5 Ways to Block Ransomware with CentreStack's Miyagi Defense


The Karate Kid was one of my favorite childhood movies. Sure, it's a typical American underdog story but do we really care? And who can forget Mr. Miyagi's iconic quotes? One that has always stayed with me is, 

"The best block is no be there".  

Whether you share my opinions about the movie, or not, I hope you can appreciate that Gladinet has adapted Mr. Miyagi's simple genius to prevent ransomware infections from endpoints by keeping them off the corporate network. Because of its historical use as a multi-tenant productivity platform by MSPs, CentreStack's ability to supercharge remote access security is often an afterthought. So let's focus on some major security benefits of the platform's unique approach to secure remote access

1. Reduce Attack Surface By Keeping Unmanaged Endpoints off the Corporate Network

According to a security FAQ from Berkely, "Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge."

This highlights one of the problems with the increase in remote and hybrid workers is that they may use devices that have been compromised through drive-by downloading. In other words, every remote device is a potential attack vector that can be leveraged by those with nefarious aims. 

But if we can keep these devices away from the corporate network, we've significantly reduced the attack surface since the attack vector will "no be there". This is accomplished by Gladinet's 3-tiered architecture and its ability to provide mapped drives over HTTPS.

How does HTTPS Drive Mapping Block Unmanaged Endpoints?

End users get a mapped drive that mimics onsite behavior. Simultaneously, the corporate network is never exposed to the unmanaged endpoint since it can only connect to file shares the user can access.
 Furthermore, access can only occur via an HTTPS connection to the CentreStack server in the DMZ (the safe area between the external and internal firewalls). There is no direct connection to the internal network!

The user feels that they are still working on the corporate network (with help from technical tricks like smart caching of frequently used files and data compression), even though the device is never allowed to access the corporate network.

Besides this ability to virtually eliminate the threat from devices used for remote access, CentreStack provides several ways to dodge ransomware threats and improve overall network security. The following are a few important examples.

2. Block Ransomware with Behavioral Heuristics

CentreStack provides file versioning and behavioral heuristics to guarantee your files can never be held hostage by ransomware. The behavioral heuristic can be configured with a file change frequency threshold. If a device changes files faster than that, it will be quarantined. The simple idea is that any crypto-ransomware will have to change lots of files faster than humanly possible to be effective. So we simply define a threshold for human behavior and quarantine and device that crosses that threshold. It's a simple idea that is extremely effective. 

3. Vaccinate Your Files with Versioning and Never Pay for Ransomware

For example, admins can choose to automatically quarantine any device which changes more than 20 files in a 10 minutes window. This limits the scope of impact for crypto-ransomware to 20 files. And since CentreStack provides file versioning, these files can be quickly restored to their previous state. This works because CentreStack creates file versions that remain inaccessible until restored. 

4. Control Unmanaged Endpoints with Device Management and Access Policies

CentreStack provides location-based access policies that can change the access rules for a user depending on where they are accessing their files. For example, they may only get write-access when they are physically present in the office. The management console also provides policy-based administrative controls that include: 
  • STOP EXECUTABLES: The ability to stop executables and zip files from being run from the mapped drive.
  • AUDIT TRACING: Auditing and reporting to keep track of any suspicious behavior and all file changes.
  • ENDPOINT PROTECTION: Endpoint encryption, remote wipe, and other data loss prevention features 

5. Maintain Data Control and Sovereignty By Keeping Data On-Premises

Finally, CentreStack can be installed on-premises and keep all data on-premises to avoid exposure from migration to the cloud and maintain data sovereignty when data is too sensitive to be allowed into the public cloud. 

What about Zero Trust Network Access Solutions?

Zero Trust Network Access solutions provide compelling benefits, but ultimately devices will have access to the corporate network. CentreStack takes the idea of least privilege to the next level by saying that you don't even need to be connected to the network if you're just accessing files. And it does so while simplifying and modernizing secure remote access. ZTNA platforms will improve the security around remote endpoints but usually won't do much to enhance productivity and usability - especially for mobile use cases.

For more information, please schedule some time for a discussion or demo.


Comments

Popular posts from this blog

7 Biggest Limitations of SharePoint Online And How to Fix Them

Turn Firewall Expenses into Savings or Profits

Engineering Company Saves $7,000,000 on 300TB with CentreStack