Whatever month or week you’re reading this, chances are a major ransomware incident has just hit the news. From disruption to oil pipelines and food supply chains to managed service providers (MSPs) and airlines, no organization is safe. And although the threat itself now has the attention of the federal government and the President himself, the attacks continue.
A report from Forrester last year highlights the scale of the threat — and how Zero Trust segmentation built on comprehensive visibility can help to mitigate it. And in a more recent report, Forrester underlines the increasing importance and adoption of segmentation to drive Zero Trust initiatives and defend against ransomware.
These findings chime very much with Illumio’s approach to ransomware containment, characterized by simplicity, automation and limiting risk from breaches both pre- and post-intrusion.
How ransomware hurts organizations
Forrester’s report, Mitigating Ransomware with Zero Trust, focuses initially on the destructive NotPetya and WannaCry campaigns and the big-name compromises that followed. These include:
- The SamSam attack which cost the City of Atlanta $9m
- An Erebus attack on South Korean hoster Nayana which shut down 3,400 websites
- A Locky raid which impacted countless patients at the Hollywood Presbyterian Medical Center
- An infamous LockerGoga attack on NorskHydro which cost the aluminum producer tens of millions of dollars
Some estimates claim attacks surged as much as 288% over the first half of 2021 alone. That’s prompted ever-more desperate pleas from government experts for business leaders to step up mitigation efforts.
How Zero Trust can help
The good news is that, as Forrester explains, Zero Trust controls like Zero Trust segmentation can help organizations mitigate the threat of ransomware spreading like wildfire through their networks. The analyst advises organizations to:
Reduce your endpoint attack surface via least privilege access, blocking ports, automating patching, scanning for threats and gaining visibility into assets.
Implement backup and recovery as a last resort, including write once read many (WORM) storage, immutable file system and multi-factor authentication (MFA).
Address third-party risk from MSPs and IT vendors.
Defend assets and users via host-based access controls, email security, enhanced visibility into network activity and more.
Use micro-segmentation to protect network assets by first gaining visibility into east-west traffic and then focusing initial efforts on business-critical assets.
The next step, with Illumio: stop ransomware from spreading
As a foundational layer of Zero Trust security, micro-segmentation is critical to successfully containing ransomware. Illumio starts by providing risk-based visibility to anchor effective Zero Trust segmentation. This means automatically mapping all communications across applications and devices, as well as ingesting vulnerability, user identity and machine identity data.
We then turn this visibility into ransomware protection by providing two interfaces to discover, author, distribute and enforce policy:
- An easy-to-use GUI that provides real-time application dependency mapping
- A scalable API that automates micro-segmentation policies
Policies are easily created in natural language and translated into firewall rules that are automatically pushed out to the entire infrastructure — endpoints, workloads, cloud, infrastructure devices (e.g., switches and load balancers) and containers. The bottom line: policy applies everywhere and is automatically recalculated to adapt to changes in the IT environment. Segmentation is operationally efficient and requires no changes to existing network infrastructure.
With Illumio, you can help to mitigate the risk of an attack and to contain ransomware by:
- Gaining visibility into how servers and applications communicate, which helps organizations identify the most vulnerable applications and workloads.
- Identifying risky ports commonly used by ransomware enables actions to block these and therefore reduce the attack surface.
- Controlling administrative access (i.e., via RDP and SSH) also reduces the attack surface and common ransomware spreading mechanisms.
- Isolating and protecting uninfected assets prevents infections from spreading and minimizes impact and clean-up time.
To learn more about how Illumio can support your Zero Trust needs and mitigate ransomware threats, check out the blog post, 9 Reasons to Use Illumio to Fight Ransomware.