Minimize Ransomware Risk with Aviatrix Platform
By definition, Ransomware is a type of malware that threatens to publish the victim's data or perpetually block access to it (for example using encryption) unless a ransom is paid.
Victims are then shown instructions for how to pay a fee to get the decryption key. In some cases, the data is stolen and taken out (Egress). To protect and prevent, broadly speaking, the following layers of defense are needed
- Ingress or Parameter security for anyone coming in the network
- Traffic going out. Egress Security
- Segment lateral movement of bad actors
- Data in motion protection with encryption
- Data at rest protection with encryption
- Anti-virus and anti-malware agents running inside the guest VM/EC2
- Securing user access
- AI-based Anomaly/Threat Detection with self-healing capabilities
Most ransomware attacks start from a phishing email or someone clicking a link on malicious websites.
Aviatrix recommends a “layered security” and “defense in depth” approach to stopping ransomware from happening at its root.
Aviatrix offers a combination of security services in its platform and provides tight integration with 3rd party security vendors as well.
Let’s discuss those options one by one
#1- Ingress security
The ransomware could start from someone unauthorized from outside getting access to the network (Ingress).
- We recommend WAF and other 3rd party services be used with our platform
- Aviatrix IPS Gateway (also known as Public Subnet Filtering GW) should also be deployed in AWS that works in conjunction with AWS GuardDuty to filter the malicious actors
#2- Egress Security
The ransomware could also start from an internal bad actor getting access to confidential data. Or someone injecting the malicious code during the software development process in VMs or EC2s. The application can then make an egress connection to transfer the data out from the network
- Aviatrix recommends using the Zero-Trus policy to filter the traffic based on the FQDN. Aviatrix Egress FQDN feature should be used in order to protect unwanted access to the outside world.
- Even for further fine-grained egress protection, we partner with PAN, Check Point, and Fortinet and leverage their technologies for enhanced egress protection.
- In the egress category, we also interwork with CASB solutions such as Zscaler, Palo Alto Prisma Access, etc.
#3- Prevent Lateral Movement
- Aviatrix platform protects the lateral movement of bad actors with Multi-Cloud Network Segmentation (MCNS). This also aligns with ZTNA.
#4- Data in Motion Protection
- Aviatrix has Zero Trust Encryption (ZTE) approach in building and securing the Networks in the Cloud. Encrypting and protect the data in motion is the network owner's responsibility. The networking team should not depend on the application owners or even CSP to provide the encryption. Aviatrix encrypts by default. Zero tolerance there in Aviatrix architeccture. In case if hackers get access to data in motion, they won’t be able to steam sensitive info. b/c it will be encrypted.
#5- Data at Rest Protection
- Customers should consider a robust DLP solution. RBAC, MFA, IAM policies and data encryption options must be utilized
#6- Anti-virus and Anti-malware Agents
- The recommendation is to consider 3rd party security vendor products to provide host-level anti-virus and anti-malware protection
#7- Secure User Access
- Aviatrix securely allows end-users to connect with SAML auth to their EC2/VMs. It has MFA capabilities and it is policy-based so enterprises can have a Zero-Trust policy model
#8- Flow Analysis and Anomaly Detection
- Aviatrix CoPilot provides deep flow visibility, analysis, anomaly detection, and altering. CoPilot should be used to identify abnormal trends and spikes.