Protecting Your Enterprise Databases from Ransomware

Similar documents
McAfee Database Security Insights

Load Balancing with McAfee Network Security Platform

McAfee Labs Threat Report

Comprehensive Database Security

McAfee Endpoint Threat Defense and Response Family

Targeted Ransomware No Longer a Future Threat

Petroleum Refiner Overhauls Security Infrastructure

Building Resilience in a Digital Enterprise

McAfee Advanced Threat Defense

Defend Against the Unknown

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Protecting the Home Front

McAfee Endpoint Security

GUIDE. Navigating the General Data Protection Regulation Mini Guide

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Securing Your Microsoft Azure Virtual Networks

Intelligent, Collaborative Endpoint Security

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Seven Steps to Ease the Pain of Managing a SOC

McAfee epolicy Orchestrator

UK Gender Pay Gap Report 2018

SIEM Solutions from McAfee

GDPR: An Opportunity to Transform Your Security Operations

McAfee Embedded Control

McAfee MVISION Cloud. Data Security for the Cloud Era

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Sustainable Security Operations

Ten Ways to Prepare for Incident Response

Security and PCI Compliance for Retail Point-of-Sale Systems

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

McAfee Public Cloud Server Security Suite

Data Loss Prevention Best Practices for Healthcare

Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

SIEM: Five Requirements that Solve the Bigger Business Issues

McAfee Total Protection for Data Loss Prevention

The Solution Provider s Guide to Protecting Clients from Ransomware

McAfee Product Security Practices

McAfee Web Gateway Administration

Services solutions for Managed Service Providers (MSPs)

Cyber Insurance: What is your bank doing to manage risk? presented by

Securing Your Amazon Web Services Virtual Networks

Cybersecurity The Evolving Landscape

Machine Learning and Advanced Analytics to Address Today s Security Challenges

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

Designated Cyber Security Protection Solution for Medical Devices

with Advanced Protection

United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security

HOSTED SECURITY SERVICES

Mapping traditional AV detection failures. October 2017

Cyber Attack: Is Your Business at Risk?

Understanding the Changing Cybersecurity Problem

THE ACCENTURE CYBER DEFENSE SOLUTION

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

STEVE GOODING JUNE 15, 2018

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

CyberEdge Group 2018 Cyberthreat Defense Report

HIPAA 2017 Compliancy Group, LLC

Threat Hunting in Modern Networks. David Biser

Best Practices for PCI DSS Version 3.2 Network Security Compliance

Manufacturing security: Bridging the gap between IT and OT

Power of the Threat Detection Trinity

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

IBM Cloud Internet Services: Optimizing security to protect your web applications

Transforming Security from Defense in Depth to Comprehensive Security Assurance

McAfee Embedded Control

RSA NetWitness Suite Respond in Minutes, Not Months

Understanding the McAfee Endpoint Security 10 Threat Prevention Module

FSOR. Cyber security in the financial sector VISION 2020 FINANCIAL SECTOR FORUM FOR OPERATIONAL RESILIENCE

Security by Default: Enabling Transformation Through Cyber Resilience

Service Provider View of Cyber Security. July 2017

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Incident Response Table Tops

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity It Matters to SMB

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

8 Must Have. Features for Risk-Based Vulnerability Management and More

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

May the (IBM) X-Force Be With You

McAfee Application Control/ McAfee Change Control Administration

Building a Threat Intelligence Program

McAfee Embedded Control for Retail

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

SECURITY PRACTICES OVERVIEW

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

McAfee Virtual Network Security Platform

McAfee Skyhigh Security Cloud for Amazon Web Services

MRG Effitas 360 Degree Assessment & Certification Q MRG Effitas 360 Assessment & Certification Programme Q2 2017

align security instill confidence

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Challenges and. Opportunities. MSPs are Facing in Security

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Transcription:

Protecting Your Enterprise Databases from Ransomware 1 Protecting Your Enterprise Databases from Ransomware

Protecting Your Enterprise Databases from Ransomware Ransomware is no longer the new kid on the block. In fact, going back as far as 2005, ransomware has played a part in the world of cybercrime. As a relatively easy way for criminals to make money, it comes as no surprise that ransomware has gained many underground followers over the past 11 years. With new strains appearing online almost weekly, ransomware has become the number one concern of many IT security professionals and researchers. Whether it s Archiveus, Reveton, CryptoLocker, Locky, or WannCry, one thing is certain: holding data for ransom is here to stay. This white paper is aimed at security administrators and database administrators responsible for managing relational databases or application servers. The paper covers current ransomware threats to enterprise databases, how ransomware affects enterprise databases, and how McAfee Database Security protects from ransomware. It also provides an overview of McAfee Database Security Activity Monitoring and highlights specific policy and rule setups to help fight ransomware in the enterprise database environment. Ransomware Is Targeting Enterprise Data Earlier, ransomware targeted individuals, mostly encrypting user or company PCs, and, of course, followed by a request for payment (typically $100 to $2,000) via difficult-to-trace Bitcoin accounts in order for victims to regain access to encrypted files. While this approach certainly causes plenty of headaches for IT security personnel, the situation became more serious when attackers began targeting enterprise databases in 2016. The risks for companies are higher now that attackers are targeting databases, where companies store their most sensitive, critical, and often most valuable data and are demanding larger extortion sums. With the stakes so high, attackers are finding new ways to encrypt critical data located in databases. Introducing Gradual Encryption File encryption is the traditional approach by attackers using ransomware. This works well on PCs or a company s network drive, but it is not a very effective approach for critical databases with a high frequency of backups. Connect With Us 2 Protecting Your Enterprise Databases from Ransomware

