Ransomware and Your Network

Network teams and the devices they manage are not the usual audience for discussions about ransomware. Ransomware affects endpoints and is often the purview of IT administrators and security teams. However, once data is encrypted and/or stolen, the costs of a ransomware attack snowball – as much as 1,000 times higher than if an incident is not detected and contained early. Fortunately, there are things that network teams can do to help prevent ransomware from entering the enterprise and, should it enter, from propagating across the network.

How to Build Network Resilience to Ransomware

There are four areas where network teams can have a positive impact on mitigating ransomware in the enterprise:

1. Risk-based vulnerability management for firewalls. Keep software updated to ensure that your organization is protected from the latest ransomware threats.
2. Continuous compliance of firewall configurations. Keep devices configured how you want them, 100% of the time.
3. Simplify network complexity. Gain control of network complexity and simplify management of segmented networks.
4. Device lifecycle management. Find and retire those devices nearing their end of life or in their end of support phase  that no longer receive security updates.

In each of these areas, network automation becomes essential to maintain network hygiene and build resilience to ransomware attacks while saving time and reducing errors. Let’s take a closer look at each area.

Risk-based vulnerability management for firewalls. Only BackBox vulnerability intelligence provides a rich security data feed, including CVEs and disclosures from device vendors, mapped against your actual inventory to score your network risk posture. With BackBox, administrators see the vulnerabilities that impact their exact inventory and are provided with automations to implement an OS update or a configuration workaround. 

When a critical vulnerability patch involves updating a firewall OS, teams can’t wait until regularly scheduled monthly or quarterly maintenance windows when updates are done manually. Updates can be automated as part of a cyber resilience regimen and incorporated into existing daily workflows. BackBox also uniquely scores the risk associated with vulnerabilities to help administrators do a risk-based assessment and focus on vulnerabilities that pose genuine risks, saving time by avoiding unnecessary software updates.

In 2023, there were 50 ransomware variants that impacted industrial organizations, a 28% increase year-over-year. Software updates for firewalls also provide updates to malware definitions, which is important because of all the malware variants that propagate.

Continuous compliance of firewall configurations. Change happens. Devices are deployed with a compliant configuration, then through the course of day-to-day administration and firefighting configurations drift. Research on over 900 recent ransomware incidents finds that 28% of organizations had issues related to network segmentation or improperly configured firewalls.

BackBox creates and maintains a detailed network and security device inventory (including device manufacturer, type, model number, version, and end-of-life), automatically runs compliance checks, and alerts teams to misconfigurations. BackBox can automatically groom devices into compliance as part of a routine, or document for manual remediation.

Simplify network complexity. Device inventory and manual approaches to patch management haven’t been keeping up for a while (years). In the meantime, adversaries are improving their tradecraft and creating weaponized large language models (LLMs) and attack apps. This aligns with an Ivanti study that found the majority (71%) of IT and security professionals believe patching is overly complex, cumbersome, and time-consuming.

Flat networks are a danger when it comes to ransomware. Network devices can filter ransomware and prevent it from propagating across network segments, limiting the “blast radius” should a device become infected and blocking access to critical assets and data. Proper network segmentation is an important part of a ransomware mitigation plan. BackBox network automation reduces the complexity of managing multi-segmented networks by eliminating repetitive, manual administration that’s often the source of configuration errors.

Device lifecycle management. BackBox device lifecycle management provides data on device end-of-life to help network engineers manage the device lifecycle across multi-vendor environments. End-of-life devices don’t get the same security updates as newer devices. While BackBox can still automate tasks related to old devices, if software updates aren’t available, these devices remain vulnerable and should be replaced. BackBox can perform a quick audit to let network engineers know which devices are nearing end-of-life and proactively plan for replacement.

Learn more

There’s a lot here – compliance, vulnerability management, lifecycle management, task automation – each of which helps maintain network hygiene and keep your organization safe from ransomware. 

BackBox helps network and security teams address each of these areas while saving time, reducing errors, and proactively building cyber resilience. More than 500 enterprises worldwide trust BackBox as their cyber resilience platform of choice for network devices.

Discover the advantages of BackBox today. Schedule a 30-minute demo for an interactive tour of the BackBox platform.

For additional guidance on how to build a network cyber resilience toolkit that enables a programmatic approach to better prevention and recovery from disruptions, read my article in Security Magazine.