Ransomware has become the weapon of choice for the major cyber-crime organizations, posing an existential threat to businesses that fall victim. The latest strains of ransomware target everything, including backup, making even partial recovery a long and expensive process. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, and Egregor have made the headlines, displacing WannaCry, Cerber, CryptoWall, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware infections come from innocent-seeming emails with malicious links or attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus (AV) tools. While user education and frontline detection are critical to defend against ransomware, best practices dictate that you assume some attacks will succeed and that you put in place a strong backup solution that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around an interview with a Progent security consultant experienced in ransomware defense and recovery. Progent will help determine your company's readiness to block or recover from a ransomware attack. During this interview Progent will work directly with you to gather pertinent information about your security and backup environment. Progent will use this information to produce a written Basic Security and Best Practices Report detailing how to apply best practices for configuring and managing your security and backup systems.
Progent's Basic Security and Best Practices Report focuses on key issues associated with prevention (Security) and recovery (Backups). The review addresses:
Security
- Correct use of administration accounts
- Correct NTFS and SMB permissions
- Optimal firewall settings
- Secure RDP connections
- AntiVirus tools selection and configuration
Backups
- Split permission model for backup protection
- Backing up required servers (AD)
- Offsite backups including cloud backup to Azure
The interview process included with the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for larger or more complex environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware attack, and Progent can provide as-needed expertise to help you and your IT staff create a cost-effective security/backup solution tailored to your business needs.
About Ransomware
Ransomware is a form of malware that either encrypts files so they are unreadable or deletes them altogether. Ransomware often locks the victim's computer so it is unusable. To reverse the damage, the victim is required to pay a specified amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will result in a recovery. Compromised or deleted files can extend throughout a network depending on the victim's write permissions, and the military-grade encryption algorithm used on the hostage files cannot be broken. A common ransomware attack vector is spoofed email, which the user is lured into opening by a social engineering technique known as spear phishing. This makes the email look as though it came from a trusted sender. The most targeted attack vector is an improperly secured Remote Desktop Protocol (RDP) port. These are becoming more of a problem as businesses support more at-home workers.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by ransomware variants is estimated at billions of dollars annually, more than doubling every two years. Notorious recent threats include WannaCry/WannaCrypt, Locky, Cerber, NotPetya and Spora. Current high-profile threats like Ryuk, Maze, and Sodinokibi are more elaborate and have caused more havoc. Even if your backup processes allow you to recover your ransomed files, you can still be threatened by exfiltration, where stolen data is made publc (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anit-virus tools will block the latest attack. If an attack does show up in an email, it is critical that your users have been educated to be wary of social engineering tricks. Your last line of defense is a solid scheme for scheduling and retaining offsite backups plus the deployment of reliable recovery tools.
ProSight Managed Services Offered by Progent
Progent's ProSight network management suite is a family of affordable, subscription-based service packages that allow small and mid-size businesses to outsource crucial IT management functions. ProSight services that can help defend against or recover from ransomware attacks include email filtering, next-generation AV based on behavior analysis, automatic isolation of infected computers and immediate inoculation of safe devices, plus cloud-based backup with both granular and whole-site recovery.
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates SentinelOne's next generation behavior analysis tools to guard physical and virtual endpoint devices against new malware attacks such as ransomware and email phishing, which easily escape traditional signature-matching anti-virus products. ProSight ASM protects on-premises and cloud resources and offers a unified platform to manage the entire malware attack lifecycle including filtering, infiltration detection, mitigation, cleanup, and post-attack forensics. Top features include one-click rollback using Windows Volume Shadow Copy Service and automatic system-wide immunization against newly discovered threats. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection (ESP): Endpoint Security and Exchange Email Filtering
Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and VMs, desktops, smartphones, and Exchange Server. ProSight ESP utilizes contextual security and advanced machine learning for continuously monitoring and reacting to security threats from all attack vectors. ProSight ESP offers firewall protection, penetration alarms, endpoint control, and web filtering through cutting-edge technologies packaged within one agent accessible from a single console. Progent's data protection and virtualization experts can help your business to plan and implement a ProSight ESP deployment that meets your company's specific requirements and that allows you achieve and demonstrate compliance with government and industry information protection regulations. Progent will assist you define and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alerts that require urgent attention. Progent's consultants can also help you to install and test a backup and restore solution like ProSight Data Protection Services (DPS) so you can recover quickly from a destructive cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Microsoft Exchange filtering.
- ProSight Data Protection Services: Managed Backup and Recovery
ProSight Data Protection Services from Progent offer small and medium-sized organizations a low cost and fully managed solution for reliable backup/disaster recovery (BDR). For a low monthly cost, ProSight DPS automates your backup processes and enables fast recovery of critical files, applications and VMs that have become lost or corrupted as a result of component breakdowns, software bugs, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you protect, recover and restore files, folders, apps, system images, as well as Microsoft Hyper-V and VMware images/. Important data can be backed up on the cloud, to an on-promises storage device, or mirrored to both. Progent's backup and recovery consultants can provide world-class support to configure ProSight Data Protection Services to be compliant with government and industry regulatory requirements such as HIPAA, FINRA, PCI and Safe Harbor and, when necessary, can help you to recover your critical information. Learn more about ProSight DPS Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam and virus filtering service that uses the technology of leading data security companies to deliver centralized management and world-class security for all your inbound and outbound email. The powerful structure of Progent's Email Guard managed service combines a Cloud Protection Layer with a local security gateway appliance to provide complete protection against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-based threats. The Cloud Protection Layer serves as a preliminary barricade and keeps the vast majority of threats from making it to your security perimeter. This reduces your exposure to external threats and conserves system bandwidth and storage. Email Guard's on-premises gateway device adds a deeper layer of inspection for incoming email. For outgoing email, the local security gateway offers AV and anti-spam protection, policy-based Data Loss Prevention, and email encryption. The on-premises security gateway can also help Microsoft Exchange Server to monitor and safeguard internal email traffic that originates and ends within your security perimeter. For more information, visit Email Guard spam and content filtering.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
Progent's ProSight WAN Watch is an infrastructure management service that makes it simple and affordable for smaller businesses to map out, monitor, enhance and debug their connectivity appliances such as routers, firewalls, and wireless controllers plus servers, printers, endpoints and other devices. Using cutting-edge Remote Monitoring and Management technology, WAN Watch makes sure that infrastructure topology diagrams are kept current, captures and manages the configuration of almost all devices connected to your network, monitors performance, and sends notices when problems are detected. By automating time-consuming management and troubleshooting activities, ProSight WAN Watch can cut hours off ordinary chores like making network diagrams, expanding your network, finding appliances that need critical updates, or identifying the cause of performance problems. Find out more details about ProSight WAN Watch infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progent's server and desktop remote monitoring service that uses advanced remote monitoring and management techniques to help keep your IT system running efficiently by tracking the state of critical computers that power your information system. When ProSight LAN Watch uncovers an issue, an alarm is transmitted automatically to your designated IT personnel and your Progent engineering consultant so any potential issues can be addressed before they can impact productivity. Learn more about ProSight LAN Watch server and desktop remote monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With ProSight Virtual Hosting service, a small or mid-size organization can have its key servers and applications hosted in a protected fault tolerant data center on a fast virtual host set up and maintained by Progent's IT support experts. With the ProSight Virtual Hosting service model, the customer retains ownership of the data, the OS platforms, and the apps. Since the system is virtualized, it can be ported easily to an alternate hosting solution without a lengthy and difficult reinstallation process. With ProSight Virtual Hosting, your business is not locked into a single hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that allows you to capture, maintain, retrieve and protect data related to your IT infrastructure, procedures, business apps, and services. You can quickly locate passwords or IP addresses and be alerted automatically about impending expirations of SSLs or domains. By updating and organizing your network documentation, you can eliminate up to half of time spent looking for critical information about your network. ProSight IT Asset Management includes a common location for holding and sharing all documents required for managing your network infrastructure like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also supports advanced automation for gathering and relating IT data. Whether you're making enhancements, doing maintenance, or responding to an emergency, ProSight IT Asset Management delivers the information you require as soon as you need it. Read more about ProSight IT Asset Management service.
- Active Defense Against Ransomware: Machine Learning-based Ransomware Detection and Cleanup
Progent's Active Defense Against Ransomware is an endpoint protection service that incorporates cutting edge behavior-based machine learning tools to guard endpoints and servers and VMs against modern malware assaults like ransomware and email phishing, which easily get by legacy signature-based AV tools. Progent ASM services protect local and cloud-based resources and provides a unified platform to manage the complete threat lifecycle including blocking, identification, mitigation, cleanup, and forensics. Key features include single-click rollback using Windows Volume Shadow Copy Service (VSS) and real-time network-wide immunization against new attacks. Find out more about Progent's ransomware defense and recovery services.
- Outsourced/Co-managed Help Desk: Help Desk Managed Services
Progent's Help Desk services enable your IT team to offload Support Desk services to Progent or split responsibilities for Service Desk support transparently between your in-house network support group and Progent's nationwide pool of certified IT service engineers and subject matter experts (SMEs). Progent's Co-managed Service Desk offers a seamless supplement to your internal IT support team. Client interaction with the Service Desk, provision of support services, problem escalation, ticket generation and updates, performance metrics, and maintenance of the service database are consistent whether incidents are taken care of by your corporate network support group, by Progent, or by a combination. Find out more about Progent's outsourced/shared Help Center services.
- Progent's Patch Management: Software/Firmware Update Management Services
Progent's support services for software and firmware patch management offer organizations of any size a flexible and cost-effective alternative for evaluating, validating, scheduling, applying, and tracking updates to your dynamic IT network. Besides optimizing the security and reliability of your computer network, Progent's patch management services permit your in-house IT team to focus on line-of-business projects and activities that deliver maximum business value from your information network. Read more about Progent's patch management support services.
Read or Download Progent's White Paper: 10 Benefits of Managed IT Services
To download a white paper describing why managed services are quickly takingthe place of the old break/fix model of IT support outsourcing for small and mid-size companies, click:
10 Benefits of Managed IT Services. (PDF - 710 KB)
ProSight Network Audits
Progent's ProSight Network Audits are a fast and affordable way for small and medium-size organizations to obtain an objective assessment of the health of their information system. Powered by some of the leading remote monitoring and management tools in the industry, and overseen by Progent's world-class team of IT professionals, ProSight Network Audits help you see how well the configuration of your essential infrastructure assets conform to industry best practices. The Basic and Advanced versions of ProSight Network Audit services are available at a low, one-time cost and provide instant ROI such as a cleaner Active Directory environment. Both also come with one year of advanced remote network monitoring and management. Advantages can include lower-cost network management, improved compliance with data security regulations, higher utilization of IT resources, faster problem resolution, more reliable backup and restore, and higher availability. Learn more information about ProSight Network Audits IT infrastructure assessment.
Contact Progent to Find Out More about Progent's ProSight Ransomware Preparedness Report Service
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Report can reduce your vulnerability to ransomware, call Progent at 800-993-9400 or visit Contact Progent.