According to FBI Director, Christopher Wray, when it comes to ransomware disruption and prevention, “…there’s a shared responsibility, not just across government businesses but across the private sector and even the average American.” At Elastic, we’re here to help state and native governments.
Ransomware assaults cost the U.S. government more than $18.9 billion in 2020 alone. By taking a proactive security approach, state and native IT teams can make damage from ransomware a thing of the past.
But where should state and native IT administrators and analysts start, especially when there are resource constraints and competing priorities? At Elastic, we consider there are 2 proactive techniques that should be a part of every state and native government’s cybersecurity posture in order to stop ransomware assaults before spreading to data facilities.
Early warning canary-based detections
Canary-based detection places hidden canary files at key system locations, providing IT teams with a high-confidence early warning system for suspected ransomware tampering. This advanced technique stops ransomware on Windows, and defends organizations from opportunistic adversaries like DarkSide and REvil.
Canary-based detection is a critical layer of anti-ransomware available on the Elastic Agent in our Elastic Security 7.14 release. It enhances behavioral ransomware, anti-malware, and Master Boot Record protections. As ransomware assaults become more advanced and numerous, Elastic Security research engineers proceed developing new advanced protections like this, to fight fire with fire.
Searchable snapshots, spotting malicious activity with older data
What happens if a ransomware assault has taken a hidden foothold on a system, and perpetrators are choosing their moment to extort the organization? In this case, it is best to have entry to older data so that comparisons can be made between past and current activity to spot anomalies or malicious activity before it spreads throughout a data center. The same is true for malware that may be residing on a system.
Elastic’s searchable snapshot feature lets state and native businesses retain large data volumes, for years in a format that’s immediately searchable and cost efficient. There is no need to go through the time-consuming or costly process of rehydrating old or migrated data. Instead, data is immediately available for audit or investigative purposes. The ability to gaze back at older data is essential to a proactive protection in depth approach.
Searchable snapshots increase lookback period for hunting, investigation, and compliance, and provide an affordable security resolution for state and native government.
Enact protection in depth in your agency
Due to the nature of a hyper digital world, cyber assaults have become more aggressive. To thwart attackers, state and native businesses should enact a protection in depth approach. To get initiated, visit elastic.co/industries/public-sector/state-and-native or email: [email protected]