Minimize Ransomware Risk with Aviatrix Platform
By definition, Ransomware is a type of malware that threatens to publish the victim's data or perpetually block access to it (for example using encryption) unless a ransom is paid.
Victims are then shown instructions for how to pay a fee to get the decryption key. In some cases, the data is stolen and taken out (Egress). To protect and prevent, broadly speaking, the following layers of defense are needed
- Ingress or Parameter security for anyone coming in the network
- Traffic going out. Egress Security
- Segment lateral movement of bad actors
- Data in motion protection with encryption
- Data at rest protection with encryption
- Anti-virus and anti-malware agents running inside the guest VM/EC2
- Securing user access
- AI-based Anomaly/Threat Detection with self-healing capabilities
Most ransomware attacks start from a phishing email or someone clicking a link on malicious websites.
Aviatrix recommends a “layered security approach” and “defense in depth” approach to stopping ransomware from happening at its root.
Aviatrix offers a combination of security services in its platform and also integrated with 3rd party security vendors in the platform.
Let’s discuss those ones
#1- Ingress security
The ransomware could start from someone unauthorized from outside getting access to the network (Ingress).
- We recommend WAF and other 3rd party services be used with our solution
#2- Egress Security
The ransomware could also start from an internal bad actor getting access to confidential data. Or someone injecting the code in software code, VMs or EC2s
- Aviatrix helps by providing features such as Zero-Trust Policy-Based Egress FQDN.
- Even for further fine-grained egress protection, we partner with PAN, Check Point, and Fortinet and leverage their technologies for enhanced egress protection.
- In the egress category, we also interwork with CASB solutions such as Zscaler, Palo Alto Prisma Access, etc.
#3- Segment Lateral Movement
- Our platform protects the lateral movement of bad actors with our Multi-Cloud Network Segmentation (MCNS). This also aligns with ZTNA
#4- Data in motion protection
- We have Zero Trust Encryption (ZTE) approach in building and Securing the Networks in the Cloud. We don’t trust the app. Or teams or even CSP for encryption. We encrypt by default. Zero tolerance there in our arch. In case if hackers get access to data in motion, they won’t be able to steam sensitive info. b/c it will be encrypted.
#5- Data at rest protection with encryption
- Customers should also consider the DLP solution. We do not have one of our but we should recommend this for enhanced security. Also, RBAC, software volume encryption, etc. is a must
#6- Anti-virus and anti-malware agents
- The recommendation is to consider 3rd party security vendor products
#7- Secure user-access
- Aviatrix securely allows end-users to connect with SAML auth to their EC2/VMs. It has MFA capabilities and it is policy-based so enterprises can have a Zero-Trust policy model
#8- Flow Analysis and Anomaly Detection
- CoPilot will also help in flow analysis, anomaly detection and altering