Current Enterprise solutions aginst Ransomware

Though I know there are many answers to this issue I Would like to ask expert resource here on what they are doing to best protect against the current Ransomware in a enterprise environment.

We are currently using Symantec Endpoint Protection for desktop and Web Marshall on a proxy but stations are still getting infected from time to time. We've only have one infection that sta started to spread to a network drive but damage was minimal, this time.

Would love to hear what issue being using at this time to best block current strains before infection on all levels successfully.

thanks for any response
Robert ScaliseAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerCommented:
It's the eternal question, seems you've done the most available with your budget.
Besides the usual:

 - antivirus
 - keep ALL software up to date (not only Windows, also browser/flash/adobe/etc etc etc)

 the most important is USER EDUCATION. Curiosity killed the cat, and the computer as well. People are just too curious and gullible and will click on ANYTHING. Some spyware needs SEVERAL mouseclicks to be installed, but like a drone, most users continue and continue.
 Explain their lives really don't depend on them clicking EVERYTHING in their sight. Explain READING is also key.
 Trust me, an email like this:

 invoice@dhl.com
 subject: invoice
 body: please click attachment
 attachment (doesn't matter if it's zip, exe, etc etc)

 With NO EXTRA text, no signature, no personal information, IT GETS CLICKED ON AND INSTALLED!

 Then again, in some companies I work at, sending out weekly emails explaining, they still keep doing it.  The only thing you can do is mitigation, keeping infections in the user space and hopefully keep it the clean up time to a minimum.

 When users just don't listen, with ALL the measures you put up, some WILL get through (usually the newest type where antivirus didn't send out virus updates for)
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fred MarshallPrincipalCommented:
I'm not seeing this in enterprise systems.
We use Juniper networks SRX with virus scanning and web filtering.  The filtering isn't *too* harsh and requests for changes are now rare.
We also use a variety of workstation internet security programs.  Microsoft Security Essentials on Win7 and Defender on Win8 are the most common.
We also run the Pro version of Malwarebytes.
With this, we have not had a problem in years, or maybe "ever".  Detections with the tools yes.  Problems in operations, no.

Systems with problems generally have problem users.....
While it may sound like a tangential approach, it can be the *most* serious matter.
I once had a client whose computer had to be cleaned up every 2-3 months.  Protection on that computer was fine.  But, there was a problem user......

Perhaps others have other ideas but I would be looking at this aspect.
Of course, web filtering is a big help in that regard.  So, they go together.
This is a sure way to block things to the extent that it's able.  It surely will thwart some bad user habits.
1
Tyler BrooksNetwork and Security ConsultantCommented:
As well as patch management, AV and user education which are definitely the most important factors, I ran into this with a client last week and file versioning allowed us to recover the already encrypted files with minimal loss of data. It looks as though our AV solution killed the process on the workstation before it managed to encrypt more than 4 files (2 of which were shared files on the server), and then I was able to use the versioning to roll back to before the ransomware hit and minimize their file loss.
1
Thomas Zucker-ScharffSolution GuideCommented:
It is generally the users that are the problem, but to answer the question, there are a number of commercial applications for this purpose.  It is a matter of distributing restrictions via GPO that they all address.  Look at my article and they almost all have business alternatives on their websites.

http://www.experts-exchange.com/articles/18086/Ransomware-Prevention-is-the-only-solution.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.