Why Traditional Security Solutions Aren’t Stopping Ransomware

traditional security solutions aren't stopping ransomware

75% of companies that were hit by ransomware last year had up-to-date endpoint protection solutions in place. Why didn’t that help stop the attacks? Let’s take a look at the most common approaches to ransomware prevention, and why they haven’t been able to provide a solution for enterprises. 

Approach 1: EPP/EDR Agents

EPP/EDR solutions are actually great at stopping ransomware – when the threat is known or uses techniques that are clearly malicious. But malware is getting better – it can act legitimately in ways that fool detection systems. And attackers can test their ransomware to see if endpoint solutions detect them. So they’re less likely to try an attack that they know isn’t effective. 

Approach 2: Phishing Training

It doesn’t matter how good your anti-phishing training is. It still only takes one mistake from one user to undo all that good training. And training wears out. One study from the Cyentia Institute found that 40% of anti-phishing trainees still fail phishing tests. Education alone  isn’t the answer. 

Approach 3: App Whitelisting

Theoretically, you can just restrict your users to apps and sites that you’ve pre-approved. But this will cause major damage to user productivity. Be prepared for your IT team to spend all day dealing with exception handling and your users to work to find ways around your draconian controls. On top of all that, attackers can still leverage signed legitimate software. 

Approach 4: Browser Security Controls

Browsers have built-in security mechanisms that prevent some browser exploitation. But there were around 30 critical vulnerabilities just in Chrome last year. And the attack surface of browsers continues to grow. They’re essentially mini operating systems. They’re also highly targeted by attackers, and they’re constantly looking for zero days. 

Approach 5: Content Disarm and Reconstruction

CDR takes potentially malicious documents and tries to detonate them by removing scripts, macros, and other potentially malicious content embedded in these documents. However this approach only works for certain document types. It doesn’t defend against malicious app installers, executables, websites, or peripherals. It can also remove some document functionality or corrupt some documents.

Approach 6: Traditional Email Security

Despite the availability of many email security solutions on the market, many organizations remain exposed to advanced phishing, malware, ransomware, BEC, ATO and zero-day attacks. Traditional email security systems are unable to deal with the evermore sophisticated methods of threat actors. The versatility of email means that threat actors can always keep one step ahead of most security systems.  

For detecting advanced malware and ransomware, traditional sandboxing technology, used by many of the email security solutions, has become outdated and not up to par to meet the challenges posed by sophisticated hackers, who employ several levels of attacks with multiple evasion techniques.

Most email security solutions are slow and unable to scale up to support required performance needs, thus security professionals are forced to choose between delaying all email traffic to scanning less than 100% of emails, and only remediating threats after delivery. This imposes a huge risk on the security of their organizations.

Organizations need a solution that can:

  • Protect against Zero Day Attacks
  • Protect any web apps and standard browsers
  • Requires minimal user training
  • Requires a minimum of IT overhead and management

Tal Zamir

How to Stop Ransomware With Perception Point

Perception Point delivers a unified platform that prevents malware, ransomware, APTs and zero-days from reaching your end users.

Advanced email security is an integrated cloud email security solution (ICES) that can replace SEGs. The solution cloud-native SaaS solution protects your organization against all threats using 7 layers of advanced threat detection layers to prevent malicious files, URLs, and social-engineering based techniques.

Advanced Browser Security adds enterprise-grade security to your organizations native browsers. The managed solution fuses browser protection technology with multi-layer advanced threat prevention engines which delivers the unprecedented ability to detect and remediate all malicious threats from the web, including phishing, ransomware, malware, APTs, and more. Multi-layered static and dynamic detection capabilities instantly detect and block access to malicious/phishing websites and prevent malicious file downloads of ransomware, malware, and APTs.

Advanced Threat Protection for Cloud Collaboration, File Sharing and Storage Applications, such as Microsoft 365 applications (OneDrive, SharePoint, Teams), Google Drive Box, AWS S3 buckets, ZendeskSalesforce, and any of the other hundreds of apps out there, protects your organization with near real-time dynamic scanning. It does not tamper with files and does not impede on productivity.

An all-included managed Incident Response service is available for all customers 24/7 with no added charge. Perception Point’s team of cybersecurity experts will manage incidents, provide analysis and reporting, and optimize detection on-the-fly. The service drastically minimizes the need for internal IT or SOC team resources, reducing the time required to react and mitigate web-borne attacks by up to 75%.

Interested in learning more? Contact us for a demo.

CISO's guide 2022
Traditional Security Solutions Aren’t Stopping Ransomware?

Here is a list of the most common approaches to ransomware prevention which haven’t been able to provide a solution for enterprises:
Approach 1: EPP/EDR Agents
Approach 2: Phishing Training
Approach 3: App Whitelisting
Approach 4: Browser Security Controls
Approach 5: Content Disarm and Reconstruction
Approach 6: Traditional Email Security