Sandboxing: In the Ring with Ransomware

Shakur Stevenson, U.S. Olympic Boxer, is set to advance to the Championship bout of the Men’s bantam 56 kg weight class. The young prospect has already secured at least a silver medal for the U.S and is looking to break the gold medal drought, which hasn’t been won by an American since 2004 in Athens. Staying ahead of your opponent is key in boxing; having the ability to react quickly and counter are instrumental to a fighter. Those same qualities are imperative to organizations too, and should be baked into one’s security posture; and today, one of the toughest opponents is ‘Ransomware’.

A few short weeks ago, CyberSheath published an article titled, Three Things You Can Do to Prevent Ransomware Attacks, which discussed three key pillars to protecting your organization from a Ransomware attack. Today, we’re going to focus on a specific solution that will help improve your organization’s readiness. CyberArk’s Viewfinity allows organizations to fight against threats with a defensive posture that is conducive to quick reaction, allowing you to stay ahead of Ransomware.

The Viewfinity solution is a combination of the least privileged and application control. The idea behind it is to reduce administrative rights across an organization, reducing the attack surface of Ransomware, but also utilizing Viewfinity policies to allow users to continue to do work that requires administrative level access for tasks automatically and transparently. The application control functions as a combination of whitelisting and blacklisting applications; what trusted applications can users use, and what known bad applications or executables can they not use? Applications that fall in the unknown are known as ‘greylist’ applications, which is where many Ransomware applications fall into.

With Viewfinity, organizations can automate the analysis of an application or executable with a single click. This allows those greylist applications to be run in a sandbox mode where an application is restricted to standard privilege only and is prevented from accessing network shares, removable devices, and the internet. Viewfinity analyzes the application’s behavior and helps determine whether it should be whitelisted, or blacklisted. If it’s blacklisted, the application can be automatically be banned across the entire organization.

The team at CyberArk Labs put the Viewfinity solution through its paces, and in a recent test, when using application control and least privileged, Viewfinity was able to protect against Ransomware in 7,000 out of 7,000 tests; a perfect 100% success rate.

Ransomware attacks are on the rise, and they’re only going up and up. According to a report published by Check Point, a single Ransomware variant known as Cerber has collected nearly $200,000 in July 2016 alone.  It’s time your organization thought about stepping into the ring and taking on Ransomware with CyberArk’s Viewfinity.

Let the security professionals at CyberSheath be your trainer, and prepare you for the knockout punch against Ransomware. You can learn more about our approach by viewing our Privileged Access Management service area.