How is your organization addressing ransomware in the immediate short-term?

282 views3 Comments

CISO in Software, 51 - 200 employees
Has anybody ever seen ransomware go through cellphones on AT&T's network or Verizon's network? No. It doesn't happen. So that's what we do for internal networks. We have typical VLANs where we try to segment everything. We basically ring fence every single device in its own network and ransomware doesn't spread.

The problem with corporate networks is that they’re set up to trust everything once it gets in. If you have VPN or 2 factor authentication, then once you're credentialed in, AWS and all your applications are just one VLAN. It's not going to force you to MFA again. So if the bad guy gets in through phishing or other means, they have credentials. Then they can go to your active directory (AD) to shut down all your GPOs and then go kill your applications. It's poor design on our part, and we're kind of dragging our feet on this.
Chief Information Officer in Education, 5,001 - 10,000 employees
If we look at our adversary, they can just outgun us: You can go to the dark web and pretty quickly get anything you need. They've got great customer service. You only pay when you get results. So the attackers are motivated by money and they're ready to roll. 

On the flip side, we're talking about being defensive. There are countless software vendors saying, "We got this great stuff. It has AI." But what's the SLA for turnaround to recovery for me? The two adversaries if you will are lopsided in this equation.
Chief Security Officer, VP of Info Svc, Analytics and Cloud Infra & Operations in Software, 201 - 500 employees
I think that no automation platform out there is going to solve all of the ills. There’s no single pane of glass. It just doesn't exist. But there are some focus areas. I think you can do the security operations and application security in something like a SOAR. But you need to pick something that's aware of controls and frameworks and cross walking and GRC tools for the compliance piece. I think that that's going to remain separate. That's the two I'm looking at, that's the two I'm using right now is Drata and Tines.

And while I say there’s no single pane of glass, I haven't completely given up on searching for it. Today I'm using security orchestration, automation and response (SOAR) for that, pulling out data through orchestration to try and create dashboards. It’s not a single pane but I'm trying to set things up so that OpSec, security operations, and compliance hear all the relevant data. That way you don't have to look at 40 tools. You only have to look at 1 or 2, or maybe 3 dashboards.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%