Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Use virtual containers to isolate ransomware

Israel Levy, CEO, Bufferzone | Dec. 21, 2016
Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you time and money

The segregation of the connections and files is secular; whether good or bad, they are all made or viewed only within the container (some solutions allow users to bridge selected items safely onto the internal network). The contents of the container are wiped periodically to permanently remove malware from the computer.  As a result, endpoints are not vulnerable to web-based threats such as drive-by downloads, malvertising, and an endless stream of zero-day exploits that easily bypass signature-based anti-virus software, firewalls, gateways, and other security tools.

If there is a need to actually import files into the network, the system will have users covered there as well.  A secure bridge disarms files by extracting the content and leaving anything suspicious behind. Like the virtual container itself, this approach does not rely on an ability to detect malware – it simply transfers the “known good”.  That makes it immune to the ever-changing threat landscape.

Hospitals and schools are especially vulnerable, having experienced numerous malware attacks. Last February, for example, a Los Angeles hospital paid 40 bitcoins to unfreeze its data. A month later, an attack on the Medstar hospital system froze electronic records at ten hospitals in Maryland (according to the company, it did not pay the ransom, and restored its data from backups). Other hospitals that have been attacked include one in Kansas, which was actually hit twice by the same cyber-crooks, after paying the ransom demanded in the first attack. So far, the Medstar attack has been the biggest ransomware shakedown reported.

With virtual container systems, however, phishing efforts by hackers will come to naught; even if they convince a user to click on a bad link or manage to get a poisoned attachment past an e-mail virus checker, the malware will be unable to get past its virtual space and infect a computer, or the rest of the network, denying ransomware purveyors their ultimate goal of shutting down a company's operations. Thus, virtual container technology actually gives organizations two victories over hackers – one, by protecting their internal networks from ransomware, and two, preventing downtime and enabling employees to continue working as usual.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.