You have two main ways to fight ransomware. You can either be proactive, working to block future attacks. Or you can be reactive, responding to an active breach.
Either way, you can now get powerful, fast help from a key feature in the Illumio product suite: Enforcement Boundaries.
To understand how Enforcement Boundaries can help you fight ransomware, you need to know an important fact about ransomware: Most attacks take advantage of the way operating systems listen to open ports, such as SMB (server message block) and RDP (remote desktop protocol) ports. Once the malware finds an open port, it can easily propagate across your network and deploy its encryption payload.
But what if you could put a virtual firewall around every workload — that is, every OS or application instance? That’s what Enforcement Boundaries do. They essentially transform every workload into a Zero Trust segment, allowing you to put a perimeter around any port, workload, group of workloads, and/or IP range.
What’s more, you can do this without changing the network. You never need to worry about conflicts. And you can do it quickly and easily, whether for 100 workloads, 100,000 or any number in between.
Taking Proactive and Reactive Approaches
For a proactive approach — one that blocks ransomware attacks — Enforcement Boundaries can let you create a deny-list that blocks only specific traffic and common ports used by attackers. For example, you might specify “no Telnet connections.” With Enforcement Boundaries, you’d quickly achieve 100 percent compliance. And without needing to create a single Zero Trust rule.
But what if you’ve already been compromised? Now you need a reactive approach. Enforcement Boundaries can also help, this time by controlling well-known attack pathways and limiting access to risky ports. In essence, you’ll create a virtual fence around infected workloads, preventing the ransomware from spreading and thereby limiting its impact.
What’s more, you can use Enforcement Boundaries for either reactive and proactive measures in minutes, even across thousands of machines. That’s important because every minute counts when it comes to protecting and restoring a breached network.
Finally, Enforcement Boundaries can be used to protect a variety of IT infrastructures. This includes bare metal servers, virtual machines and containers.
Illumio’s approach to Enforcement Boundaries is much faster and easier to deploy than a full-fledged Zero Trust implementation. With Zero Trust, your “allow-list” policy must be perfect before it can be enforced. That’s far from easy.
Even harder is getting everyone to agree that the policy is completely correct for every core service, workload and application. By contrast, Enforcement Boundaries can be set and deployed in mere minutes.
For example, to control ports used by ransomware, you can simply place an Enforcement Boundary on every workload, thereby protecting all core and management services.
Proactively, your workloads would still be permitted to talk with appropriate core services, but not to each other on the core service port.
And reactively, you’d eliminate the most common pathways of travel for ransomware while also securing your core services against "east-west" attacks.
Illumio’s approach to Enforcement Boundaries gives you another benefit, too. We use a declarative model that only requires you to define the “what” – that is, what you want to block. Illumio then takes care of the “how.”
It’s like asking an Alexa device, “Play music.” You don’t need to know how it works. You only need to tell it what you want it to do.
Illumio also lets you test and simulate Enforcement Boundaries before deploying.
With Illumio Enforcement Boundaries, say goodbye to “deploy and pray” and hello to “this just works.”
Whether you need cybersecurity that’s proactive or reactive, Enforcement Boundaries can help. Learn more about fighting ransomware with Illumio: