Sandboxing: In the Ring with Ransomware

By Eric Noonan • August 18, 2016

Shakur Stevenson, U.S. Olympic Boxer, is set to advance to the Championship bout of the Men’s bantam 56 kg weight class. The young prospect has already secured at least a silver medal for the U.S and is looking to break the gold medal drought, which hasn’t been won by an American since 2004 in Athens. Staying ahead of your opponent is key in boxing; having the ability to react quickly and counter are instrumental to a fighter. Those same qualities are imperative to organizations too, and should be baked into one’s security posture; and today, one of the toughest opponents is ‘Ransomware’.

A few short weeks ago, CyberSheath published an article titled, Three Things You Can Do to Prevent Ransomware Attacks, which discussed three key pillars to protecting your organization from a Ransomware attack. Today, we’re going to focus on a specific solution that will help improve your organization’s readiness. CyberArk’s Viewfinity allows organizations to fight against threats with a defensive posture that is conducive to quick reaction, allowing you to stay ahead of Ransomware.

The Viewfinity solution is a combination of the least privileged and application control. The idea behind it is to reduce administrative rights across an organization, reducing the attack surface of Ransomware, but also utilizing Viewfinity policies to allow users to continue to do work that requires administrative level access for tasks automatically and transparently. The application control functions as a combination of whitelisting and blacklisting applications; what trusted applications can users use, and what known bad applications or executables can they not use? Applications that fall in the unknown are known as ‘greylist’ applications, which is where many Ransomware applications fall into.

With Viewfinity, organizations can automate the analysis of an application or executable with a single click. This allows those greylist applications to be run in a sandbox mode where an application is restricted to standard privilege only and is prevented from accessing network shares, removable devices, and the internet. Viewfinity analyzes the application’s behavior and helps determine whether it should be whitelisted, or blacklisted. If it’s blacklisted, the application can be automatically be banned across the entire organization.

The team at CyberArk Labs put the Viewfinity solution through its paces, and in a recent test, when using application control and least privileged, Viewfinity was able to protect against Ransomware in 7,000 out of 7,000 tests; a perfect 100% success rate.

Ransomware attacks are on the rise, and they’re only going up and up. According to a report published by Check Point, a single Ransomware variant known as Cerber has collected nearly $200,000 in July 2016 alone.  It’s time your organization thought about stepping into the ring and taking on Ransomware with CyberArk’s Viewfinity.

Let the security professionals at CyberSheath be your trainer, and prepare you for the knockout punch against Ransomware. You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO