make critical adaptations is crucial so that the time to detect, analyze and respond can be decreased every time, especially for repeated attacks. Threat Intelligence platforms must be able to work together to deliver “data illumination,” leveraging a broad security fabric framework that can pinpoint specific high priority events, coordinate actions to mitigate that attack, and then automate those actions for ongoing protection,” explained, Ghughal of Fortinet.Rakesh Kumar

According to Rammurthy of eScan, eScan’s approach is in protecting the system uses a layered approach, with its AVC – a heuristic engine, PBAE a specifically designed engine to detect and prevent Ransomware attacks and last but not the least – Signature based detection and prevention. With these three engines working in tandem, we have achieved a very high success rate in mitigating numerous types of attacks.

“Understanding the growing pace of cyberattacks and the need to secure data, Gemalto recently launched SafeNet Trusted Access, an access management and identity protection service that helps companies mitigate risk with integrated single sign-on, multi-factor authentication and risk-based analytics. It helps in improving user experience providing Smart Cloud Single Sign-On (SSO) for authentication when defined by the access policy. The solution also simplifies access management to cloud applications such as Office 365, ServiceNow and Salesforce.com. It helps businesses in leveraging a powerful data-driven policy engine for enterprises to optimize business security and user convenience via scenario-based access conditions,” said, Gupta of Gemalto.

“Bitdefender protecting 500 million users worldwide, adopts layered next generation endpoint protection platform, Bitdefender combines all the security services that organizations need in a single delivery platform to safeguard organizations from the highest cadre of sophisticated malware and malicious attacks that most other endpoint security products are blind to. Organizations today are faced with a coverage gap in that modern malware from zero-day exploits, file-less attacks, advanced ransomware and phishing attempts have been successful in evading detection of existing antivirus tools. Bitdefender blocks these threats through aggressive and accurate detection. Bitdefender Technologies Like Advanced Threat Control (ATC) permanently monitors running processes for signs of malicious behavior, Artificial Intelligence and machine learning help against these Threats. With Bitdefender Hypervisor Introspection, Bitdefender becomes the first, and currently the only, security vendor to offer a commercial hypervisor-based security solution. This new security layer is complementary to existing security tools, and offers organizations unparalleled visibility and resilience when facing sophisticated attacks,” said, Vastrad of BD Software.Ravid Circus

“While Petya fits in the new echelon of global, distributed ransomware, it preys on classic cybersecurity weaknesses — known vulnerabilities with known exploits,” says Ravid Circus, VP of Products for Skybox Security. “This tells us many current vulnerability management programs aren’t built to tackle today’s threats. Organizations struggle to understand their network and security gaps and which issues demand immediate attention, like vulnerabilities used in active attack campaigns. They fundamentally need to gain visibility over their network — physical and multi–cloud networks, operational technology and mobile devices — and correlate that information with vulnerability and threat intelligence. With this context, they can quickly understand where their risks lay, how they could be exploited, what issues take priority and how best to fix them.”

At Last

Ransomware attacks get more refined by the day, as cyber criminals learn from their mistakes and tweak their malicious code to be stronger, more intrusive and better suited to avoid cyber security solutions. The WannaCry attack is a perfect example of this since it used a wide-spread Windows vulnerability to infect a computer with basically no user interaction. That’s why each new variant is a bit different from its forerunner. Malware creators incorporate new evasion tactics and pack their “product” with piercing exploit kits, pre-coded software vulnerabilities to target and more. The good news is that most distributed cybercrime attacks can be prevented or disrupted with good cyber–hygiene and vulnerability and threat management practices that consider what is happening in the wild. The challenge, though, is doing that across an enterprise–scale network with limited resources

Highlights

Mr. Sunil Sharma, Vice President – Sales, India & SAARC, Sophos.

“The rapid growth of cyber threats in India argues for urgency in seizing opportunities to improve upon the current foundation of IT security best practices. The recent WannaCry / Petya ransomware attack was an awakening for individuals and businesses across the globe. Its ability to spread like a worm by exploiting Microsoft vulnerability was certainly new ground for a ransomware campaign. But to reverse the trend of increasing breaches a synchronized approach is required that can effectively secure today’s businesses by making security components work better together to respond to security incidents.”

Mr. Jitendra Ghughal, Director Channels, India & SAARC, Fortinet.

Given the growing sophistication of Cyberattacks, it is easy to understand that within a couple of years it will be impossible for a business to have an online presence without building a full-fledged security architecture from the ground up.  Such an architecture must integrate the operational, security, and performance diagnosis of the environment, baseline those behaviors, use that intelligence to look for anomalies, and exchange local and global threat intelligence to automatically identify threats within the environment.”

Ms. Sharda Tickoo, Technical Head, Trend Micro India 

“Across the globe, countries have woken up to the lingering threats of massive cyberattacks that cybercriminals propose to unleash in the near future, and India too seems to be on their radar. India has emerged as one of the top targeted nations by cyber criminals. The inventive tools used by cyber criminals to hijack business dealings and steal valuable customer information are leading to business destruction in both small and medium enterprises.”

Mr. Govind Rammurthy, MD & CEO at eScan

WannaCry was an eye-opener, not just in confirming the fact that there are nations which actively develop and use hacking tools to conduct cyber-warfare, but also reiterates the fact that organizations have a laid-back approach while implementing OS patches or updates in time to avert cyber-attacks.”

Mr. Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto

“Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. Additionally, the increasing use of the cloud and mobile devices has rewritten the rules of data security. However, many companies continue to rely on breach prevention as the foundation of their security strategies.”

Mr. Baswaraj Vastrad, Technical Head, BD SOFTWARE PVT LTD.

Organizations today are faced with a coverage gap in that modern malware from zero-day exploits, file-less attacks, advanced ransomware and phishing attempts have been successful in evading detection of existing antivirus tools. Bitdefender blocks these threats through aggressive and accurate detection.”

Mr. Souti Dutta, Lead Threat Analyst – SOC Service, Paladion Network

Security researchers have identified something similar to a “Kill Switch”. It mostly appeared as a vaccine as it cannot be used centrally (by registering as a domain) to stop the spread across the globe. Its utility is limited to the local system. By creating a read-only file under C:\Windows\ using the name “perfc” it is possible to stop the encryption with the current version of NotPetya. Although, this blocks NotPetya from executing, it doesn’t stop it from spreading on the network. Note, the ransomware is designed to spread internally within an hour or so from its first hit.”

Mr. Rakesh Kumar Singh, Datacenter lead, Juniper Networks India

Regular pathing of operating system is a must, not just on laptops/desktops but for all portable devices like mobile/tablets. Also it is a wakeup alert for all SMBs who avoided moving away from out-of-support operating systems. The main learning is that critical data should not be residing on user desktops. Cloud based solutions which ensure that the relevant data is made available to the user on demand but the storage of data itself is always on the cloud where it is easier to put security and anti-malware defenses.”

Mr. Ravid Circus, VP of Products for Skybox Security.

 “Every organization in the world is grappling with complexity. Sprawling networks with millions of assets and vulnerabilities, mobile devices, disconnected security controls, hybrid and multi–cloud environments, legacy systems that are outdated, and a threat landscape that is always changing. Most companies don’t have the tools or time to examine the complex relationships between these things, or to orchestrate the response to the risks demanding immediate attention. To protect against attacks like Petya and WannaCry, security pros need to rethink their approach, starting with gaining complete visibility of their attack surface and exposures. They should also be automating everything from risk assessments to analysis to remediation priorities. We’ve seen how quickly Petya can spread; relying on manual methods to combat it is from now on out of the question.”

LEAVE A REPLY