Scribd Logo
Upload

Welcome to Scribd!

  • Praktisi IT

    Uploaded by

    mufch
    5 views34 pages
    This document discusses why ransomware attackers are still successful even though most businesses use anti-malware solutions. It explains that these solutions use blacklisting to block known bad files, but no solution can block all malware as attackers evolve. Whitelisting, which only allows known good files to run, provides better protection as it doesn't rely on pre-identifying threats. The document argues whitelisting should be used alongside blacklisting solutions and is a key component of achieving a zero trust security model.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses why ransomware attackers are still successful even though most businesses use anti-malware solutions. It explains that these solutions use blacklisting to block known bad files, but no solution can block all malware as attackers evolve. Whitelisting, which only allows known good files to run, provides better protection as it doesn't rely on pre-identifying threats. The document argues whitelisting should be used alongside blacklisting solutions and is a key component of achieving a zero trust security model.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views34 pages

    Praktisi IT

    Uploaded by

    mufch
    This document discusses why ransomware attackers are still successful even though most businesses use anti-malware solutions. It explains that these solutions use blacklisting to block known bad files, but no solution can block all malware as attackers evolve. Whitelisting, which only allows known good files to run, provides better protection as it doesn't rely on pre-identifying threats. The document argues whitelisting should be used alongside blacklisting solutions and is a key component of achieving a zero trust security model.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    Why are ransomware

    attackers winning?
    Zero Trust Security Info Session

    2nd Nov 2021


    Overview
    Why are ransomware attackers winning?

    • Ransomware attacks are growing at an unprecedented pace

    • Almost ALL businesses have anti-malware/next generation anti-virus/


    EDR solutions deployed, so why are Ransomware attacks still happening?

    • What is the gap with such anti-malware/next generation anti-


    virus/EDR solutions?

    • The answer is a surprising known secret across the industry


    Let’s take a look at the news
    Let’s take a look at
    some of the vendors
    How do they work?
    Basically based on the principal of Black-Listing

    Black-Listing – a technique based on the simple concept of


    keeping a list of Known Bad stuff
    What are Known Bad stuff?
    Different vendors with different techniques/algorithms

    But in general,
    • Signatures of known malware
    • Behaviours of potential malware
    Let’s take a look at the
    medical industry
    Covid-19 Vaccine Manufacturers
    Efficacy Rate
    >xx%

    >yy%

    >aa%

    bb-cc%

    dd-ee%
    The fact is

    No vaccine provides
    100% efficacy
    And this is,
    surprisingly the same with
    Anti-Virus, Next Gen Anti-Malware,
    EDR products

    No blacklisting product
    provides 100% protection
    against malware and ransomware (videos)
    And this is why…

    Ransomware Attackers
    Are Winning!
    So, can businesses
    improve their chances
    against ransomware attacks?
    Let’s think differently

    Besides Black-Listing

    Think White-Listing
    How does it work?
    Basically based on the principal of White-Listing

    White-Listing – a reverse technique based on the simple


    concept of keeping a list of Known Good stuff
    What are Known Good stuff?
    In general,
    • Known legit applications
    • Reputable legit applications

    Everything else, just will not run on the computer


    Malware, Ransomware, Unauthorized applications, etc.
    Do we know if they are
    malicious, or not?
    No, we don’t.

    And we don’t care!

    That’s the concept of whitelisting.


    And basically it is the same as
    Covid-19 BEST prevention strategy

    Speak only with


    known healthy people

    There is no silver bullet in information security, but if
    managed correctly,
    application whitelisting solutions at the endpoint
    provide exceptional protection from
    zero day and targeted attacks.
    - The Power of Whitelisting, Neil MacDonald, Gartner


    23 REIMAGINE PERIMETER DEFENSE
    ‘Whitelisting’ Reemerges
    As Innovative Cyber Strategy
    Government Matters
    Published Sunday, January 28, 2018

    Eric Chudow, senior mitigation expert at the National Security Agency (NSA), discusses the cybersecurity strategy called
    “whitelisting,” and why it’s resurging in popularity at organizations.

    https://govmatters.tv/whitelisting-reemerges-as-innovative-cyber-strategy/

    24 REIMAGINE PERIMETER DEFENSE


    FedTech
    05 July 2018

    Whitelisting May Be the Future of


    System Security
    Allowing the use of only trusted applications — instead of blocking only known threats — can prevent malware
    from entering an agency's network.

    - By Erin Brereton

    Given the targeted nature of today’s cyberattacks, whitelisting offers a more effective approach, says Murugiah Souppaya, a
    computer scientist at the National Institute of Standards and Technology and co-author of NIST’s “Guide to Application
    Whitelisting.”

    https://fedtechmagazine.com/article/2018/07/whitelisting-may-be-future-system-security

    25 REIMAGINE PERIMETER DEFENSE


    So, do we replace our existing
    black-listing technologies
    with white-listing?
    It is the same question as
    do we just take the Covid-19
    vaccine or do we only speak
    with known healthy people?
    If white-listing is so effective,
    why isn’t it deployed in the
    majority of customer
    environments yet?
    Because white-listing isn’t like
    black-listing
    (Anti-Malware/Anti-Virus)

    It isn’t Set-and-Forget
    A strong security posture will require
    constant monitoring and fine tuning

    And this is exactly what a successful


    white-listing project requires
    But make no mistake

    As attacks continue to evolve,


    businesses can no longer afford
    to rely solely on Anti-Malware
    black-listing strategy
    White-Listing will
    become the norm

    – just like black-listing…


    What about Zero Trust?

    Basically, White-Listing forms


    the foundation towards
    your Zero-Trust strategy
    Zero-Trust is a security strategy/concept

    Not a product

    Applications execution
    Applications access
    Network segmentation
    Network Access
    and many more…

    You might also like