Sandboxing: In the Ring with Ransomware

By Eric Noonan • August 18, 2016

Shakur Stevenson, U.S. Olympic Boxer, is set to advance to the Championship bout of the Men’s bantam 56 kg weight class. The young prospect has already secured at least a silver medal for the U.S and is looking to break the gold medal drought, which hasn’t been won by an American since 2004 in Athens. Staying ahead of your opponent is key in boxing; having the ability to react quickly and counter are instrumental to a fighter. Those same qualities are imperative to organizations too, and should be baked into one’s security posture; and today, one of the toughest opponents is ‘Ransomware’.

A few short weeks ago, CyberSheath published an article titled, Three Things You Can Do to Prevent Ransomware Attacks, which discussed three key pillars to protecting your organization from a Ransomware attack. Today, we’re going to focus on a specific solution that will help improve your organization’s readiness. CyberArk’s Viewfinity allows organizations to fight against threats with a defensive posture that is conducive to quick reaction, allowing you to stay ahead of Ransomware.

The Viewfinity solution is a combination of the least privileged and application control. The idea behind it is to reduce administrative rights across an organization, reducing the attack surface of Ransomware, but also utilizing Viewfinity policies to allow users to continue to do work that requires administrative level access for tasks automatically and transparently. The application control functions as a combination of whitelisting and blacklisting applications; what trusted applications can users use, and what known bad applications or executables can they not use? Applications that fall in the unknown are known as ‘greylist’ applications, which is where many Ransomware applications fall into.

With Viewfinity, organizations can automate the analysis of an application or executable with a single click. This allows those greylist applications to be run in a sandbox mode where an application is restricted to standard privilege only and is prevented from accessing network shares, removable devices, and the internet. Viewfinity analyzes the application’s behavior and helps determine whether it should be whitelisted, or blacklisted. If it’s blacklisted, the application can be automatically be banned across the entire organization.

The team at CyberArk Labs put the Viewfinity solution through its paces, and in a recent test, when using application control and least privileged, Viewfinity was able to protect against Ransomware in 7,000 out of 7,000 tests; a perfect 100% success rate.

Ransomware attacks are on the rise, and they’re only going up and up. According to a report published by Check Point, a single Ransomware variant known as Cerber has collected nearly $200,000 in July 2016 alone.  It’s time your organization thought about stepping into the ring and taking on Ransomware with CyberArk’s Viewfinity.

Let the security professionals at CyberSheath be your trainer, and prepare you for the knockout punch against Ransomware. You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.