How to Prevent a Ransomware Attack with Varonis
Author: Beth Laws
Release Date: 01/05/2024
Ransomware is a conversation at board level today and it’s a topic we need to tackle. Security is like insurance, we begrudge paying it and often question whether we need it in the first place, but my goodness aren’t we grateful when it’s there when we need it.
Varonis is able to support organisations in understanding where their weaknesses lie for the purpose of strengthening security posture pre-attack, as well as providing tools to understand the blast radius post-attack.
Prevention
One key step in protecting your data pre-attack is to understand what data you hold, who has access to it and very importantly, how sensitive it is. Varonis can classify the data, label it and mapping the permissions and access controls can help you understand what is sensitive and which of it is over-exposed. This then helps to know what is over-exposed within your organisation and therefore what needs remediating and work towards a least privilege model.
Behaviour Based Alerting
Varonis uses User Behaviour Analytics to understand what behaviour is normal for your users and accounts and can therefore alert you when behaviour deviates from the norm. A small number of high value alerts will allow you to investigate threats before they become too damaging.
In addition, the new Varonis Managed Data Detection and Response service offers an additional layer of protection by allowing the Varonis cyber security experts to have eyes on the system's alerts and help to resolve these 24/7, for 365 days a year.
Post Attack Investigation
Varonis understands what behaviour is normal for your users and accounts and can therefore alert you when behaviour deviates from the norm as well as the built-in threat models looking for common attack behaviours. A small number of high value alerts will allow you to investigate threats before they become too damaging. When clicking on the individual alerts, you can dive deeper into the detail behind these and be given more context around the alert. You’ll be able to discover more information about the type of user account this is, whether they have logged in from an unusual location or whether they have triggered any other alerts.
Athena AI is the new generative AI layer added to be part of Varonis SaaS. It can be used as an assistant SOC Analyst to help with alert triage and investigation. Athena will respond to questions such as ‘What should my next steps be?’ when investigating an alert, and will provide information on any next steps, whether any more information needs to be sourced from other systems and recommendations to strengthen the security posture of the environment.
Post Attack Recovery
Once you understand the path taken, you can be aware of the blast radius and how affected your data and environment is and the damage done. Once you know you have been breached, it is important to be able to report this back to the relevant regulatory bodies. However, many organisations are unable to report on the scope of the attack and the specifics of what data was affected. With Varonis, you can very quickly be sure of exactly what was touched and can instantly pull a report that’s ready to present with all of the relevant information.
Regardless of the stage, Varonis is able to support you in toughening your security pre-attack, detecting threats during an attack and recovering post-attack.