Ransomware has become the weapon of choice for the major cyber-crime organizations, posing an existential threat to businesses that fall victim. The latest strains of ransomware target everything, including backup, making even partial recovery a long and expensive process. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, and Egregor have made the headlines, displacing WannaCry, Cerber, CryptoWall, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware infections come from innocent-seeming emails with malicious links or attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus (AV) tools. While user education and frontline detection are critical to defend against ransomware, best practices dictate that you assume some attacks will succeed and that you put in place a strong backup solution that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around an interview with a Progent security consultant experienced in ransomware defense and recovery. Progent will help determine your company's readiness to block or recover from a ransomware attack. During this interview Progent will work directly with you to gather pertinent information about your security and backup environment. Progent will use this information to produce a written Basic Security and Best Practices Report detailing how to apply best practices for configuring and managing your security and backup systems.
Progent's Basic Security and Best Practices Report focuses on key issues associated with prevention (Security) and recovery (Backups). The review addresses:
- Correct use of administration accounts
- Correct NTFS and SMB permissions
- Optimal firewall settings
- Secure RDP connections
- AntiVirus tools selection and configuration
The interview process included with the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for larger or more complex environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware attack, and Progent can provide as-needed expertise to help you and your IT staff create a cost-effective security/backup solution tailored to your business needs.
- Split permission model for backup protection
- Backing up required servers (AD)
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that either encrypts files so they are unreadable or deletes them altogether. Ransomware often locks the victim's computer so it is unusable. To reverse the damage, the victim is required to pay a specified amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will result in a recovery. Compromised or deleted files can extend throughout a network depending on the victim's write permissions, and the military-grade encryption algorithm used on the hostage files cannot be broken. A common ransomware attack vector is spoofed email, which the user is lured into opening by a social engineering technique known as spear phishing. This makes the email look as though it came from a trusted sender. The most targeted attack vector is an improperly secured Remote Desktop Protocol (RDP) port. These are becoming more of a problem as businesses support more at-home workers.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by ransomware variants is estimated at billions of dollars annually, more than doubling every two years. Notorious recent threats include WannaCry/WannaCrypt, Locky, Cerber, NotPetya and Spora. Current high-profile threats like Ryuk, Maze, and Sodinokibi are more elaborate and have caused more havoc. Even if your backup processes allow you to recover your ransomed files, you can still be threatened by exfiltration, where stolen data is made publc (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anit-virus tools will block the latest attack. If an attack does show up in an email, it is critical that your users have been educated to be wary of social engineering tricks. Your last line of defense is a solid scheme for scheduling and retaining offsite backups plus the deployment of reliable recovery tools.
ProSight Managed Services Offered by Progent
Progent's ProSight network management suite is a family of affordable, subscription-based service packages that allow small and mid-size businesses to outsource crucial IT management functions. ProSight services that can help defend against or recover from ransomware attacks include email filtering, next-generation AV based on behavior analysis, automatic isolation of infected computers and immediate inoculation of safe devices, plus cloud-based backup with both granular and whole-site recovery.
Read or Download Progent's White Paper: 10 Benefits of Managed IT Services
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
Progent's ProSight Active Security Monitoring is an endpoint protection solution that incorporates SentinelOne's cutting edge behavior-based machine learning technology to defend physical and virtual endpoints against modern malware attacks such as ransomware and email phishing, which easily escape legacy signature-based AV products. ProSight ASM safeguards local and cloud resources and offers a unified platform to automate the complete threat lifecycle including blocking, detection, containment, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Progent is a SentinelOne Partner. Learn more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection: Endpoint Security and Microsoft Exchange Filtering
ProSight Enhanced Security Protection (ESP) managed services deliver ultra-affordable in-depth protection for physical servers and virtual machines, workstations, smartphones, and Microsoft Exchange. ProSight ESP utilizes adaptive security and advanced machine learning for round-the-clock monitoring and responding to cyber threats from all attack vectors. ProSight ESP offers two-way firewall protection, intrusion alarms, endpoint control, and web filtering via leading-edge tools packaged within a single agent managed from a single console. Progent's security and virtualization consultants can help you to plan and implement a ProSight ESP deployment that addresses your organization's unique requirements and that allows you demonstrate compliance with legal and industry information security regulations. Progent will help you define and implement security policies that ProSight ESP will enforce, and Progent will monitor your network and react to alarms that require urgent action. Progent's consultants can also assist your company to install and test a backup and restore solution such as ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive cyber attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint protection and Microsoft Exchange filtering.
