Ransomware has become the weapon of choice for the major cyber-crime organizations, posing an existential threat to businesses that fall victim. The latest strains of ransomware target everything, including backup, making even partial recovery a long and expensive process. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, and Egregor have made the headlines, displacing WannaCry, Cerber, CryptoWall, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware infections come from innocent-seeming emails with malicious links or attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus (AV) tools. While user education and frontline detection are critical to defend against ransomware, best practices dictate that you assume some attacks will succeed and that you put in place a strong backup solution that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around an interview with a Progent security consultant experienced in ransomware defense and recovery. Progent will help determine your company's readiness to block or recover from a ransomware attack. During this interview Progent will work directly with you to gather pertinent information about your security and backup environment. Progent will use this information to produce a written Basic Security and Best Practices Report detailing how to apply best practices for configuring and managing your security and backup systems.
Progent's Basic Security and Best Practices Report focuses on key issues associated with prevention (Security) and recovery (Backups). The review addresses:
- Correct use of administration accounts
- Correct NTFS and SMB permissions
- Optimal firewall settings
- Secure RDP connections
- AntiVirus tools selection and configuration
The interview process included with the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for larger or more complex environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware attack, and Progent can provide as-needed expertise to help you and your IT staff create a cost-effective security/backup solution tailored to your business needs.
- Split permission model for backup protection
- Backing up required servers (AD)
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that either encrypts files so they are unreadable or deletes them altogether. Ransomware often locks the victim's computer so it is unusable. To reverse the damage, the victim is required to pay a specified amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will result in a recovery. Compromised or deleted files can extend throughout a network depending on the victim's write permissions, and the military-grade encryption algorithm used on the hostage files cannot be broken. A common ransomware attack vector is spoofed email, which the user is lured into opening by a social engineering technique known as spear phishing. This makes the email look as though it came from a trusted sender. The most targeted attack vector is an improperly secured Remote Desktop Protocol (RDP) port. These are becoming more of a problem as businesses support more at-home workers.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by ransomware variants is estimated at billions of dollars annually, more than doubling every two years. Notorious recent threats include WannaCry/WannaCrypt, Locky, Cerber, NotPetya and Spora. Current high-profile threats like Ryuk, Maze, and Sodinokibi are more elaborate and have caused more havoc. Even if your backup processes allow you to recover your ransomed files, you can still be threatened by exfiltration, where stolen data is made publc (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anit-virus tools will block the latest attack. If an attack does show up in an email, it is critical that your users have been educated to be wary of social engineering tricks. Your last line of defense is a solid scheme for scheduling and retaining offsite backups plus the deployment of reliable recovery tools.
ProSight Managed Services Offered by Progent
Progent's ProSight network management suite is a family of affordable, subscription-based service packages that allow small and mid-size businesses to outsource crucial IT management functions. ProSight services that can help defend against or recover from ransomware attacks include email filtering, next-generation AV based on behavior analysis, automatic isolation of infected computers and immediate inoculation of safe devices, plus cloud-based backup with both granular and whole-site recovery.
Read or Download Progent's White Paper: 10 Benefits of Managed IT Services
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring is an endpoint protection (EPP) solution that utilizes SentinelOne's next generation behavior-based machine learning tools to defend physical and virtual endpoints against modern malware assaults such as ransomware and email phishing, which routinely escape legacy signature-based anti-virus products. ProSight Active Security Monitoring safeguards local and cloud-based resources and provides a unified platform to address the complete threat lifecycle including blocking, identification, containment, remediation, and post-attack forensics. Key features include one-click rollback with Windows Volume Shadow Copy Service (VSS) and real-time system-wide immunization against new threats. Progent is a SentinelOne Partner, dealer, and integrator. Find out more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection: Physical and Virtual Endpoint Protection and Microsoft Exchange Email Filtering
ProSight Enhanced Security Protection (ESP) services deliver affordable in-depth protection for physical servers and virtual machines, workstations, mobile devices, and Exchange email. ProSight ESP utilizes contextual security and advanced machine learning for round-the-clock monitoring and responding to security threats from all vectors. ProSight ESP offers two-way firewall protection, intrusion alarms, device management, and web filtering via cutting-edge tools packaged within a single agent managed from a unified control. Progent's data protection and virtualization consultants can help you to plan and implement a ProSight ESP deployment that meets your organization's specific needs and that helps you achieve and demonstrate compliance with government and industry information security regulations. Progent will help you define and configure security policies that ProSight ESP will enforce, and Progent will monitor your IT environment and react to alarms that call for immediate action. Progent can also assist your company to set up and test a backup and restore system like ProSight Data Protection Services so you can recover quickly from a destructive cyber attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Microsoft Exchange email filtering.
- ProSight Data Protection Services: Managed Backup and Disaster Recovery
ProSight Data Protection Services offer small and mid-sized businesses an affordable end-to-end solution for secure backup/disaster recovery. Available at a fixed monthly cost, ProSight DPS automates and monitors your backup activities and allows fast restoration of vital data, applications and virtual machines that have become lost or damaged as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malicious attacks such as ransomware. ProSight Data Protection Services can help you back up, recover and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware images/. Critical data can be backed up on the cloud, to a local device, or to both. Progent's cloud backup specialists can deliver advanced expertise to set up ProSight DPS to to comply with regulatory standards like HIPAA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to restore your business-critical data. Read more about ProSight DPS Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam and virus filtering and email encryption service that incorporates the technology of leading data security companies to provide centralized management and comprehensive security for your email traffic. The powerful architecture of Email Guard combines cloud-based filtering with a local gateway appliance to provide advanced protection against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks, and other email-based threats. The Cloud Protection Layer serves as a first line of defense and keeps most threats from reaching your security perimeter. This decreases your exposure to inbound attacks and conserves system bandwidth and storage. Email Guard's onsite security gateway appliance provides a deeper level of analysis for incoming email. For outgoing email, the on-premises security gateway offers AV and anti-spam filtering, protection against data leaks, and email encryption. The on-premises security gateway can also help Microsoft Exchange Server to monitor and protect internal email traffic that originates and ends inside your corporate firewall. For more details, see Email Guard spam and content filtering.
