TW / EN / JP
TW / EN / JP
UPAS NOC Protection: Prepare for the Next Ransomware Attack
December 14, 2020


 

Prevention is Better than Cure

 

 

Ransomware can be roughly divided into three stages of infection: entry, spread, and encryption. Since the development of ransomware, encryption methods and complexity have continued to evolve. When an enterprise is encrypted by ransomware, cracking the key becomes an impractical method. The only way to save the encrypted data is to restore the encrypted data through a backup. Content. However, if the ransomware can be caught and removed at the initial stage of infection, that is, at the stage of entering and spreading, the loss of subsequent remediation can be reduced.

 

 

Please check the download link for PDF: UPAS NOC 7.0 Ransomware Protection

 

 

 

 

How to Block Ransomware from Entering the Intranet

 

 

If hackers want to spread ransomware to all devices in the enterprise, they usually gain control of any terminal device first and use it as a springboard to infect the entire intranet. Therefore, if you want to block ransomware from outside the intranet, you can use the following methods to make it impossible for hackers to take advantage:

 

 

 

 

Disable Remote Desktop Function

 

The function of RDP was introduced in detail in the previous article. As the largest channel of ransomware intrusion, turning off RDP will bring a certain degree of inconvenience, but it can effectively reduce the chance of hacker intrusion.

 

 

Perfect Asset Management Function

 

Although hackers rarely attack through software and OS version vulnerabilities, they still have the opportunity to gain control of the device through this channel. Therefore, ensure that all devices in the intranet are updated to the latest OS version, no pirated software is used and all software is updated to the latest version, in order to fully prevent hackers from entering the intranet through loopholes.

 

 

Minimize Account Permissions

 

In order to prevent hackers from installing malicious software and causing harm to the intranet, the permissions of the local account should be minimized and the AD account should be managed to avoid giving the account unnecessary permissions.

 

 

Use of Antivirus Software and Update of Virus Code

 

Although ransomware is difficult to detect through anti-virus software, malicious programs such as backdoor programs can be intercepted and removed by anti-virus software. Therefore, the anti-virus software should be maintained at the latest version and the virus code provided should also be the latest content. , In order to completely prevent hackers from gaining access to the intranet through malicious programs.

 

 

Establish Information Security Awareness

 

Hackers often use fake websites and emails to trick employees into downloading malicious programs to attack the intranet. The behavior of employees is the most difficult factor to control. Poor usage habits and security awareness can easily cause intranet infringement. Therefore, establishing a sound information security education system and cultivating employees' good information security awareness is also a link that needs attention.

 

 

 

 

How UPAS NOC Prevents Ransomware

 

UPAS NOC can be said to be comprehensive in terms of intranet management, many of which can effectively block ransomware from the intranet. UPAS uses a zero-trust architecture to minimize the impact of security vulnerabilities, and can instantly detect anomalies in multiple links when hackers launch targeted infiltrations.

 

 

 

 

98% The Highest Asset Management Rate in the Industry

 

Asset inventory and management are the source of all information security, and the safest intranet environment can only be achieved when all networked devices are managed. UPAS can achieve the industry's highest 98% equipment management rate, manage all equipment on the intranet, and use this as the cornerstone to add a unique equipment whitelist and compliance inspection method to find weak equipment to achieve continuous defense and management , So that ransomware can't take advantage of it.

 

 

 Device Compliance Inspection

 

The unclear number and status of the device makes it impossible to efficiently confirm whether the device has been updated to the latest version. UPAS has solved this problem with a 98% asset management rate.

 

 

  • (1)UPAS interfaces with the WSUS server to find out if there are updates and force device updates.
  • (2)Output asset list and device status chart, showing in detail the system and version used by the intranet device.
  • (3)Master the installation and update of anti-virus software and asset management software to ensure that the virus code is maintained at the latest version.

 

 

A comprehensive asset inventory allows UPAS to perform detailed equipment compliance inspections, prohibit non-compliant equipment from connecting to the intranet, and can produce a complete software and hardware summary table to help companies understand all equipment in the intranet. Find vulnerable device.

 

 

Power on/off Report

 

UPAS can generate a report on the power-on and turn-off information of computer equipment, allowing managers to understand the general status of the equipment through the report content.

 

 

  • (1)If the device is not restarted for a long time, the OS Patch may not be updated, which may cause device vulnerabilities.
  • (2)If an employee does not shut down his device after get off work, he may become the target of hackers.
  • (3)The device has not been turned on for a long time and there is no way to maintain the latest version with anti-virus software and virus code.
  • (4)The abnormal power on/off alarm of the device can identify abnormal activities, such as the installation of malicious programs.

 

 

In addition to the device power on/off report, UPAS also provides other 55 types of reports and 198 analysis items to help managers better understand the status of intranet devices.

(For more details, please check the download link: UPAS NOC 7.0 System Report Overview

 

 

Patch Management

 

By assigning Agents to terminal devices, UPAS can further grasp the software usage of various devices and the control of USB devices. Through the management and control of software and USB devices, the channels through which hackers and ransomware can invade are reduced, thereby achieving comprehensive protection of the intranet.

 

 

  • (1)Check whether the software should be installed correctly.
  • (2)Check the number of installations of copyrighted software to ensure that the number of installations does not exceed the number of licenses.
  • (3)The installation of specific software can be prohibited, and the installed device can be forced to uninstall to maintain device and network security.
  • (4)Use the USB whitelist to control all USB devices such as storage devices, optical drives, network cards, mobile hard drives, etc., and only allow access to the devices in the allow list.

 

 

 

Data Flow monitoring

 

Devices controlled by hackers usually have abnormal traffic. UPAS can monitor network usage and control terminal device network usage behavior. Provide network traffic information and produce related traffic reports. It also provides network attack analysis and analyzes suspicious network attacks through historical records.

 

 

AD (Active Directory) Management

 

The control of the local account is a very important thing for the defense of ransomware, and the account management with the least authority can prevent hackers from destroying through the authority of the local account.

 

UPAS's AD management can restrict users to only log in with AD accounts, and cannot log in with local accounts, preventing hackers from installing malicious software to harm the intranet. At the same time, it provides AD login/logout time records to manage idle devices in the intranet or devices connected using RDP to reduce the chance of being attacked by hackers.

 

 

Configuration Behavior Check

 

When a hacker has obtained permission and wants to send ransomware to devices, UPAS can alert the abnormal behavior of the configuration in time, such as adding illegal software, changing the GPO policy, opening the highest-privileged folder sharing, etc., so that the enterprise can timely Prevent the installation and operation of software and reduce the amount of loss.

 

 

UPAS NOC Deploy Defense Mechanisms Against Ransomware

 

UPAS protects the intranet from ransomware through various functions. UPAS uses various functions to prevent the intranet from ransomware. Establish a comprehensive intranet defense network to avoid huge losses due to data being kidnapped.

 

For more details, please check the download link: UPAS NOC 7.0 Ransomware Protection

 

 

BACK TO LIST