Hello Hello 1001011 Database Server Application Server 1001011 Figure 1. Gradual encryption and decryption. Database backups, previously used as the go-to defense against cyberattacks, no longer offer the needed security against gradual encryption. Attackers are extremely sophisticated and patient in this new approach. Reports have shown that attackers wait as long as six months or more before removing the decryption key to paralyze a company. By leaving the decryption key in place this long, attackers usually avoid detection by making sure the performance and behavior of the infected application does not change and to ensure that encrypted key fields are passed down into most available backups. The result can only be described as devastating. Data supplied by the affected database will stay encrypted, and even the application server will not be able to make sense of arriving data. Any business process that relies on those fields will be stopped. Fighting Ransomware Attacks on Enterprise Data McAfee is actively developing new and innovative built-in database security capabilities to address the rising threat of ransomware. The focus is on providing early detection of gradual encryption activities, thus minimizing the possible impact of the ransomware attack. McAfee is constantly developing new McAfee Database Vulnerability Assessment scans to detect key database fields that might be under a gradual encryption attack. Additionally, McAfee is developing more monitoring rules in McAfee Database Security Activity Monitoring to monitor for specific activity patterns associated with ransomware attacks. 3 Protecting Your Enterprise Databases from Ransomware

A Typical Example The phpbb application was compromised (as reported by High-Tech Bridge) via stolen FTP accounts. The attackers encrypted and decrypted email and password fields and left a back door open to reinstate the encryption process in case the application (phpbb) was updated and, with that, any changes removed. The decryption key, in this case, was fetched from a remote server. Figure 3. McAfee Vulnerability Manager for Databases showing encryption of the email field. McAfee Database Security Virtual Patching (McAfee vpatch) and McAfee Database Activity Monitoring utilize built-in activity monitoring to detect the encryption of key data fields and non-standard flows using built-in encryption functions. Figure 2. Encryption/decryption and the key file request. Early and Real-Time Detection Is Key McAfee Vulnerability Manager for Databases detects and alerts on encrypted data in key fields, such as user email, user name, contact details, and many others. McAfee Vulnerability Manager for Databases also detects anomalies on how application-encrypted data is stored, for instance, on financial data, personally identifiable information (PII), or password data. Figure 4. McAfee vpatch Activity Monitoring rule detecting encryption of an email field. 4 Protecting Your Enterprise Databases from Ransomware

McAfee Database Activity Monitoring McAfee Database Activity Monitoring cost effectively protects data from all threats by monitoring activity locally on each database server and by alerting or terminating malicious behavior in real time, even when running in virtualized or cloud computing environments. McAfee Virtual Patching for Databases McAfee Virtual Patching for Databases detects missing patches, applies vulnerability-specific countermeasures, and fixes misconfigurations (via McAfee virtual patching technology) found by vulnerability scans to improve the security posture of databases immediately without any downtime. McAfee Vulnerability Management for Databases McAfee Vulnerability Manager for Databases automatically discovers databases on the network, determines if the latest patches have been applied, and tests for vulnerabilities, such as weak passwords, default accounts, and other common threats. In addition, it allows for detailed data discovery scans, including PII data, PCI-DSS data, and many more. Next Steps Attackers are on the hunt for companies who can t detect their gradual encryption techniques until it s too late. McAfee Database Security gives you the early detection you need to better avoid becoming the victim of a ransomware attack. For more information: Visit us at: https://www.mcafee.com/us/products/ database-security/index.aspx. Have one of our experts contact you at: https:// prod2.secureforms.mcafee.com/web-us_ ContactMe. Did you know? McAfee vpatch is an integral part of McAfee Database Activity Monitoring and is included when installing McAfee Database Security. No additional license is required. 5 Protecting Your Enterprise Databases from Ransomware

About McAfee McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. By building solutions that work with other companies products, McAfee helps businesses orchestrate cyber environments that are truly integrated, where protection, detection, and correction of threats happen simultaneously and collaboratively. By protecting consumers across all their devices, McAfee secures their digital lifestyle at home and away. By working with other security players, McAfee is leading the effort to unite against cybercriminals for the benefit of all. www.mcafee.com. 2821 Mission College Blvd. Santa Clara, CA 95054 888.847.8766 www.mcafee.com McAfee and the McAfee logo or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2018 McAfee, LLC. 4106_0818 AUGUST 2018 6 Protecting Your Enterprise Databases from Ransomware

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback