75% of companies that were hit by ransomware last year had up-to-date endpoint protection solutions in place. Why didn’t that help stop the attacks? Let’s take a look at the most common approaches to ransomware prevention, and why they haven’t been able to provide a solution for enterprises.
Approach 1: EPP/EDR Agents
EPP/EDR solutions are actually great at stopping ransomware – when the threat is known or uses techniques that are clearly malicious. But malware is getting better – it can act legitimately in ways that fool detection systems. And attackers can test their ransomware to see if endpoint solutions detect them. So they’re less likely to try an attack that they know isn’t effective.
Approach 2: Phishing Training
It doesn’t matter how good your anti-phishing training is. It still only takes one mistake from one user to undo all that good training. And training wears out. One study from the Cyentia Institute found that 40% of anti-phishing trainees still fail phishing tests. Education alone isn’t the answer.
Approach 3: App Whitelisting
Theoretically, you can just restrict your users to apps and sites that you’ve pre-approved. But this will cause major damage to user productivity. Be prepared for your IT team to spend all day dealing with exception handling and your users to work to find ways around your draconian controls. On top of all that, attackers can still leverage signed legitimate software.
Approach 4: Browser Security Controls
Browsers have built-in security mechanisms that prevent some browser exploitation. But there were around 30 critical vulnerabilities just in Chrome last year. And the attack surface of browsers continues to grow. They’re essentially mini operating systems. They’re also highly targeted by attackers, and they’re constantly looking for zero days.
Approach 5: Content Disarm and Reconstruction
CDR takes potentially malicious documents and tries to detonate them by removing scripts, macros, and other potentially malicious content embedded in these documents. However this approach only works for certain document types. It doesn’t defend against malicious app installers, executables, websites, or peripherals. It can also remove some document functionality or corrupt some documents.
So what unites these flaws? What do they have in common that renders them vulnerable?
They all have the same design flaw: They mix multiple security domains on a single OS. Sensitive data is sitting on the same endpoint as risky/malicious applications. This affects all endpoints and is the primary reason that we see ransomware being so successful.
To solve this, we need a solution that can:
- Protect against Zero Day Attacks
- Protect any web apps and standard browsers
- Requires minimal user training
- Requires a minimum of IT overhead
- Doesn’t mix multiple security domains on the same OS
Isolate Endpoint Threats with Perception Point’s Advanced Browser Security
We can reduce the risks of ransomware by using a separate, isolated browser for risky activities that can contain endpoint threats. Every time an employee clicks a suspicious link or file, that potentially malicious content will be seamlessly launched in a separate, isolated browser.
Perception Point Advanced Browser Security adds enterprise-grade security to native Chrome and Edge browsers. The managed solution fuses patented web isolation technology with multi-layer advanced threat detection engines which delivers the unprecedented ability to isolate, detect and remediate all malicious threats from the web, including phishing, ransomware, malware, APTs, and more.
Untrusted, risky websites and applications are automatically opened and used in the secured browser which is isolated from corporate data and applications. Access to sensitive corporate apps is secured via an isolated, trusted Chrome or Edge browser. This prevents data loss (DLP) from both managed and unmanaged endpoints.
The behavior of the secured browser is managed in the cloud, while all of the computing resources run locally on user endpoints. This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience in terms of speed, along with offline availability.
We add advanced security to native Chrome and Edge browsers to protect your organization against all malicious threats from the web and protect access to sensitive corporate apps.