2021 is shaping up to be the year of Ransomware. Certainly here in Tauranga there are a lot of business worried what to do, and I am sure a few District Health Boards and District Councils as well. Fortunately, the answer is quite easy, and one that the Wakaito DHB has failed to implement very well, even with some hefty help, to get it right.
In a small organisation its releativley easy to to know what needs to be backed up , what devices are present on a network, who has access and to put some basic ground rules in place for staff. If things go wrong it is also failry quick to wipe devices and restore the backups.
When you get to more than 100 staff, it gets progressively more difficult to keep control over what staff do and keep track of devices, but such organisations typically have more money to throw at the problem and one would hope pick better and better technologies.
However Wakaito DHB had a great firewall, they had a good email gateway to scan their emails and they had good endpoint protection (ant-virus). We don’t know how up-to-date they were with patches on that device or if a 0-day (as yet unkown vulnerability) in Windows was used. We do know an attachment was opened trigged the mess they are now in. Some staff had presumably had some form of internet security training. None of it helped.
Why? The reason why is because the threats out there practise this stuff day after day. They have every known Antivirus installed in test networks with everyone known combination of firewall and the test these things again and again. Some are state-sponsored groups with large resources and some are lone hackers, probably with a job, looking to put food on the table. They all join together in underground darknet forums and trade information on targets, data on vulnerabilities and software tools.
Efivetivley this means that the traditional Anti-Virus is obsolete. They work on detecting signatures of known malware, viruses and other threats. The issue is that the first few people that get with these things have no protection, or if a virus is targeted as a specific organisation again there is no known signature.
New Zealand too is a rich picking ground for attacks via email, because the country is so safe, people are generally very trusting. Email is taken very seriously and even things that are clearly spam are forwarded on to colleges for their attention.
Here Artificial Inteligence (AI) and Machine Learning (ML) comes to the rescure, and there is no one that has done it better than SentinelOne. Others may also be blocked from doing as well due to the patents SentinelOne has. Aparat from the AI and ML they have 4 seperate engines working to protect your desktop:
- AI/ML layer that looks for suspicious activities. eg: Does that word document really need to be installing a new program?
- Traditional static signature detection
- Threat Intelligence – sifts through large amounts of data to determine what is relevant and what to mark as a suspected threat
- Remediate and Rollback – when a threat is detected it is neutralised and all changes it made are rolled back.
That is just a part of what makes SentinelOne work so well. Just how well can be seen in this graphic, SentinelOne was the only program to stop 100% of attacks thrown at it in the April 2021 MITRE ATT&CK evaluations of endpoint security products.
Formed in Israel in 2013, now based in California, SentinelOne has raised about $US 700 million and was valued at $US 3 billion following a November 2020 funding round, according to PitchBook Data. Investors include Insight Partners, Third Point Ventures, Tiger Global Management, Sequoia Capital and Sinewave Ventures. An IPO for later this year will likley see them listed on the NASDAQ with a market valuation of over $US 10 billion.
So no matter the size of your organisation, this new technology is a no brainer. It costs more than traditoan poricts, but is well worth it when you consdier the time and money that can be saved. Its automated rollback is one of its most exciting features, but coupled with the AI/ML makes it the current world leader. Best of all, the team behind it are very driven and innovative and this product is jumping ahead in leaps and bounds with every new release, and those are frequent.
Want a security audit for your Bay of Plenty company and to make sure you are safe? Give us a call right now on 07 222 0091
With thanks to