Did you know companies are hit with ransomware every 40 seconds on average?
We’ve been discussing ransomware for years and it isn’t going anywhere. In fact, it’s getting easier to produce and at a faster rate.
To put it into perspective, some of the world’s most sophisticated companies are taking a hit to their bottom lines. “Package delivery company FedEx Corp. said a [NotPetya] attack on its Dutch unit slashed $300 million from its quarterly profit, and the company lowered its full-year earnings forecast.”
What can you do to protect your organization?
Application whitelisting (AWL) is a start. AWL controls the software that’s allowed to run on a computer system. Blocking and/or approving processes and executables as someone attempts to run them is the goal.
When and where should Application Whitelisting be used?
On centrally managed hosts connected to other computers
Any system that does not have a built in “deny by default” technology
Hosts in high-risk environments
Machines where users do not have administrative privileges
Sounds great! What’s the catch?
Application whitelisting is cumbersome to manage and can slow things down if not implemented efficiently. Built in “deny by default” technology in operating systems such as Linux and Windows can be tough to manage and don’t offer the robust feature sets as other software. Larger corporations, such as FedEx, are better off seeking for a management tool for AWL.
Options for managing Application Whitelisting
Ideally, a team of IT admins should keep Application whitelisting up to date. To ease the management and save money on overhead, a solution such as Simplify Lockdown does the job.
What does Tricerat’s Simplify Lockdown allow you to do?
Block processes by name, argument, or checksum. This prevents users from getting around security by simply renaming the process.
Simplify Lockdown contains two modes, a banned blacklist mode and a trusted whitelist mode. The trusted mode blocks any executable not assigned to the trusted list, controlling any process that runs on your system.
Building an entire list of processes can be cumbersome, so Simplify Lockdown includes a tool known as Learn Mode. Learn Mode obtains a list of processes that are normally run and makes it easy to add them to the trusted list. Trusted list is customizable to different users and groups and works with Active Directory. View Simplify Lockdown in action below.
Interested in testing it out? Tricerat offers free, 30-day trials. No credit card required!