Companies are facing serious COVID-19 related network security issues, with phishing emails experiencing a renaissance, and ransomware threats on the rise. For companies who have yet to deploy comprehensive security protections, Incident Response services are more necessary than ever. Incident Response, or IR services, help track the ransomware through the system back to its source, discover what vulnerabilities have been exploited to allow it to enter the network and mitigate the fallout by removing visible and invisible ransomware from the system. Many companies believe that they have experienced the worst, as victims of ransomware attack, but without IR services ransomware can hide or remain dormant within a system for a long period of time, waiting for its next opportunity to deploy.
finds that “Companies usually outsource tasks if they are more cost-effective and can produce consistent results. Outsourcing incident response functions ensure a company will get consistent, reliable results if an incident occurs.” They also advise companies seeking IR services to ask themselves the following questions:
•How long have they been in business?
•How many incidents have they responded to in the past?
•What was the response and success rates of those responses?
•Can they provide estimates of money they saved other companies by mitigating threats?
•What is the education level of the staff?
Sangfor Incident Response Process
Containment means isolating any infected hosts and disconnection from the network, to prevent the spread of ransomware and propagation within the network, and to prevent attackers from using the infected server as a jumping-off point to attack other PCs in other network segments using pivot attack techniques. A clear view of any encrypted files or ransom notes will help determine the ransomware family by identifying its encrypted file extensions.
Identifying the attack vector is the next step in the Incident Response process. By looking at the infection time, the entry point and malicious executable files used by the threat actors, Sangfor can follow the path of infection from its entry point to its target, ensuring that the attackers are no longer able to exploit or take advantage of the same misconfiguration or weaknesses for future attacks... Once the Sangfor investigator has discovered the IP address associated with the attacker, they can even track the attacker back to his or her country of origin - important information for the victim who can now set policies to block this type of attack or IP address ranges in the future.
Sangfor investigations often turn up high-risk ports that are exposed to the internet, insufficient system hardening, misconfigurations, weak passwords, and a lack of an effective security log management system. But these issues are just the tip of the iceberg. For more information on how incident response services can help you take back control of your network before or after a ransomware attack, contact Sangfor immediately.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and more valuable.