Issue link: https://insights.oneneck.com/i/1093615
12 Ransomware Defense For Dummies, Cisco Special Edition These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. unpatched — vulnerabilities. If an attacker succeeds in accessing your network, his next step is to establish C2 communications, in order to » Ensure persistence » Escalate privileges » Move laterally throughout your network, data center, and end user environment To mitigate the effects of a successful intrusion, implement the following best practices: » Deploy domain name system (DNS) layer protection that enables you to predictively identify malicious domains, IP addresses, and Internet infrastructure to help mitigate the risk of an attack. » Automatically enable firewall, advanced malware protection, encryption, and data loss prevention on all endpoints, including personal mobile devices (if "bring your own device" [BYOD] is permitted) and removable media (such as USB drives) that is transparent to the user and requires no action by the user. This protects roaming and remote users both on and off the network, even when they don't necessarily do what they're supposed to do with regard to best practices and established policies. » Enable security functionality on email gateways including blocking or removing executables and other potentially malicious attachments, sender policy framework (SPF) verification to mitigate email spoofing, and email throttling (or "graylisting") to rate-limit potential spam emails. » Enable security products and services that analyze Internet traffic, emails, and files to prevent infection and data exfiltration (discussed further in Chapters 3 and 4), and leverage threat intelligence services for deeper context and rapid investigation. » Design and deploy a robust, inherently secure security architecture that uses segmentation to restrict an attacker's lateral movement in your environment.