Recommended Steps to Mitigate Ransomware


One of the biggest challenges for Chief Information Security Officers (CIO) today is preventing Ransomware attacks that have been increasing day by day. Ransomware attacks cause huge damage to organizations. Ransomware attacks have become one of the primary cyber threats to organisations today. The attacks have been growing to become more sophisticated and a big challenge to organizations. Today, any company that requires access to critical data or faces loss or hardship in the event of business interruption is a potential ransomware victim. 

Key business issues that occur due to ransomware attacks:

  • Stealthy threats continue to evade even the best defences
  • Disconnected security layers with siloed tools and data sets make it difficult to correlate information and detect critical threats
  • Too many alerts and overloaded organizations don’t have the time or resources to investigate
  • Consolidated visibility into an organization’s current security status, trending over time, is hard to come by and limits the ability to know what to focus on and where action should be taken 

Solution – Adopting a ‘defence-in-depth’ approach. This means using layers of defence with several mitigations at each layer. Trend Micro recommends prevention, detection and response method to ransomware risks with four layers of protection for:

  • Email and web
  • Endpoint
  • Network
  • Workload 

Enterprises can take advantage of Trend Micro Vision One, which collects and correlates data across endpoints, emails, cloud workloads and networks, providing better context and enabling investigation in one place. This approach enables teams to respond to similar threats faster and detect advanced and targeted threats earlier in the attack lifecycle. Trend Micro Vision One is a purpose-built threat defence platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers. Trend Micro Vision One prevents the majority of attacks with automated protection. Native sensors and protection points coupled with the XDR capabilities that stitch together threat activity across layers allow for the quick detection of complex attacks that bypass prevention. This provides an unmatched understanding of the activity data in your environment and a balanced approach to security, as teams can quickly see the story of an attack and respond faster and more confidently. The visibility and efficiency that is provided by Trend Micro Vision One makes great security teams even better, enabling them to do more with less. In addition, the Trend Micro Managed XDR service can augment teams with expert threat hunting and investigation. 

Key benefits of XDR with Trend Micro Vision One

Prioritized view of threats across the organization: Organizations without an XDR approach ignore nearly double the security alerts as those with XDR capabilities. XDR correlates and combines low-level signals into high-fidelity alerts which tell the story of an attack. Security personnel can quickly understand where to focus efforts.

More effective analysis: With native integration into email, endpoints, servers, cloud environments and networks, XDR sensors benefit from a deep understanding of data sources. This results in more effective analytics combined with continuously updated detection rules and global threat intelligence from Trend Micro Research, compared to having third-party integration through application programming interfaces (APIs). Organizations with an XDR approach suffered half as many successful attacks.

Clearer contextual view of threats: By viewing more contextual alerts across more threat vectors, events that seem benign on their own suddenly become meaningful indicators of compromise. This allows one to connect more dots into a single view, simplifying the steps towards achieving an attack-centric view of an entire chain of events across security layers and taking response actions from one place. This enables more insightful investigations and gives you the ability to detect threats earlier.

Stops more attacks, quicker: The net of XDR is better protection for your organization through earlier detection and faster response. According to ESG, those with XDR are 2.2 times more likely to detect a data breach or successful attack in a few days or less, versus weeks or months for those without.

Reduces time to detect and stop threats: Collapses the time it takes to detect, contain, and respond to threats, minimizing the severity and scope of impact. ESG found that organizations with an XDR approach respond more completely to attacks and were 60% less likely to report that attack re-propagation had been an issue.

Increased effectiveness and efficiency of threat investigation: By automatically correlating threat data from multiple sources, XDR speeds up and removes manual steps involved in investigations and enables security analysts to quickly find the story of an attack. Organizations with an XDR approach stated it would take eight full-time employees to replace the data correlation capabilities of XDR and also are 2.6 times less likely to report their team is overwhelmed.

Integrated with third-party systems: As organizations may have other security tools and technologies deployed in your environment, Trend Micro offers a growing portfolio of open APIs and integrations to third-party systems like SIEM and SOAR. Trend Micro Vision One has the ability to fit within these ecosystems and security operations workflows, acquiring meaningful data from your infrastructure to further enrich and validate your XDR capabilities.

About the author:

Gaurav Ranade is CTO at RAH Infotech.