Ransomware has become the weapon of choice for the major cyber-crime organizations, posing an existential threat to businesses that fall victim. The latest strains of ransomware target everything, including backup, making even partial recovery a long and expensive process. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, and Egregor have made the headlines, displacing WannaCry, Cerber, CryptoWall, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware infections come from innocent-seeming emails with malicious links or attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus (AV) tools. While user education and frontline detection are critical to defend against ransomware, best practices dictate that you assume some attacks will succeed and that you put in place a strong backup solution that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around an interview with a Progent security consultant experienced in ransomware defense and recovery. Progent will help determine your company's readiness to block or recover from a ransomware attack. During this interview Progent will work directly with you to gather pertinent information about your security and backup environment. Progent will use this information to produce a written Basic Security and Best Practices Report detailing how to apply best practices for configuring and managing your security and backup systems.
Progent's Basic Security and Best Practices Report focuses on key issues associated with prevention (Security) and recovery (Backups). The review addresses:
Security
- Correct use of administration accounts
- Correct NTFS and SMB permissions
- Optimal firewall settings
- Secure RDP connections
- AntiVirus tools selection and configuration
Backups
- Split permission model for backup protection
- Backing up required servers (AD)
- Offsite backups including cloud backup to Azure
The interview process included with the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for larger or more complex environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware attack, and Progent can provide as-needed expertise to help you and your IT staff create a cost-effective security/backup solution tailored to your business needs.
About Ransomware
Ransomware is a form of malware that either encrypts files so they are unreadable or deletes them altogether. Ransomware often locks the victim's computer so it is unusable. To reverse the damage, the victim is required to pay a specified amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will result in a recovery. Compromised or deleted files can extend throughout a network depending on the victim's write permissions, and the military-grade encryption algorithm used on the hostage files cannot be broken. A common ransomware attack vector is spoofed email, which the user is lured into opening by a social engineering technique known as spear phishing. This makes the email look as though it came from a trusted sender. The most targeted attack vector is an improperly secured Remote Desktop Protocol (RDP) port. These are becoming more of a problem as businesses support more at-home workers.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by ransomware variants is estimated at billions of dollars annually, more than doubling every two years. Notorious recent threats include WannaCry/WannaCrypt, Locky, Cerber, NotPetya and Spora. Current high-profile threats like Ryuk, Maze, and Sodinokibi are more elaborate and have caused more havoc. Even if your backup processes allow you to recover your ransomed files, you can still be threatened by exfiltration, where stolen data is made publc (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anit-virus tools will block the latest attack. If an attack does show up in an email, it is critical that your users have been educated to be wary of social engineering tricks. Your last line of defense is a solid scheme for scheduling and retaining offsite backups plus the deployment of reliable recovery tools.
ProSight Managed Services Offered by Progent
Progent's ProSight network management suite is a family of affordable, subscription-based service packages that allow small and mid-size businesses to outsource crucial IT management functions. ProSight services that can help defend against or recover from ransomware attacks include email filtering, next-generation AV based on behavior analysis, automatic isolation of infected computers and immediate inoculation of safe devices, plus cloud-based backup with both granular and whole-site recovery.
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that incorporates SentinelOne's next generation behavior machine learning technology to guard physical and virtual endpoints against modern malware assaults such as ransomware and email phishing, which routinely evade traditional signature-based anti-virus products. ProSight ASM safeguards on-premises and cloud-based resources and offers a unified platform to manage the complete malware attack progression including filtering, detection, containment, cleanup, and post-attack forensics. Key capabilities include single-click rollback using Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Progent is a SentinelOne Partner, dealer, and integrator. Read more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection: Endpoint Protection and Exchange Email Filtering
ProSight Enhanced Security Protection managed services offer affordable multi-layer security for physical servers and VMs, workstations, smartphones, and Exchange email. ProSight ESP uses contextual security and modern behavior analysis for continuously monitoring and responding to cyber assaults from all attack vectors. ProSight ESP offers two-way firewall protection, penetration alarms, endpoint management, and web filtering through cutting-edge technologies packaged within one agent accessible from a single control. Progent's data protection and virtualization experts can help you to plan and implement a ProSight ESP environment that meets your company's unique needs and that allows you prove compliance with government and industry information security standards. Progent will assist you define and configure security policies that ProSight ESP will enforce, and Progent will monitor your network and react to alarms that require immediate attention. Progent's consultants can also assist your company to install and verify a backup and restore solution like ProSight Data Protection Services so you can get back in business rapidly from a potentially disastrous cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Exchange filtering.
