Blog
As ransomware is seen as the biggest global cyber threat, the time has come for a paradigm shift
By BUFFERZONE Team, 17/07/2022
Ransomware attacks are becoming more sophisticated and aggressive, requiring governments and businesses to understand the magnitude of the problem and address it.
The ever-evolving cybercrime scene requires a fundamental change in the way security experts tackle this threat, shifting from reliance on just traditional discovery and detection tools, whose successes are partial at best, to incorporation of endpoint containment and isolation solutions in organizational security strategies.
An illustration of the severity of the ransomware threat was given earlier this week by Lindy Cameron, CEO of the British National Cyber Security Centre (NCSC), warning that ransomware is the biggest cybersecurity threat facing the world today, with the potential to significantly affect whole societies and economies.
“Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they’re increasingly offered by gangs as a service, lowering the bar for entry into cybercrime,” Cameron said In a speech at Tel Aviv Cyber Week, according to a report in ZDNet.
In parallel, the quarterly Internet Security Report published by WatchGuard Threat Lab indicated that during the first quarter of 2022 the volume of ransomware detections almost tripled.
The challenge posed by highly skilled cybercriminals requires CISOs, MSPs and other IT professionals to look for creative solutions. Cleary, deploying security solutions that focus solely on discovery and detection is no longer enough, as hackers constantly introduce new evasion techniques designed to circumvent existing security products.
Since COVID and the organization change of work from home the market has been shifting to zero-trust safe workspace solutions with endpoint containment and isolation. These products are less vulnerable to new malware techniques, as downloaded or other externally accessed files on endpoints are kept in a virtual container, along with any possible processes started by or from those files.
Besides the clear advantage of reduced operational costs, the advantage of this approach is clear: protection does not depend on correctly identifying and discovering specific malware. It doesn’t matter how new the malware is and what evasion techniques it implements – even if the malware strikes, it cannot cause any damage to native endpoint or organizational network resources. To enable safe workspace, BUFFERZONE deploys a lightweight endpoint agent that creates a single virtualized container on top of the host operating system. Browser processes that are exposed to the internet are kept in the container, along with any data they download or saved. At the same time, contained processes can be prevented from reaching native endpoint or organizational resources, and so can’t inflict any lasting damage