Ransomware and Your Network
Introduction: ransomware entry and propagation
Network teams and the devices they manage are not the usual audience for discussions about ransomware. Ransomware affects endpoints and is often the purview of IT administrators and security teams. However, there are things that network teams can do to help prevent ransomware from entering the enterprise, and should it enter, from propagating across the network.
Read a version of this post, written by our CTO Josh Stephens, on Network Computing.
Four areas to help networks keep organizations safe from ransomware
There are four areas where network teams can have a positive impact on mitigating ransomware in the enterprise:
- Risk-based vulnerability management for firewalls. Keep software updated to ensure that your organization has protection from the latest ransomware.
- Continuous compliance of firewall configurations. Keep devices configured the way you want them to be, 100% of the time.
- Simplify complexity. Flat networks are a danger when it comes to ransomware; network teams can use automation to simplify administering network segmentation.
- Device lifecycle management. Find and get rid of those end-of-life devices that no longer receive security updates.
Network automation as a security enhancement
Risk-based vulnerability management for firewalls. Only BackBox Network Vulnerability Management provides a rich security data feed, including CVEs, mapped against your actual inventory to score you network risk posture. With BackBox, administrators see the vulnerabilities that impact their exact inventory and are provided with automations to simplify remediation. Often remediation is completing an OS update on the devices, a time consuming, often after-hours activity. BackBox also uniquely scores the risk associated with vulnerabilities to help administrators do a risk-based assessment and focus on vulnerabilities that pose genuine risks, saving time by avoiding unnecessary software updates.
Software updates for firewalls also provide updates to malware definitions, important because of all the malware variants that propagate. In 2023, there were 50 ransomware variants that impacted industrial organizations, a 28% increase year-over-year. The implication is that to be protected you must keep your firewall software up to date with the latest malware definitions.
Continuous compliance of firewall configurations. Change happens. Devices are deployed with a compliant configuration, then through the course of day-to-day administration and firefighting configurations drift. With the BackBox Network Automation Platform configuration grooming back into compliance can be automated, or simply documented for manual remediation.
Simplify complexity. Network devices can filter ransomware and prevent it from propagating across network segments, limiting the “blast radius” should a device become infected. Limiting the damage is an important part of a ransomware mitigation plan. Part of this capability is ensuring proper network segmentation. Network automation can help with the complexity of managing multi-segmented networks by eliminating repetitive, manual administration that’s often the source of configuration errors.
Device lifecycle management. BackBox Network Vulnerability Management provides data on device end-of-life to help network engineers manage the device lifecycle. End-of-life devices don’t get the same security updates as newer devices. While BackBox can still automate old devices, if there aren’t software updates these devices remain vulnerable and should be replaced.
Learn more
There’s a lot here… compliance, vulnerability management, task automation… each of which helps protect network hygiene and keep your organization safe from ransomware. Here are three things to do next:
- Learn more about Compliance with BackBox.
- Learn more about BackBox Network Vulnerability Manager or watch a recorded demo.
- Schedule a personalized demo to see both compliance and vulnerability management in action.