- ProSight Data Protection Services: Managed Backup and Recovery
ProSight Data Protection Services from Progent provide small and medium-sized organizations an affordable and fully managed service for reliable backup/disaster recovery (BDR). For a low monthly rate, ProSight Data Protection Services automates your backup activities and allows rapid restoration of vital data, apps and VMs that have become lost or corrupted as a result of component breakdowns, software bugs, natural disasters, human mistakes, or malware attacks such as ransomware. ProSight Data Protection Services can help you back up, recover and restore files, folders, apps, system images, plus Hyper-V and VMware virtual machine images. Critical data can be backed up on the cloud, to an on-promises device, or mirrored to both. Progent's backup and recovery specialists can provide world-class support to configure ProSight Data Protection Services to to comply with government and industry regulatory requirements like HIPAA, FIRPA, PCI and Safe Harbor and, whenever needed, can assist you to recover your business-critical information. Read more about ProSight Data Protection Services Managed Cloud Backup.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam filtering and email encryption service that incorporates the infrastructure of leading information security vendors to deliver web-based control and world-class protection for your email traffic. The powerful architecture of Email Guard combines cloud-based filtering with a local security gateway appliance to provide advanced protection against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-based threats. The cloud filter acts as a first line of defense and keeps most unwanted email from making it to your security perimeter. This reduces your exposure to inbound attacks and conserves network bandwidth and storage space. Email Guard's onsite security gateway device adds a deeper level of inspection for inbound email. For outgoing email, the on-premises security gateway offers AV and anti-spam filtering, protection against data leaks, and email encryption. The onsite gateway can also assist Exchange Server to track and protect internal email traffic that stays within your corporate firewall. For more details, visit Email Guard spam filtering and data leakage protection.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and affordable for smaller businesses to map, monitor, optimize and troubleshoot their connectivity hardware such as routers and switches, firewalls, and wireless controllers plus servers, printers, endpoints and other networked devices. Using state-of-the-art Remote Monitoring and Management (RMM) technology, WAN Watch makes sure that network diagrams are always current, copies and displays the configuration information of almost all devices on your network, tracks performance, and generates notices when potential issues are discovered. By automating tedious management and troubleshooting processes, ProSight WAN Watch can cut hours off ordinary tasks like network mapping, reconfiguring your network, locating appliances that require critical software patches, or isolating performance problems. Find out more about ProSight WAN Watch network infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates state-of-the-art remote monitoring and management (RMM) technology to help keep your IT system running at peak levels by tracking the health of critical assets that drive your business network. When ProSight LAN Watch detects a problem, an alert is transmitted immediately to your designated IT management personnel and your assigned Progent engineering consultant so any looming problems can be addressed before they can impact your network. Learn more about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small organization can have its key servers and applications hosted in a secure Tier III data center on a fast virtual machine host set up and managed by Progent's IT support experts. With Progent's ProSight Virtual Hosting service model, the customer owns the data, the operating system software, and the apps. Since the system is virtualized, it can be ported immediately to a different hardware environment without requiring a lengthy and technically risky configuration process. With ProSight Virtual Hosting, you are not tied a single hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to capture, maintain, find and safeguard information about your IT infrastructure, processes, applications, and services. You can instantly find passwords or IP addresses and be alerted about impending expirations of SSL certificates or warranties. By cleaning up and managing your IT documentation, you can save as much as half of time thrown away trying to find vital information about your network. ProSight IT Asset Management includes a centralized repository for holding and collaborating on all documents related to managing your network infrastructure like standard operating procedures and self-service instructions. ProSight IT Asset Management also supports a high level of automation for collecting and associating IT data. Whether you're making improvements, performing maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the knowledge you need as soon as you need it. Read more about ProSight IT Asset Management service.
- Active Protection Against Ransomware: Machine Learning-based Ransomware Identification and Cleanup
Progent's Active Defense Against Ransomware is an endpoint protection managed service that utilizes cutting edge behavior analysis technology to defend endpoint devices as well as physical and virtual servers against modern malware assaults like ransomware and file-less exploits, which routinely escape legacy signature-based AV tools. Progent Active Security Monitoring services protect on-premises and cloud-based resources and offers a unified platform to manage the complete threat lifecycle including protection, identification, containment, remediation, and post-attack forensics. Top features include single-click rollback using Windows Volume Shadow Copy Service and real-time system-wide immunization against newly discovered threats. Learn more about Progent's ransomware protection and cleanup services.
- Progent's Outsourced/Shared Help Center: Support Desk Managed Services
Progent's Support Desk managed services allow your IT group to offload Call Center services to Progent or divide activity for Service Desk support transparently between your in-house network support group and Progent's extensive roster of IT service technicians, engineers and subject matter experts. Progent's Shared Help Desk Service offers a transparent extension of your internal network support resources. End user interaction with the Help Desk, delivery of support services, escalation, trouble ticket generation and updates, efficiency measurement, and management of the support database are cohesive whether issues are resolved by your corporate support staff, by Progent, or both. Learn more about Progent's outsourced/co-managed Help Center services.
- Patch Management: Software/Firmware Update Management Services
Progent's support services for software and firmware patch management offer organizations of any size a versatile and cost-effective alternative for assessing, testing, scheduling, applying, and tracking updates to your ever-evolving information system. Besides maximizing the security and functionality of your IT network, Progent's patch management services allow your in-house IT staff to focus on line-of-business initiatives and tasks that deliver maximum business value from your network. Read more about Progent's software/firmware update management services.
Read or Download Progent's White Paper: 10 Benefits of Managed IT Services
To view a white paper explaining why managed services are rapidly replacing the old break/fix model of network support outsourcing for small and mid-size organizations, click:
10 Benefits of Managed IT Services. (PDF - 710 KB)
ProSight Network Audits
Progent's ProSight Network Audits offer a fast and affordable alternative for small and mid-size organizations to obtain an objective evaluation of the health of their information system. Based on a selection of the leading remote monitoring and management (RMM) platforms available, and supervised by Progent's certified group of information technology professionals, ProSight Network Audits show you how well the deployment of your essential infrastructure devices conform to industry leading practices. The Basic and Advanced versions of ProSight Network Audit services are offered at a budget-friendly, one-time cost and provide instant ROI such as a more manageable Active Directory environment. Both versions also come with a year of advanced remote network monitoring and management. Benefits can include simpler management, better compliance with information security requirements, more efficient utilization of IT resources, faster troubleshooting, more reliable backup and restore, and higher availability. See more information about ProSight Network Audits IT infrastructure assessment.
Contact Progent to Find Out More about Progent's ProSight Ransomware Preparedness Report Service
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Report can reduce your vulnerability to ransomware, call Progent at 800-993-9400 or visit Contact Progent.