With global firms still reeling from last weekend’s WannaCry ransomware attack, cybersecurity firms are simultaneously riding the fear and bracing for an inevitable next wave of attacks.
“Now that malware authors have seen the success of utilizing ETERNALBLUE, I'm sure they will be rapidly creating new variants and techniques to try and capitalize on people who aren't able to secure their organization in time,” Nicolas McKerrall, threat researcher at Check Point Software Technologies Ltd. CHKP, told Benzinga.
Check Point is taking the opportunity to educate the public on protective measures. The company professes effective technology to combat and prevent the variants thus far seen, so it is urging consumers to affix proper data center, cloud, mobile and endpoint controls, as well as improve threat visibility.
Worms like WannaCry exploit vulnerabilities to capitalize on exposed services and unpatched technology, whose susceptibility is often preventable. In some situations, signature-based detection isn’t updated quickly enough to offer critical protection.
“Exploiting humans is much easier than exploiting machines,” McKerrall said. “Machines are predictable, but humans will make a variety of choices based on a wide variety of variables. Often to the detriment of their overall security.”
The Check Point Method
Check Point’s services, such as Sandblast Network, Agent and Cloud, thus work to block threats before patches are installed and in spite of consumer choice.
“Even if they disable multiple layers of security controls that would have stopped the threat, we still have the anti-ransomware technology built into Sandblast Agent,” McKerrall said. “An individual user can't disable this protection, and regardless of their ‘security choices,’ we will detect, stop, remediate and even recover their files when their machine is under attack.”
As of the company’s most recent assessment, its approach proved successful. None of its clients were compromised in the WannaCry attack, in part because of the firm’s multi-layered security system and non-disableable fundamental protection.
“Traditional detection and even traditional Sandbox technology is not enough,” McKerrall said. “Today you need a way to be able to block threats the first time and not allow ‘Patient Zero’ through.”
Taylor Cox contributed reporting.
Related Links:
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.