Preventing Ransomware Attacks
Policy-Driven Zero Trust Endpoint Protection
In 2021 there was a huge increase in the number of ransomware attacks reported globally. Unfortunately, ransomware is showing no signs of slowing down. In the first half of 2021, the average ransom payment was $570,000, which was an 83% increase from the previous year’s findings, reported at $312,000.
At KT Connections we partnered with ThreatLocker to help our customers better protect their businesses and implement a Zero Trust cybersecurity solution that keeps them safe and secure, whilst helping to mitigate cyber threats.
What Is Zero Trust?
The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.
In essence, a Zero Trust Architecture allows users full access but only to the bare minimum they need to perform their jobs.
“Change the Paradigm from Blocking Known Threats, to Blocking Everything That Is Not Trusted.”
Introduction To ThreatLocker
ThreatLocker® combines Application Whitelisting with Ringfencing™ and Storage Control in ways that make security simple.
ThreatLocker® Helps With:
ThreatLocker gives you complete visibility over applications, files, and software opened in real-time, regardless of whether a user is remote or in the office.
1. Application Whitelisting
Policy-driven Allowlisting gives IT Professionals complete control over your environments to quickly and easily manage what software is allowed to run, effectively blocking malicious software.
Application Whitelisting is the gold standard in protecting against ransomware, viruses, and other malicious software.
- Default Deny: Using the ThreatLocker solution, you can default deny any application from running on your machine that is not a part of the allow list. This helps to mitigate and stop cyber-attacks from happening across your device and network.
- Time Based Policies: Permit access to applications for a specified amount of time. Automatically block the application after the policy has expired.
- Built-In Applications: ThreatLocker automatically adds new hashes when application and system updates are released, allowing you to keep your applications up to date.
Ringfencing allows for granular control over what applications are allowed to do. Ringfencing enables you to limit interaction between applications, their access to files, the registry, and the internet.
Go beyond permitting what software can run, and control how applications can behave after they have been opened. The ThreatLocker Ringfencing solution adds controlled boundaries around your applications, stopping them from interacting with other applications, accessing network resources, registry keys, and even your files. This approach is extremely effective at stopping file-less malware and exploits and makes sure software does not step out of its lane and steal your data.
- Mitigate against fileless malware: Stop fileless malware by limiting what applications are allowed to do.
- Granular application policies: Stop applications from interacting with other applications, network resources, registry keys, files, and more.
- Limit application attacks: Limit application attacks like application hopping by limiting what applications can access.
3. Storage Control
Storage Control gives you control over all storage device access including USB devices, network shares, and even individual files to help protect data. The solution limits access to data by application, controls data exfiltration, and minimizes the damage caused by cyberattacks.
Controlling access to storage should be about more than blocking USB ports. With ThreatLocker, you can control device access down to the most granular level, including the file type, user or group, application, and serial number, even if the device has been encrypted. ThreatLocker not only protects you from USB drives, but it also protects all your files, including those on your local hard drives and file servers.
- Comprehensive Auditing: A full audit of all file access on USB, Network and Local Hard Drives.
- Granular access: Restrict or deny access to external storage, including USB drives, network shares, or other devices.
- Easy Approvals: Single-click approval for specified devices or users for a limited amount of time or permanently.
- Application file/folder Controls: Limit access to a device or file share based on the application. Total USB Control: Enforce or audit the encryption status of USB hard drives and other external storage.
4. Elevation Control
Run selected applications as a local administrator without making users local administrators. Just-in-time elevation on a temporary or per-application basis allows organizations to remove local admin permissions without stopping productivity.
ThreatLocker Elevation Control connects to its cloud-based Application Control Suite to add an extra layer of security by creating access policies for individuals on specific applications.
- Complete Visibility of Administrative Rights: Gives you the ability to approve or deny an individual’s access to specific applications within an organization even if the user is not a local administrato
- Streamlined Permission Requests: Users can request permission to elevate applications and attach files and notes to support their requests.
- Varied Levels of Elevation: Enables you to set durations for how long users are allowed access to specific applications by granting either temporary or permanent access.
- Secure Application Integration: In combination with ThreatLocker Ringfencing™, ensures that once applications are elevated, users cannot jump to infiltrate connected applications within the network.