Current Enterprise solutions aginst Ransomware

Robert Scalise
Robert Scalise used Ask the Experts™
on
Though I know there are many answers to this issue I Would like to ask expert resource here on what they are doing to best protect against the current Ransomware in a enterprise environment.

We are currently using Symantec Endpoint Protection for desktop and Web Marshall on a proxy but stations are still getting infected from time to time. We've only have one infection that sta started to spread to a network drive but damage was minimal, this time.

Would love to hear what issue being using at this time to best block current strains before infection on all levels successfully.

thanks for any response
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
It's the eternal question, seems you've done the most available with your budget.
Besides the usual:

 - antivirus
 - keep ALL software up to date (not only Windows, also browser/flash/adobe/etc etc etc)

 the most important is USER EDUCATION. Curiosity killed the cat, and the computer as well. People are just too curious and gullible and will click on ANYTHING. Some spyware needs SEVERAL mouseclicks to be installed, but like a drone, most users continue and continue.
 Explain their lives really don't depend on them clicking EVERYTHING in their sight. Explain READING is also key.
 Trust me, an email like this:

 invoice@dhl.com
 subject: invoice
 body: please click attachment
 attachment (doesn't matter if it's zip, exe, etc etc)

 With NO EXTRA text, no signature, no personal information, IT GETS CLICKED ON AND INSTALLED!

 Then again, in some companies I work at, sending out weekly emails explaining, they still keep doing it.  The only thing you can do is mitigation, keeping infections in the user space and hopefully keep it the clean up time to a minimum.

 When users just don't listen, with ALL the measures you put up, some WILL get through (usually the newest type where antivirus didn't send out virus updates for)
I'm not seeing this in enterprise systems.
We use Juniper networks SRX with virus scanning and web filtering.  The filtering isn't *too* harsh and requests for changes are now rare.
We also use a variety of workstation internet security programs.  Microsoft Security Essentials on Win7 and Defender on Win8 are the most common.
We also run the Pro version of Malwarebytes.
With this, we have not had a problem in years, or maybe "ever".  Detections with the tools yes.  Problems in operations, no.

Systems with problems generally have problem users.....
While it may sound like a tangential approach, it can be the *most* serious matter.
I once had a client whose computer had to be cleaned up every 2-3 months.  Protection on that computer was fine.  But, there was a problem user......

Perhaps others have other ideas but I would be looking at this aspect.
Of course, web filtering is a big help in that regard.  So, they go together.
This is a sure way to block things to the extent that it's able.  It surely will thwart some bad user habits.
Tyler BrooksNetwork & Systems Administrator
Commented:
As well as patch management, AV and user education which are definitely the most important factors, I ran into this with a client last week and file versioning allowed us to recover the already encrypted files with minimal loss of data. It looks as though our AV solution killed the process on the workstation before it managed to encrypt more than 4 files (2 of which were shared files on the server), and then I was able to use the versioning to roll back to before the ransomware hit and minimize their file loss.
It is generally the users that are the problem, but to answer the question, there are a number of commercial applications for this purpose.  It is a matter of distributing restrictions via GPO that they all address.  Look at my article and they almost all have business alternatives on their websites.

http://www.experts-exchange.com/articles/18086/Ransomware-Prevention-is-the-only-solution.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial