deepagopi2011 - Fotolia

MSSPs can help in the fight against ransomware

Recent high profile ransomware cases have underlined the need for help and providing it as part of a managed service could be the answer

Ransomware is one of the biggest issues in cyber security and should be providing plenty of opportunities to the channel because the recent examples of WannaCry and Petya have demonstrated many firms remain exposed to threats.

Vendors have reacted quickly to prevent ranswomware from being a problem for users but many customers have yet to invest in the technology that protects their data and the answer could like in the services being promoted by more MSSPs.

Research earlier this week from Imperva revealed that 60,000 hosts were still vulnerable to the EternalBlue exploit that was used in the WannaCry attack. Elthad Erez, director of innovation at the security player, has devised a way of scanning for the problem and come back with the disturbing results.

Check Point's threat team has also followed the progress of the ransomware and noted that although there was a kill switch discovered WannaCry still remains active out in the field.

The security vendor has refined its anti-ransomware tool and has been promoting it to partners, highlighting how its customers were protected from the latest attacks.

Nathan Shuchami, Check Point’s global head of threat prevention & VP of emerging products, said that the recent attacks had caused a significant increase in damages for customers and disruption.

"Many organisations will allow an employee to take a laptop out of the network and then they can get infected as a consumer. There is a greater need today to protect against advanced threats and protect the network," he said.

When it comes to fighting ransomware the approach is two-pronged, analyising attacks on behaviour rather than signature and killing them before they start to encrypt the user data.

But there is also a need to fight the ransomware that slips through and is only identified once it starts encrypting. In that scenario the vendor has a strategy to hive off data into a protected partion on the network to ensure there is an intact backup avaialble.

That idea of containment is being used elsewhere in the industry as security specialists react to ever increasingly sophisticated attacks.

"It is no longer enough to put up cyber barriers and hope they aren’t breached. The reality is that hackers can and will find a way round. Instead the security industry needs to focus on containment of threats once they find a way into the network. Using cryptographic segmentation, they can limit the impact and ensure that it does not affect their entire company. The technology exists to do this now, but it is up to businesses to embrace the innovation that can help protect their organisation against wide-spread cyber-attacks, before the damage is done," said Dan Panesar, vice president EMEA at Certes Networks.

One of the answers to making sure these sorts of services are adopted by a greater number of customers is for the managed security services players to promote them more. With many smaller firms struggling to understand just how they can protect themselves more are turning to external expertise to get help.

Shuchami said that it had recently signed up a number of MSSPs and some telcos to make sure they were in a position to offer the advanced threat protection services.

"SMB and Soho customers do not want to deal with it and will outsource it to others to take care of the internet, mail and security. More MSSPs have approached us to protect both SMEs and small enterprise customers," he said.

Read more on Data Protection Services