eBooks/eGuides

CHAPTER 2 Implementing Best Practices to Reduce Ransomware Risks 11 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. attachments, as a way to mitigate (or completely elimi- nate) phishing attacks containing malicious attachments. • Consider non-native document rendering for PDF and Microsoft Office files in the cloud. Desktop applications such as Adobe Acrobat Reader and Microsoft Word often contain unpatched vulnerabilities that can be exploited. • Instruct users who do not regularly use macros to never enable macros in Microsoft Office documents. A resur- gence in macro-based malware has been observed recently that uses sophisticated obfuscation techniques to evade detection. • Explain incident reporting procedures and ensure that users feel comfortable reporting security incidents with messages like "You're the victim, not the perp" and "The cover-up is worse (in terms of damage) than the event." • Remember to cover physical security. Although they're less common than other forms of social engineering, visitor escort policies and tactics such as dumpster diving, shoulder surfing, and piggybacking (or tailgating), which potentially threaten their personal safety as well as information security, should be reiterated to users. » Perform ongoing risk assessments to identify any security weaknesses and vulnerabilities in your organi- zation, and address any threat exposures to reduce risk. Be sure to do the following: • Conduct periodic port and vulnerability scans. • Ensure solid and timely patch management. • Disable unnecessary and vulnerable services and follow system hardening guidance. • Enforce strong password requirements and implement two-factor authentication (where possible). • Centralize security logging on a secure log collector or security incident and event management (SIEM) platform, and frequently review and analyze log information. Unfortunately, despite your best efforts, people are people (and Soylent Green is people!) and there will always be zero- day threats that exploit previously unknown — and therefore,

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Foolish Assumptions
• Icons Used in This Book
• Beyond the Book
• Chapter 1 What Is Ransomware?
• Defining Ransomware
• Recognizing Ransomware in the Modern Threat Landscape
• Understanding How Ransomware Operates
• Chapter 2 Implementing Best Practices to Reduce Ransomware Risks
• Before an Attack: Discover, Enforce, Harden
• During an Attack: Detect, Block, and Defend
• After an Attack: Scope, Contain, and Remediate
• Chapter 3 Building the "New Best-of-Breed" Security Architecture
• Recognizing the Limitations of Current Security Designs
• Defining the "New Best-of-Breed" Security Architecture
• Chapter 4 Deploying Cisco Ransomware Defense
• Leveraging DNS as the First Line of Defense in the Cloud
• Securing Endpoints and Addressing Email Threats
• Cisco Advanced Malware Protection (AMP) for Endpoints
• Cisco Email Security with Advanced Malware Protection (AMP)
• Protecting the Network with Next-Generation Firewalls and Segmentation
• Cisco Firepower Next-Generation Firewall (NGFW)
• Use the network as a sensor and enforcer
• Streamlining Deployments and Bolstering Incident Response
• Chapter 5 Ten Key Ransomware Defense Takeaways
• Ransomware Is Evolving
• Ransomware-as-a-Service Is an Emerging Threat
• Paying a Ransom Doesn't Solve Your Security Problems
• Build a Layered Security Architecture Based on Open Standards
• Deploy Integrated, Best-of-Breed Solutions
• Embed Security throughout Your Network Environment
• Reduce Complexity in Your Security Environment
• Leverage Cloud-Based, Real-Time Threat Intelligence
• Automate Security Actions to Reduce Response Time
• See Something, Say Something
• EULA