Ransomware has become the weapon of choice for the major cyber-crime organizations, posing an existential threat to businesses that fall victim. The latest strains of ransomware target everything, including backup, making even partial recovery a long and expensive process. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, and Egregor have made the headlines, displacing WannaCry, Cerber, CryptoWall, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware infections come from innocent-seeming emails with malicious links or attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus (AV) tools. While user education and frontline detection are critical to defend against ransomware, best practices dictate that you assume some attacks will succeed and that you put in place a strong backup solution that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around an interview with a Progent security consultant experienced in ransomware defense and recovery. Progent will help determine your company's readiness to block or recover from a ransomware attack. During this interview Progent will work directly with you to gather pertinent information about your security and backup environment. Progent will use this information to produce a written Basic Security and Best Practices Report detailing how to apply best practices for configuring and managing your security and backup systems.
Progent's Basic Security and Best Practices Report focuses on key issues associated with prevention (Security) and recovery (Backups). The review addresses:
- Correct use of administration accounts
- Correct NTFS and SMB permissions
- Optimal firewall settings
- Secure RDP connections
- AntiVirus tools selection and configuration
The interview process included with the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for larger or more complex environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware attack, and Progent can provide as-needed expertise to help you and your IT staff create a cost-effective security/backup solution tailored to your business needs.
- Split permission model for backup protection
- Backing up required servers (AD)
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that either encrypts files so they are unreadable or deletes them altogether. Ransomware often locks the victim's computer so it is unusable. To reverse the damage, the victim is required to pay a specified amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will result in a recovery. Compromised or deleted files can extend throughout a network depending on the victim's write permissions, and the military-grade encryption algorithm used on the hostage files cannot be broken. A common ransomware attack vector is spoofed email, which the user is lured into opening by a social engineering technique known as spear phishing. This makes the email look as though it came from a trusted sender. The most targeted attack vector is an improperly secured Remote Desktop Protocol (RDP) port. These are becoming more of a problem as businesses support more at-home workers.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by ransomware variants is estimated at billions of dollars annually, more than doubling every two years. Notorious recent threats include WannaCry/WannaCrypt, Locky, Cerber, NotPetya and Spora. Current high-profile threats like Ryuk, Maze, and Sodinokibi are more elaborate and have caused more havoc. Even if your backup processes allow you to recover your ransomed files, you can still be threatened by exfiltration, where stolen data is made publc (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anit-virus tools will block the latest attack. If an attack does show up in an email, it is critical that your users have been educated to be wary of social engineering tricks. Your last line of defense is a solid scheme for scheduling and retaining offsite backups plus the deployment of reliable recovery tools.
ProSight Managed Services Offered by Progent
Progent's ProSight network management suite is a family of affordable, subscription-based service packages that allow small and mid-size businesses to outsource crucial IT management functions. ProSight services that can help defend against or recover from ransomware attacks include email filtering, next-generation AV based on behavior analysis, automatic isolation of infected computers and immediate inoculation of safe devices, plus cloud-based backup with both granular and whole-site recovery.
Read or Download Progent's White Paper: 10 Benefits of Managed IT Services
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates next generation behavior analysis tools to guard physical and virtual endpoints against new malware assaults such as ransomware and email phishing, which easily escape traditional signature-based AV products. ProSight Active Security Monitoring protects on-premises and cloud-based resources and provides a unified platform to automate the complete threat progression including blocking, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback using Windows Volume Shadow Copy Service and automatic network-wide immunization against new attacks. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection: Physical and Virtual Endpoint Protection and Microsoft Exchange Filtering
Progent's ProSight Enhanced Security Protection (ESP) services offer economical in-depth security for physical and virtual servers, desktops, smartphones, and Exchange Server. ProSight ESP uses adaptive security and advanced heuristics for round-the-clock monitoring and responding to cyber assaults from all attack vectors. ProSight ESP offers firewall protection, intrusion alerts, endpoint management, and web filtering through cutting-edge technologies incorporated within a single agent accessible from a single console. Progent's security and virtualization experts can help your business to plan and implement a ProSight ESP environment that meets your organization's specific requirements and that helps you achieve and demonstrate compliance with government and industry information security standards. Progent will help you define and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require urgent attention. Progent's consultants can also help your company to set up and verify a backup and disaster recovery solution like ProSight Data Protection Services so you can get back in business quickly from a destructive security attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint security and Exchange email filtering.
