Rubrik’s James Blake on Cyber ​​Attack Recovery, Ransom, and Threat Hunting

In today’s business, downtime caused by cyberattacks, including ransomware, can be costly in terms of time, resources, fines, and reputation. Therefore, organizations must work to ensure that they do not stop when faced with an increase in ransomware attacks and cyber threats.

Data protection is central to this, and despite being the organization’s “jewel of the crown,” data is often in the hands of cybercriminals, and responsive workflows are the gap between IT and security. The company is tempted to pay the ransom. Advanced data observability and threat hunting are just a few of the ways organizations can strengthen their defenses against ransomware, but often lack the resources to engage in such activities.

For more information, Computing James Blake, EMEA Field CISO at Rubrik, Rubrik’s annual user conference Forward 2022Substantially will take place May 17-19, 2022.

What is the current state of ransomware in relation to the increase in pandemics and hybrid work?

“Ransomware shows an organization’s lack of cyber and operational resilience. IT and security work together, processes are integrated, systems are integrated, the inability to create vulnerable systems in the first place, and attacks. And if you can’t build resilience with the way your system operates and builds today, all of this same vulnerability will move to your cloud infrastructure, especially when you’re undergoing digital transformation. I’m not going to learn the lessons of resilience from handling ransomware.

“We know that incidents will occur, so we deal with them, build resilience and responsiveness to reduce impact, and handle incidents like a normal business. That’s the role of Rubrik.”

What tools and strategies are your organizations deploying to keep up with the rise of ransomware attacks?

“As an organization has an average of about 130 different security controls, which contributes to increased complexity and licensing costs, and about 80-90% of the budget is spent on preventive and detective solutions, we Has not learned the lesson. Many silver bullets have few meaningful integrations and operations.

“As IT departments move to the cloud, security is busy building on-premises infrastructure and staffing multiple people, but lacks global cybersecurity skills, which increases spending and complexity. Alerts are up, but operational capabilities are often not up. We are in a position to see the law of diminishing returns of controls focused on possibilities in earnest. , Is the needle really moving? I don’t think so. “

How did Rubrik’s customers adapt how they use their products and services for this new situation?

“Rubrik’s customers really understand how to apply the platform. What we are seeing now is that they really understand the“ specific steps ”that can identify regulated data. Most organizations don’t know where or if their data is. In reality, operations teams need to avoid official repositories of data, which are rarely the only source of truth to get the job done. Rubrik customers can find important, regulated data within the various workloads they manage, even if they haven’t deployed it yet. Another tool. Apply zero-trust data security approaches and features to protect your data and keep them out of the reach of attackers. It also applies the ability to detect malicious artifacts used during an attack. It also warns against malicious deletions and data encryption.

“Once we enter the response phase, we find that we have the ability to perform live mounts of file systems over time to support incident investigation and forensics. We also use threat hunting to support workloads. You can proactively look inside and look for them. Gap between protection / detection controls. During the recovery phase, apply this intelligence to only the data you need, not malicious or infected data. I will recover. “

How important is threat hunting, and does your organization have the resources and know-how to engage in it?

“Some of the threat hunting challenges are the typical time it takes to gain value from threat hunting. It can take months or years. You need to train your team to use the tool, You need to deploy those tools. If you need to manage these tools, you need to properly deploy infrastructure management. Then, when the environment returns to the blueprint, threat hunting There are different ways, but in my view it’s a little belt and brace, and there’s a place for them all. It’s a broader topic and one to explore in more detail in FORWARD. “

What steps can an organization take in its cybersecurity approach to be proactive rather than retroactive?

“First, understand what you are protecting. This is the largest organization. There are many organizations that are secure but not risk managed. What they should protect, what they protect. I don’t know what to do. I take responsibility from a compliance perspective. That’s a big problem.

“The value really lies in the data, where it is, and how it supports business processes. Many CMDBs today have only hardware and software details. Orchestration tools. , Virtualization, cloud … but often you don’t know where your data is. This is an irreplaceable value, a compliance obligation, and an attacker’s target, so you need to do it first. Is to understand the data. Understand how it supports your business and where it is. Once you know where the data is, do a risk assessment and do a risk assessment. We provide value to our business. “

What do you say to an organization trying to pay the ransom after a successful attack?

“Don’t do that. There is no guarantee that you will then get what you want. By paying ransomware, you may find yourself funding a criminal organization. Hmm, and it may be in breach of international sanctions, and your shareholders or honestly discuss with your business whether they are ready to stop and prevent attacks and cooperate with resilience strategies. You need to work on it.

“If you first think about adding the 131st tool to prevent ransomware, the fact that it is repeatedly targeted. Remember that malware is passing through these tools. Malware and ransomware share many similarities at the end of the chain, including only different types of impact This is a number game and will ultimately hit you. Spend impact mitigation and resilience. And you don’t have to pay the ransom. You get a better security investment reward than yet another preventative tool. “

For more information on how to protect your organization from cyber threats, Forward 2022..

This post is sponsored by Rubrik Rubrik’s James Blake on Cyber ​​Attack Recovery, Ransom, and Threat Hunting

Back to top button