- ProSight WAN Watch: Network Infrastructure Management
ProSight WAN Watch is an infrastructure monitoring and management service that makes it simple and inexpensive for smaller businesses to diagram, monitor, enhance and troubleshoot their connectivity hardware such as switches, firewalls, and access points as well as servers, client computers and other devices. Using cutting-edge RMM technology, WAN Watch makes sure that infrastructure topology diagrams are always updated, copies and manages the configuration information of almost all devices on your network, monitors performance, and sends alerts when issues are discovered. By automating tedious network management processes, WAN Watch can cut hours off ordinary chores like network mapping, expanding your network, locating appliances that need important updates, or resolving performance problems. Learn more details about ProSight WAN Watch network infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progent's server and desktop remote monitoring managed service that incorporates state-of-the-art remote monitoring and management (RMM) techniques to keep your IT system running at peak levels by checking the health of vital assets that power your information system. When ProSight LAN Watch uncovers an issue, an alarm is transmitted automatically to your designated IT management staff and your assigned Progent engineering consultant so that any looming problems can be resolved before they have a chance to impact your network. Find out more about ProSight LAN Watch server and desktop remote monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size organization can have its critical servers and applications hosted in a secure fault tolerant data center on a high-performance virtual host set up and managed by Progent's network support experts. With Progent's ProSight Virtual Hosting model, the client owns the data, the operating system software, and the apps. Since the system is virtualized, it can be ported immediately to an alternate hosting solution without a lengthy and technically risky reinstallation process. With ProSight Virtual Hosting, you are not tied one hosting provider. Find out more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that allows you to capture, maintain, find and safeguard data about your IT infrastructure, procedures, business apps, and services. You can instantly find passwords or IP addresses and be warned automatically about impending expirations of SSLs ,domains or warranties. By cleaning up and managing your network documentation, you can eliminate up to half of time wasted looking for critical information about your IT network. ProSight IT Asset Management includes a centralized location for holding and sharing all documents related to managing your network infrastructure like standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also supports advanced automation for gathering and associating IT information. Whether you're planning improvements, performing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the data you need when you need it. Find out more about ProSight IT Asset Management service.
- Active Defense Against Ransomware: AI-based Ransomware Detection and Remediation
Progent's Active Protection Against Ransomware is an endpoint protection managed service that utilizes next generation behavior-based analysis tools to guard endpoints and servers and VMs against new malware attacks like ransomware and email phishing, which easily evade traditional signature-matching anti-virus tools. Progent ASM services protect on-premises and cloud resources and provides a single platform to manage the entire threat lifecycle including protection, infiltration detection, mitigation, cleanup, and forensics. Top features include single-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against new threats. Read more about Progent's ransomware defense and recovery services.
- Outsourced/Co-managed Call Center: Support Desk Managed Services
Progent's Support Desk services permit your IT group to offload Support Desk services to Progent or divide activity for support services transparently between your in-house network support group and Progent's nationwide roster of certified IT support engineers and subject matter experts. Progent's Shared Service Desk provides a smooth extension of your core support group. End user access to the Service Desk, provision of support, issue escalation, ticket generation and updates, performance metrics, and maintenance of the service database are cohesive whether incidents are resolved by your internal support group, by Progent, or by a combination. Read more about Progent's outsourced/shared Help Center services.
- Patch Management: Software/Firmware Update Management Services
Progent's support services for software and firmware patch management offer businesses of any size a flexible and affordable alternative for evaluating, validating, scheduling, applying, and tracking software and firmware updates to your dynamic information network. Besides maximizing the protection and functionality of your computer network, Progent's software/firmware update management services allow your in-house IT team to focus on line-of-business projects and activities that derive the highest business value from your network. Learn more about Progent's software/firmware update management support services.
To view a white paper explaining why managed services are rapidly replacing the traditional break/fix model of IT support for small and mid-size companies, click:
10 Benefits of Managed IT Services. (PDF - 710 KB)
ProSight Network Audits
Progent's ProSight Network Audits are a quick and low-cost way for small and medium-size businesses to get an objective assessment of the health of their network. Based on some of the leading remote monitoring and management platforms available, and supervised by Progent's certified team of IT professionals, ProSight Network Audits help you see how closely the configuration of your core infrastructure devices conform to industry best practices. The Basic and Advanced versions of ProSight Network Audit services are offered at a low, one-time cost and provide instant ROI like a more manageable Active Directory (AD) system. Both versions also include a year of cutting-edge remote network monitoring and management. Benefits can include lower-cost network management, improved compliance with information security requirements, more efficient utilization of IT resources, quicker troubleshooting, more reliable backup and recovery, and increased uptime. Learn more about Progent's ProSight Network Audits network infrastructure review.
Contact Progent to Find Out More about Progent's ProSight Ransomware Preparedness Report Service
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Report can reduce your vulnerability to ransomware, call Progent at 800-993-9400 or visit Contact Progent.