Good day,

Is there a device or any technology that prevents users from opening emails with ransomware and infecting the network shares?

I believe tiers of protection to help minimize but nothing concrete to stop.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I do not know of any artificial intelligence program that will screen out ransomware.

Two solutions:  

1. Top notch Spam Filters - this does most of the heavy lifting.
2. User training - do not open strange emails.
Gregory MillerGeneral ManagerCommented:
Additionally... Host your email with a vendor who also has very good filter processes like Microsoft or Google or others similar.
IBSITAuthor Commented:
I have Folder Permissions to quarantine in the event of infections of course this is dependent on user rights, Internet Content Filtering, Spam Filtering through SW Device, AV, Update Servers with Latest Updates. I have some of my clients mail are being hosted, i don't have control of SPAM Filtering.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

William MillerIT SpecialistCommented:
There are numbers of AI-based filtering softwares but as John stated, I don't know of any that are smart enough to catch all of them. The best thing you can do is train your people not to open things that look suspicious. Even that, though, becomes an issue. We've run into customers in the past that received ransomware from emails disguised as their contacts, or outright from contacts that have been infected. Defensive browsing is always the best option for protection, but like all options, none are perfect. There's always potential for something to slip through. The best we can do currently is make that percentage chance smaller.
JohnBusiness Consultant (Owner)Commented:
You need to determine what you can do about spam filtering. This is the prime defense and I prefer that to user training (which is, of course, necessary). But just not even seeing the emails is the best way.

Ask how you can get control of spam filtering. Change email services if you have to.
Jane UpdegraffSr. Systems AdministratorCommented:
We use Proofpoint as our first line of defense. Links and attachments are scanned and stopped before it ever reaches our mail server. Then, even when the message makes it through, all links are redirected to a proofpoint server where the link is opened in a sandbox and reported as safe or not. That way our users cannot make a mistake by opening or clicking in most cases. But no system is foolproof ... and that's because users can really be foolish (in my experience). That's the kind of filtering John is talking about.
William MillerIT SpecialistCommented:
At my previous job we used a service called AppRiver. They handled all of the spam filtering offsite and went so far as to blacklist out things we sent them via request. Granted, my former employer was a little too strict on the issue and only allowed whitelist sources to come through. It made correspondence very tedious. I don't suggest going quite that overboard with it.
Is there a device or any technology that prevents users from opening emails with ransomware and infecting the network shares?
You can add layers of protection, but there's nothing that's 100% foolproof. Ideally, you have an external email filter in addition to your Sonicwall. Once you're beyond those, endpoint protection products are supposed to handle much of the work.

I've used AppRiver in the past, and they're pretty much like any other service (I used them when working for a MSP). I had no major issue with the filtering itself, especially since we had it set up to send users digests of whatever got caught (remember, no product is perfect). User training, along with a way to report suspicious email, is going to give you one of the biggest returns. That's going to give you information that helps improve the automated aspects.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
William MillerIT SpecialistCommented:
@msnrock We had precisely the same scenario. AppRiver was great, we just had a bit too overly cautious management.

@OP You have to remember with any filtering, too much can be a detriment to your organization. The biggest question you have to ask yourself in that situation is this: What constitutes too much? Generally you want to aim for the best protection with the least hindrance. It's a hard line to achieve and again, no particular service/product will be perfect in that area. It all boils down to the solution that's right for your organization. Ultimately it will be up to your IT department to decide which service provides what they want with the least overall negative footprint.
JohnBusiness Consultant (Owner)Commented:
I use the strongest filtering, look at my quarantine and whitelist what I need to. Better safe than sorry even it it hinders some people.
Lee W, MVPTechnology and Business Process AdvisorCommented:
You have to remember that the bad guys WANT you to be infected so ANYTHING you use to stop you can feel CONFIDENT the bad guys are actively trying to find ways around.  And even one slipping through can make them thousand$.  Tiered is the only approach.  And while filtering the email is a must, so is web filtering.  Any way you can get infected is a way you can be hit with ransomware so focusing JUST on email is foolish.
"Is there a device or any technology that prevents users from opening emails with ransomware and infecting the network shares?" - yes.
Application whitelisting will only allow known, defined code to run. Windows xp already knows this technology (called "software restriction policies"). On enterprise editions, its successor is usable under the name "applocker".

In win10 1709 which will be out next month, there is even a new anti-ransomware technology that relies on this whitelisting principle. Read https://blogs.windows.com/windowsexperience/2017/06/28/announcing-windows-10-insider-preview-build-16232-pc-build-15228-mobile/ - it's called "controlled folder access".
btanExec ConsultantCommented:
If the emails gets into user inbox, nothing will stop users from clicking the links or attachments. There may still have the spam coming in despite best effort check in email exchanges. User is your human firewall. You can consider having SPF and DKIM support in email exchange to reduce the spoofed email counts.

As expert suggested, application whitelisting is definitely a must have. And consider anti ransomware suite like Malwarebytes anti ransomware, HIPS may have its own add on detecting this threat. In fact, we try to reduce Or disable use of SMB and RDP to mitigate mass infection spread. The concern is on common shares used which we also try to restrict and do a cleanup regularly though tedious and migrating away from file shares.
IBSITAuthor Commented:
I thank you all for your contributions.

JohnBusiness Consultant (Owner)Commented:
You are very welcome and I was happy to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.