Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Use virtual containers to isolate ransomware

Israel Levy, CEO, Bufferzone | Dec. 21, 2016
Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you time and money

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Keeping internal networks safe from the ravages of the Internet is increasingly hard, but virtual container solutions allow users to function normally while preventing the “deplorables” of the Internet– malware, exploits, and other negative phenomena – from reaching files and sensitive data.

Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you a great deal of trouble and expense.

According to industry statistics, over 90% of all malware attacks – including ransomware – have their origins in a nefarious Internet connection, like a link that automatically downloads a trojan to a user's computer, or in an attachment that contains code that connects to a C&C server that installs the malware. Once done, it's a matter of time before the ransomware is delivered – and all hell breaks loose in the organization.

Relying on users to avoid illicit links or attachments obviously doesn't work; there isn't a hospital, school, or company that doesn't warn against clicking on “suspicious” objects, so the fact that computer malware infections – and ransomware threatsgrow annually means that the “don't click” system isn't working.

Which is why the best strategy is to keep personnel away from dangerous connections and attachments. Not by limiting the ability to surf the Internet via whitelists or restricting access to content in messages like attachments; that would interfere with the flow of work. Instead, organizations should install virtual container solutions, which keep negative phenomena away from important files and from the internal network, while allowing the flow of work to proceed.

Under a scheme like this, whenever an employee surfs the web or an attachment comes in, all the connections and/or engagement with the attachment are made in a virtual container. The application actually runs inside the container, so the connection and/or data that is read remains there as well, while users can read, hear or view it. The virtual container isolates applications and data from the computer’s real file system, registry, memory and network connections. It effectively traps malware inside where it can do no harm.

Attachments – among the most common access tools for hackers– are kept in the segregated area. Ditto for downloaded documents, spreadsheets, and other “legitimate” files that could be infected with poison macros, etc. The same goes for social media and communication apps (Facebook, Skype, etc.); anything damaging that tries to come through, whether a link, file, attachment, image, music file, etc. is stopped in its tracks.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.