It looks like the the idea of “Detect and Block” vs “Detect and Remediate” is gaining traction out there. This is a welcome sight for us here at Wedge as we continue to espouse the idea that it is better to detect and prevent malware than it is to have to remediate it after the fact. The Register, in a recent article seems to agree with our take on the situation.
Initially, the article asks readers to consider weighing the pros of actually paying the ransom demanded to hackers in order to have their data unlocked; contrary to the advice handed down by government agencies and information security firms who suggest that by giving in and paying the ransom will just encourage the behaviour to become more popular and it will just keep coming back. The sad thing is that Ransomware has become such an epidemic for businesses and consumers alike that the FBI has even a ransomware guide to provide suggestions to CISOs in the event that their organization has been hit. Of course, paying the ransom is still very hit or miss when it comes to an organization actually getting their data back, with recent reports from the CyberEdge Group finding that “only about 60 percent of companies that pay ransomware demands actually get their data back in the end.” It really becomes a crap shoot as to whether this is actually a good strategy. (In the end, though, making sure that law enforcement is involved is always a good idea as they can always assist in eventually tracking down the hackers.)
Thus, The Register goes on to state, “When it comes down to it, the best defence against ransomware is to not get infected in the first place. Barring that, companies should have strong backup and recovery plans. It seems simple enough.” We alluded to this in our blog on “Save Patient Zero”, when companies cannot afford to have a “Patient Zero”.
Let’s look at the second part of that statement. The one about having strong backup and recovery plans. The Register continues on with, “Even if a company is meticulous about backing up their data, the actual recovery process is far easier said than done, particularly when you have to do it with hundreds or thousands of PCs and terminals, and dozens of servers or cabinets of servers.” So, even if an organization has a decent enough backup plan, depending on the size and the number of endpoints affected, the remediation cost could still be tremendous! Look at the Norsk Hydro case or our blog on the Ryuk Ransomware, as a examples…
And so, we’re left with the best defence against ransomware being to “not get infected in the first place”. This is the strategy that is the most sound and that can now actually be executed on. And this is where Wedge’s Absolute Real-time Protection comes into play. The Wedge Advanced Malware Blocker is the most accurate and highest performing solution available that uses the Detect and Block approach to “see” and block malware in Real-time. Wedge uses its patented Deep Content Inspection technology to reconstruct full content, scanning it with signature-based scans, heuristic-based scans and an artificial neural engine, so that it can determine the intent of the content; whether it is safe or not. Thus, WedgeAMB can detect and block malware in real-time before it has a chance to be seen by the end user; thus taking the possibility of infection away. Even if the malware is a new variation or new, never-before-seen variety, it will be detected and blocked as soon as its mal-intent is revealed.
So, the solution is there for organizations to use. The best thing about it is that we even offer a FREE 90 day trial of the Wedge Advanced Malware Blocker. If you’re interested in protecting your organization from attacks through the strategy of prevention and not getting infected in the first place, get in touch with our team at info@wedgenetworks.com. As we like to say, the best defence against ransomware is “Don’t get infected”.