- ProSight Data Protection Services: Managed Backup and Recovery
ProSight Data Protection Services offer small and mid-sized businesses an affordable end-to-end solution for reliable backup/disaster recovery (BDR). Available at a low monthly cost, ProSight DPS automates and monitors your backup processes and allows fast recovery of vital data, applications and VMs that have become lost or corrupted due to component failures, software bugs, natural disasters, human mistakes, or malicious attacks such as ransomware. ProSight Data Protection Services can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware images/. Important data can be backed up on the cloud, to a local device, or mirrored to both. Progent's backup and recovery consultants can provide world-class support to set up ProSight Data Protection Services to to comply with government and industry regulatory requirements such as HIPAA, FIRPA, PCI and Safe Harbor and, whenever necessary, can help you to recover your business-critical information. Find out more about ProSight DPS Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam and virus filtering and email encryption service that uses the infrastructure of top data security vendors to deliver web-based management and world-class protection for your inbound and outbound email. The hybrid architecture of Email Guard managed service integrates cloud-based filtering with a local gateway appliance to offer complete defense against spam, viruses, Dos Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. The Cloud Protection Layer serves as a first line of defense and blocks most unwanted email from making it to your security perimeter. This reduces your vulnerability to inbound threats and saves network bandwidth and storage. Email Guard's on-premises security gateway device adds a further layer of inspection for inbound email. For outbound email, the on-premises gateway provides AV and anti-spam protection, policy-based Data Loss Prevention, and email encryption. The onsite gateway can also help Microsoft Exchange Server to monitor and safeguard internal email that originates and ends within your corporate firewall. For more information, see ProSight Email Guard spam filtering and data leakage protection.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
Progent’s ProSight WAN Watch is an infrastructure management service that makes it easy and affordable for small and mid-sized organizations to map out, track, reconfigure and troubleshoot their connectivity hardware such as routers, firewalls, and access points as well as servers, client computers and other networked devices. Using cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch ensures that infrastructure topology maps are always updated, copies and displays the configuration of almost all devices connected to your network, monitors performance, and sends alerts when potential issues are detected. By automating complex network management processes, WAN Watch can cut hours off ordinary chores such as making network diagrams, reconfiguring your network, finding devices that require critical software patches, or isolating performance issues. Find out more about ProSight WAN Watch infrastructure management services.
- ProSight LAN Watch: Server and Desktop Monitoring and Management
ProSight LAN Watch is Progent’s server and desktop remote monitoring managed service that uses advanced remote monitoring and management (RMM) techniques to help keep your IT system operating at peak levels by tracking the state of critical assets that power your business network. When ProSight LAN Watch uncovers a problem, an alert is transmitted immediately to your designated IT staff and your assigned Progent engineering consultant so any potential problems can be addressed before they can impact your network. Learn more details about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small organization can have its critical servers and apps hosted in a protected fault tolerant data center on a fast virtual host set up and managed by Progent's IT support professionals. With Progent's ProSight Virtual Hosting service model, the customer owns the data, the OS software, and the apps. Because the system is virtualized, it can be moved easily to an alternate hardware solution without requiring a lengthy and technically risky reinstallation procedure. With ProSight Virtual Hosting, you are not locked into one hosting provider. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, maintain, find and protect information about your network infrastructure, procedures, applications, and services. You can instantly find passwords or IP addresses and be alerted automatically about impending expirations of SSL certificates or warranties. By updating and organizing your IT infrastructure documentation, you can save up to 50% of time wasted searching for critical information about your IT network. ProSight IT Asset Management features a common repository for holding and sharing all documents required for managing your business network such as standard operating procedures and How-To's. ProSight IT Asset Management also supports a high level of automation for collecting and relating IT data. Whether you’re making improvements, doing maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the information you need when you need it. Read more about ProSight IT Asset Management service.
- Active Protection Against Ransomware: AI-based Ransomware Detection and Cleanup
Progent's Active Defense Against Ransomware is an endpoint protection solution that incorporates cutting edge behavior machine learning tools to guard endpoints as well as servers and VMs against new malware attacks such as ransomware and file-less exploits, which routinely escape traditional signature-based AV tools. Progent Active Security Monitoring services protect local and cloud resources and offers a single platform to manage the complete malware attack lifecycle including filtering, identification, containment, remediation, and post-attack forensics. Key features include one-click rollback with Windows Volume Shadow Copy Service and real-time network-wide immunization against new threats. Find out more about Progent's ransomware defense and cleanup services.
- Progent's Outsourced/Shared Service Desk: Support Desk Managed Services
Progent's Support Center services enable your information technology team to offload Call Center services to Progent or split responsibilities for Help Desk services seamlessly between your internal network support group and Progent's nationwide roster of IT support technicians, engineers and subject matter experts. Progent's Shared Service Desk offers a seamless supplement to your in-house support staff. End user access to the Help Desk, delivery of support, issue escalation, trouble ticket generation and tracking, performance metrics, and maintenance of the support database are consistent whether issues are resolved by your core IT support organization, by Progent's team, or by a combination. Read more about Progent's outsourced/co-managed Help Center services.
- Patch Management: Software/Firmware Update Management Services
Progent's managed services for patch management provide businesses of all sizes a flexible and cost-effective solution for assessing, validating, scheduling, implementing, and tracking software and firmware updates to your ever-evolving information network. Besides optimizing the protection and functionality of your computer network, Progent's patch management services free up time for your IT staff to concentrate on more strategic projects and tasks that derive maximum business value from your network. Read more about Progent's patch management services.
To view a white paper explaining why managed services are quickly replacing the traditional break/fix model of IT support outsourcing for small and mid-size organizations, click:
10 Benefits of Managed IT Services. (PDF - 710 KB)
ProSight Network Audits
Progent's ProSight Network Audits offer a fast and low-cost way for small and mid-size organizations to obtain an objective evaluation of the health of their network. Based on some of the leading remote monitoring and management platforms available, and supervised by Progent's certified group of IT professionals, ProSight Network Audits show you how closely the deployment of your essential network assets conform to industry best practices. Both the Basic and Advanced options for ProSight Network Audit services are available at a budget-friendly, one-time cost and provide immediate ROI like a more manageable Active Directory system. Both also include one year of state-of-the-art remote network monitoring and management. Benefits can include lower-cost network management, improved compliance with government and industry security regulations, higher utilization of IT assets, quicker problem resolution, more dependable backup and recovery, and less downtime. Read more information about ProSight Network Audits IT infrastructure review.
Contact Progent to Find Out More about Progent's ProSight Ransomware Preparedness Report Service
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Report can reduce your vulnerability to ransomware, call Progent at 800-993-9400 or visit Contact Progent.