eBooks/eGuides

10 Ransomware Defense For Dummies, Cisco Special Edition These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. So, preventing an attacker from gaining entry to your network with an architectural approach is the most effective way to break the "cyber kill chain" and prevent a ransomware attack from suc- ceeding in the first place. The Lockheed Martin Cyber Kill Chain model consists of seven attack phases: Reconnaissance, Weaponization, Delivery, Exploi- tation, Installation, Command and Control (C2), and Actions on the Objective. The first five phases are all focused on gaining access to the target's network and systems. Attackers usually achieve initial access to a target through one of two methods: » Social engineering/phishing to get an unsuspecting user to expose her network credentials or install malware » Exploiting a vulnerability in a public-facing (Internet) applica- tion or service With regard to phishing attacks and security awareness train- ing, Verizon's 2016 Data Breach and Investigations Report (DBIR) bemoans, "Apparently, the communication between the criminal and the victim is much more effective than the communication between employees and security staff." The following best practices should be implemented to prevent attackers from gaining access to your organization's network and systems: » Conduct regular security awareness and training for your end users. This training should be engaging and contain the latest information on security threats and tactics. Be sure to do the following: • Reinforce company policies regarding not sharing or revealing user credentials (even with IT and/or security), strong password requirements, and the role of authenti- cation in security (including the concept of nonrepudiation, which gives users the "It wasn't me!" defense). • Encourage the use of company-sanctioned Software-as-a- Service (SaaS) applications, such as file-sharing programs, to exchange documents with others rather than email

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Foolish Assumptions
• Icons Used in This Book
• Beyond the Book
• Chapter 1 What Is Ransomware?
• Defining Ransomware
• Recognizing Ransomware in the Modern Threat Landscape
• Understanding How Ransomware Operates
• Chapter 2 Implementing Best Practices to Reduce Ransomware Risks
• Before an Attack: Discover, Enforce, Harden
• During an Attack: Detect, Block, and Defend
• After an Attack: Scope, Contain, and Remediate
• Chapter 3 Building the "New Best-of-Breed" Security Architecture
• Recognizing the Limitations of Current Security Designs
• Defining the "New Best-of-Breed" Security Architecture
• Chapter 4 Deploying Cisco Ransomware Defense
• Leveraging DNS as the First Line of Defense in the Cloud
• Securing Endpoints and Addressing Email Threats
• Cisco Advanced Malware Protection (AMP) for Endpoints
• Cisco Email Security with Advanced Malware Protection (AMP)
• Protecting the Network with Next-Generation Firewalls and Segmentation
• Cisco Firepower Next-Generation Firewall (NGFW)
• Use the network as a sensor and enforcer
• Streamlining Deployments and Bolstering Incident Response
• Chapter 5 Ten Key Ransomware Defense Takeaways
• Ransomware Is Evolving
• Ransomware-as-a-Service Is an Emerging Threat
• Paying a Ransom Doesn't Solve Your Security Problems
• Build a Layered Security Architecture Based on Open Standards
• Deploy Integrated, Best-of-Breed Solutions
• Embed Security throughout Your Network Environment
• Reduce Complexity in Your Security Environment
• Leverage Cloud-Based, Real-Time Threat Intelligence
• Automate Security Actions to Reduce Response Time
• See Something, Say Something
• EULA