Some old-fashioned wisdom for a modern problem; an ounce of prevention is worth a pound of cure.
PwC’s 2023 Digital Trust Insight Survey presents a hypthetical scenario It’s clearly based on the 2021 HSE data breach (the national Irish health executive), but it underscores a global issue in security; organizations are too reliant on antivirus as the primary line of endpoint protection.
And this is a disaster waiting to happen. Because antivirus is reactive, it leaves you exposed to threats that it doesn’t know about and can’t identify and neutralize.
In PwC’s hypothetical, but all too common, scenario, a healthcare organization falls victim to a ransomware attack due to an employee opening a document in a phishing email. The consequences are severe; there’s a service disruption and a near-complete shutdown of hospital networks.
And what’s the first domino to fall? The antivirus software failed to detect the malware, which was embedded in an attachment. In this example, it’s because the antivirus wasn’t up to date. But it could just have easily been a zero-day threat which passed by the antivirus unrecognized.
Let’s look an alternative version of events, in which the organization had taken a simple, but fundamentally different, approach to its endpoint security.
In this scenario, the healthcare organization has locked-down the endpoint and implemented a zero-trust model where only IT-approved services and applications are allowed to run on corporate endpoints.
So, what happens now when the employee opens that malicious attachment in the email? Nothing. The malware isn’t on the whitelist, so it’s stopped at source. It never gets a chance to run and cause damage.
It’s proactive defence.
Proactive defence: the Zero Trust Model
One of the most critical aspects of proactive defence against ransomware attacks lies in the implementation of endpoint lockdown within a Zero Trust security framework.
1. Endpoint Lockdown: A Zero Trust Paradigm
In a Zero Trust environment, the fundamental premise is to trust no one and nothing inside or outside the network. Endpoint lockdown, a key component of this model, involves whitelisting authorized services and applications while blacklisting everything else. By doing so, organizations ensure that only pre-approved software and applications can execute on endpoints. If an employee inadvertently opens a phishing email containing malware, the malicious code is automatically prevented from running because it is not on the approved whitelist.
2. Prevention Over Reaction
Unlike traditional security approaches, which rely heavily on reactive measures such as antivirus software, endpoint lockdown operates proactively. It establishes a proactive defence line, stopping threats before they can infiltrate the network and cause damage. By focusing on preventing unauthorized applications from running, this approach significantly reduces the attack surface, making it difficult for ransomware to gain a foothold.
ThinScale’s process security engine is the “ounce of protection” that IT leaders are looking for. It creates isolated, secure sessions on both personal and corporate-owned machines, locking them down to prevent malware and unapproved services from running.
It stops viruses before they ever get going.