Sandboxing: In the Ring with Ransomware

By Eric Noonan • August 18, 2016

Shakur Stevenson, U.S. Olympic Boxer, is set to advance to the Championship bout of the Men’s bantam 56 kg weight class. The young prospect has already secured at least a silver medal for the U.S and is looking to break the gold medal drought, which hasn’t been won by an American since 2004 in Athens. Staying ahead of your opponent is key in boxing; having the ability to react quickly and counter are instrumental to a fighter. Those same qualities are imperative to organizations too, and should be baked into one’s security posture; and today, one of the toughest opponents is ‘Ransomware’.

A few short weeks ago, CyberSheath published an article titled, Three Things You Can Do to Prevent Ransomware Attacks, which discussed three key pillars to protecting your organization from a Ransomware attack. Today, we’re going to focus on a specific solution that will help improve your organization’s readiness. CyberArk’s Viewfinity allows organizations to fight against threats with a defensive posture that is conducive to quick reaction, allowing you to stay ahead of Ransomware.

The Viewfinity solution is a combination of the least privileged and application control. The idea behind it is to reduce administrative rights across an organization, reducing the attack surface of Ransomware, but also utilizing Viewfinity policies to allow users to continue to do work that requires administrative level access for tasks automatically and transparently. The application control functions as a combination of whitelisting and blacklisting applications; what trusted applications can users use, and what known bad applications or executables can they not use? Applications that fall in the unknown are known as ‘greylist’ applications, which is where many Ransomware applications fall into.

With Viewfinity, organizations can automate the analysis of an application or executable with a single click. This allows those greylist applications to be run in a sandbox mode where an application is restricted to standard privilege only and is prevented from accessing network shares, removable devices, and the internet. Viewfinity analyzes the application’s behavior and helps determine whether it should be whitelisted, or blacklisted. If it’s blacklisted, the application can be automatically be banned across the entire organization.

The team at CyberArk Labs put the Viewfinity solution through its paces, and in a recent test, when using application control and least privileged, Viewfinity was able to protect against Ransomware in 7,000 out of 7,000 tests; a perfect 100% success rate.

Ransomware attacks are on the rise, and they’re only going up and up. According to a report published by Check Point, a single Ransomware variant known as Cerber has collected nearly $200,000 in July 2016 alone.  It’s time your organization thought about stepping into the ring and taking on Ransomware with CyberArk’s Viewfinity.

Let the security professionals at CyberSheath be your trainer, and prepare you for the knockout punch against Ransomware. You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.