Petya, NotPetya, WannaCry, Xorist, CryptorBit, CryptoLocker, Locky are few that came to my mind when I heard about Riviera Beach paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago. The increase in ransomware attacks and their ability to spread within organizations is causing security teams to reevaluate their security focus. Organizations who prioritized vulnerabilities, patching and authentication are putting equal emphasis on security segmentation to protect their critical assets, customer data and business continuity. There is an attitude shift from “if there is a breach” to “when there is a breach”.
In order to create a resilient and robust security posture, you need to protect your critical applications and data. Implementing security policies in the network makes it more complex and fragile. More and more organizations are decoupling security segmentation from traditional networking constructs and SDN and implementing it using host-based firewalls. The new approach insists on visibility into application traffic, decoupling policy from IP, and a safe way to test security policies before enforcing. You can’t protect what you can’t see. One advice to organizations being proactive about improving their risk posture is to bet on technologies that give real-time visibility into their application traffic and to adopt granular security segmentation in their data centers.
Crippling ransomware attacks targeting US cities on the rise