How to Proactively Defend Against WannaCry and Other Ransomware Attacks

Grant Ho
By Grant Ho May 15, 2017 4 minute read
Grant Ho is SVP, Global Marketing at NetBrain Technologies and responsible for leading the company’s marketing strategy and execution. This includes corporate communications and brand, media and analyst relations, product marketing, digital and content marketing, and events. Prior to joining NetBrain, Grant held various marketing leadership roles in the healthcare IT industry and began his career as a strategy consultant to wireless and enterprise software companies. He was born and raised in Toronto and currently resides near Boston with his wife and two kids.

The ransomware attack that began affecting hundreds of thousands of organizations across the world on Friday is a scary reminder that networks remain under constant threat.

In this attack – dubbed WannaCry or WannaCrypt – malware locks files and asks for payment to unlock them. The impacts of the ransomware attack are massive as FedEx and other major companies have been targeted, while hospitals in the U.K. were forced to turn patients away at points because of the attack. It’s estimated that 20 percent of all U.K. hospitals were affected.

Ransomware

While organizations are dealing with the ongoing impact of WannaCry, it’s worth looking at how networks can be set up to best prevent malware attacks like this.

The Department of Justice notes that “proactive prevention is the best defense” when it comes to ransomware. While this is undoubtedly true, many of these prevention tactics required of organizations remain very manual. Unfortunately, slow, tedious and preventative work is often the last thing that gets completed by a network team, even if it’s something as critical as hardening against ransomware attacks. As the DOJ notes, proactivity is critical when it comes to cyber-attacks and there are several “golden rules” that every network team should follow.

Network security has become a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities, and network teams need preventative measures that can be adapted quickly and easily. There are three key phases to hardening against network attacks:

  1. Document the existing network design and configuration
  2. Identify and remediate security vulnerabilities
  3. Safeguard against future vulnerabilities

Let’s examine each phase and identify where network automation can help organizations better adhere to these “golden rules.”

Phase 1: Document existing network design and configuration

As with almost any network issue, documentation is critical. In this case, for enterprises to proactively identify any network vulnerabilities they need to start with having clear visibility into the existing network.

The primary challenge is that most organizations don’t have up-to-date documentation, and this lack of end-to-end visibility into the network creates a security risk. As a result, most networks have a limited understanding of security along application traffic flows and little insight into existing security configurations.

By leveraging NetBrain to automate documentation, network teams can easily solve this problem. Through the power of a Dynamic Network Map, network teams can easily digest the details of the network, documenting firewall policies, access-lists, policy-based routing, and more. To validate security along critical application paths, engineers can also visualize access-lists and firewall policies. NetBrain’s A/B path calculator works at the Layer-4 port-level to analyze ACLs and policy-based routing to visually validate that “good” traffic is permitted and “bad” traffic is denied across every path.

Phase 2: Identify and remediate security vulnerabilities

Visibility is a critical part of the process, but it’s only the first step. Network engineers are running into several challenges when it comes to identifying and remediating vulnerabilities. The biggest challenge is analyzing network configurations, as the current process is extremely tedious and manual. To help automate best practices and perform assessments, many network teams are building custom scripts, but those are often-time consuming, not portable, and require expertise that not every network team has.

Again, network automation comes to the rescue. To automate security assessments, NetBrain leverages the power of Executable Runbooks to automatically validate every network configuration against a common set of “golden rules” (e.g., device passwords are encrypted, timeouts are configured, etc.). To perform this assessment, NetBrain looks at every device’s configuration and searches for pre-defined rules within each. If a device is out of compliance, NetBrain will report it.

With Executable Runbooks, network teams can also proactively guard against security misconfigurations. For instance, security teams can create Executable Runbooks for the network team to automatically assess if a firewall is configured properly. These Runbooks can also include design guides, best security practices, and other “golden rules” to help enforce security best practices going forward every time the network changes.

Phase 3:  Safeguard against future vulnerabilities

Enforcing security policies across large organizations is a challenge, and without defined and easily accessible policies, networks will quickly fall out of compliance. Furthermore, many organizations face collaboration challenges as network and security teams fail to effectively share information.

Security and network collaboration is critical, especially in the event of a cyber-security attack or a ransomware attack. With NetBrain, security teams and network teams can work together during triage, forensics, and for hardening security to proactively prevent threats. With all key data stored in a Dynamic Map or Executable Runbook, collaboration becomes easier and more intuitive.

WannaCry was another stark reminder that ransomware is on the rise and represents a serious security threat to business. According to an Osterman Research report entitled: Understanding the Depth of the Global Ransomware Problem, August, 2016, nearly 80 percent of companies breached by a cyber attack have had high-value data held for ransom and globally, nearly 40 percent of ransomware victims ended up having to pay the ransom. This problem isn’t going away and the time to address it is now.