eBooks/eGuides

14 Ransomware Defense For Dummies, Cisco Special Edition These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. During an Attack: Detect, Block, and Defend If your organization is under attack, fast and effective incident response is required to limit any potential damage. The specific action steps and remediation efforts to be undertaken will be different for each unique situation. However, the time to learn the breadth and extent of your organization's incident response capabilities is not during an attack! Your incident response efforts should be well understood and coordinated — which is accom- plished before an attack — and well documented and repeatable, so that you can reconstruct an incident after an attack and iden- tify lessons learned and potential areas for improvement. A key component of effective incident response that is often over- looked is information sharing, which includes the following: » Communicating timely and accurate information to all stakeholders: Pertinent information needs to be provided to executives in order to ensure adequate resources are committed to response and remediation, critical and informed business decisions can be made, and appropriate information is, in turn, communicated to employees, law enforcement, customers, shareholders, and the general public. » Automatically sharing new security intelligence through- out the architecture: Bringing together critical data from disparate systems, such as security information and event management (SIEM), threat intelligence, and sandboxing tools, enables the incident response team to quickly surface and effectively triage high-impact security incidents. For example, if a new malware payload is detected on an endpoint, it should automatically be sent to a cloud-based threat intelligence platform for analysis in order to find and extract any indicators of compromise (IoCs). Then new countermeasures should automatically be deployed and enforced.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Foolish Assumptions
• Icons Used in This Book
• Beyond the Book
• Chapter 1 What Is Ransomware?
• Defining Ransomware
• Recognizing Ransomware in the Modern Threat Landscape
• Understanding How Ransomware Operates
• Chapter 2 Implementing Best Practices to Reduce Ransomware Risks
• Before an Attack: Discover, Enforce, Harden
• During an Attack: Detect, Block, and Defend
• After an Attack: Scope, Contain, and Remediate
• Chapter 3 Building the "New Best-of-Breed" Security Architecture
• Recognizing the Limitations of Current Security Designs
• Defining the "New Best-of-Breed" Security Architecture
• Chapter 4 Deploying Cisco Ransomware Defense
• Leveraging DNS as the First Line of Defense in the Cloud
• Securing Endpoints and Addressing Email Threats
• Cisco Advanced Malware Protection (AMP) for Endpoints
• Cisco Email Security with Advanced Malware Protection (AMP)
• Protecting the Network with Next-Generation Firewalls and Segmentation
• Cisco Firepower Next-Generation Firewall (NGFW)
• Use the network as a sensor and enforcer
• Streamlining Deployments and Bolstering Incident Response
• Chapter 5 Ten Key Ransomware Defense Takeaways
• Ransomware Is Evolving
• Ransomware-as-a-Service Is an Emerging Threat
• Paying a Ransom Doesn't Solve Your Security Problems
• Build a Layered Security Architecture Based on Open Standards
• Deploy Integrated, Best-of-Breed Solutions
• Embed Security throughout Your Network Environment
• Reduce Complexity in Your Security Environment
• Leverage Cloud-Based, Real-Time Threat Intelligence
• Automate Security Actions to Reduce Response Time
• See Something, Say Something
• EULA