- ProSight Data Protection Services: Managed Backup and Recovery
ProSight Data Protection Services from Progent provide small and medium-sized organizations a low cost and fully managed solution for secure backup/disaster recovery. For a low monthly cost, ProSight Data Protection Services automates and monitors your backup activities and enables fast restoration of critical data, applications and VMs that have become unavailable or corrupted due to hardware failures, software bugs, natural disasters, human mistakes, or malware attacks such as ransomware. ProSight Data Protection Services can help you back up, recover and restore files, folders, applications, system images, as well as Microsoft Hyper-V and VMware images/. Critical data can be backed up on the cloud, to a local device, or mirrored to both. Progent's cloud backup consultants can provide world-class support to set up ProSight DPS to to comply with government and industry regulatory standards like HIPAA, FINRA, and PCI and, when necessary, can help you to restore your business-critical information. Learn more about ProSight DPS Managed Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam and virus filtering and email encryption service that incorporates the infrastructure of leading data security companies to provide centralized control and world-class protection for your inbound and outbound email. The hybrid architecture of Email Guard managed service integrates cloud-based filtering with an on-premises security gateway device to offer advanced protection against spam, viruses, Denial of Service (DoS) Attacks, DHAs, and other email-based malware. Email Guard's Cloud Protection Layer acts as a preliminary barricade and blocks most threats from reaching your security perimeter. This reduces your vulnerability to inbound attacks and saves network bandwidth and storage. Email Guard's on-premises gateway appliance adds a deeper level of inspection for incoming email. For outbound email, the onsite gateway offers anti-virus and anti-spam filtering, DLP, and email encryption. The onsite security gateway can also help Exchange Server to track and safeguard internal email that stays inside your corporate firewall. For more details, visit ProSight Email Guard spam filtering and data leakage protection.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
Progentís ProSight WAN Watch is an infrastructure monitoring and management service that makes it simple and affordable for small and mid-sized organizations to diagram, track, reconfigure and debug their connectivity appliances such as routers and switches, firewalls, and load balancers plus servers, client computers and other devices. Using state-of-the-art Remote Monitoring and Management (RMM) technology, ProSight WAN Watch ensures that infrastructure topology maps are kept current, copies and manages the configuration information of almost all devices connected to your network, tracks performance, and sends alerts when problems are detected. By automating tedious management activities, WAN Watch can cut hours off common chores such as making network diagrams, expanding your network, finding devices that require important software patches, or identifying the cause of performance issues. Find out more about ProSight WAN Watch network infrastructure management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop monitoring service that uses advanced remote monitoring and management (RMM) technology to help keep your network operating efficiently by checking the state of critical assets that power your information system. When ProSight LAN Watch detects an issue, an alert is sent automatically to your specified IT management personnel and your Progent engineering consultant so all potential issues can be resolved before they can disrupt your network. Learn more about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With ProSight Virtual Hosting service, a small organization can have its critical servers and applications hosted in a protected fault tolerant data center on a fast virtual machine host set up and maintained by Progent's network support experts. With the ProSight Virtual Hosting model, the customer owns the data, the OS platforms, and the apps. Because the environment is virtualized, it can be moved easily to an alternate hardware environment without requiring a lengthy and technically risky reinstallation process. With ProSight Virtual Hosting, your business is not tied a single hosting service. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to create, update, find and protect data about your network infrastructure, processes, applications, and services. You can instantly locate passwords or IP addresses and be alerted about impending expirations of SSLs ,domains or warranties. By updating and organizing your IT infrastructure documentation, you can eliminate as much as half of time wasted looking for critical information about your IT network. ProSight IT Asset Management includes a centralized location for holding and collaborating on all documents required for managing your network infrastructure like standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also offers advanced automation for gathering and relating IT data. Whether youíre planning enhancements, doing regular maintenance, or responding to an emergency, ProSight IT Asset Management delivers the knowledge you require as soon as you need it. Find out more about Progent's ProSight IT Asset Management service.
To download a white paper explaining why managed services are rapidly replacing the old break/fix model of network support for small and mid-size organizations, click:
10 Benefits of Managed IT Services. (PDF - 710 KB)
ProSight Network Audits
Progent's ProSight Network Audits offer a fast and low-cost alternative for small and mid-size organizations to get an unbiased assessment of the overall health of their network. Powered by some of the top remote monitoring and management (RMM) platforms available, and overseen by Progent's world-class team of information technology experts, ProSight Network Audits show you how closely the deployment of your core network assets conform to industry best practices. The Basic and Advanced options for ProSight Network Audit services are available at a low, one-time cost and provide immediate benefits like a more manageable Active Directory environment. Both versions also include one year of advanced remote network monitoring and management (RMM). Advantages can include simpler management, improved compliance with government and industry security regulations, higher utilization of IT assets, faster troubleshooting, more dependable backup and recovery, and higher availability. See more information about Progent's ProSight Network Audits IT infrastructure review.
Contact Progent to Find Out More about Progent's ProSight Ransomware Preparedness Report Service
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Report can reduce your vulnerability to ransomware, call Progent at 800-993-9400 or visit Contact Progent.