John Stevenson by John Stevenson | | Blog

With the news of the Kaseya VSA compromise, the IT management supply chain has been used to deliver what may yet prove to be the biggest ransomware attack in history. Now is the time to ask what you can do to mitigate the risk of a ransomware attack.

The problem with all supply chains is that they are predicated on trust. If you use a product like Kaseya VSA you are trusting it to manage your servers and endpoints. You are trusting it to put software and updates on your machines in much the same way as you trust Microsoft or your antivirus vendor to put updates onto your machines. If you are a Managed Service Provider (MSP,) you are trusting it to manage your client’s IT estate on your behalf.

How do you deal with a supply chain you cannot trust?

The defence supply chain has many decades of experience in mitigating against the threat of a compromised supply chain.  In this and similar industries 
it is acknowledged best practice is to segregate networks and test any updates arriving from outside the organisation in a DMZ before making them available to the internal network via secure link. It is an approach that can be both costly and labour intensive, but it does mitigate the threat.

Looking beyond the IT supply chain, the threat of ransomware is best combatted with the use of advanced malware protection. Many forms of anti-virus and ransomware protection software are detection-based, meaning they struggle to keep with the latest ransomware variants. An advanced malware protection tool, such as Deep Secure’s Threat Removal, will give you the best shot at stopping the ransomware from getting in because it adopts a true zero trust approach to the problem.

The approach starts from the premise that since it is impossible to be certain that any given piece of content does or doesn’t contain malware (the bad guys are just too good at hiding it), the only way to be certain is to trust nothing and use Threat Removal to transform everything and make it safe.

Threat Removal uses a process of transformation that works by extracting just the valid business information from each file (discarding the original along with any malware), verifying the extracted information is well-structured and building brand new files for onward delivery into the internal network.

If you would like to know more about Deep Secure’s solutions for controlling software updates into protected networks, contact us today.

If you would like to know more about Deep Secure’s zero trust approach to the threat of ransomware and how to defeat it using Threat Removal, visit our Ransomware Prevention page, watch our recent webinar on The Truth about Ransomware or download our practical ebook.

 


View all posts