Why Traditional Security Solutions aren’t Stopping Ransomware

Tal Zamir
October 13, 2021

75% of companies that were hit by ransomware last year had up to date endpoint protection solutions in place. Why didn’t that help stop the attacks? Let’s take a look at the most common approaches to ransomware prevention, and why they haven’t been able to provide a solution for enterprises. 

 

Approach 1: EPP/EDR Agents and Web/Email Gateways

EPP/EDR solutions are actually great at stopping ransomware – when the threat is known or uses techniques that are clearly malicious. But malware is getting better – it can act legitimately in ways that fool detection systems. And attackers can test their ransomware to see if endpoint solutions detect them. So they’re less likely to try an attack that they know isn’t effective. 

 

Approach 2: Phishing Training

It doesn’t matter how good your anti-phishing training is. It still only takes one mistake from one user to undo all that good training. And training wears out. One study from the Cyentia Institute found that 40% of anti-phishing trainees still fail phishing tests. Educationalone  isn’t the answer. 

 

Approach 3: App Whitelisting

Theoretically, you can just restrict your users to apps and sites that you’ve pre-approved. But this will cause major damage to user productivity. Be prepared for your IT team to spend all day dealing with exception handling and your users to work to find ways around your draconian controls. On top of all that, attackers can still leverage signed legitimate software. 

 

Approach 4: Browser Security Controls

Browsers have built-in security mechanisms that prevent some browser exploitation. But there were around 30 critical vulnerabilities just in Chrome last year. And the attack surface of browsers continues to grow. They’re essentially mini operating systems. They’re also highly targeted by attackers, and they’re constantly looking for zero days. 

 

Approach 5: Content Disarm and Reconstruction

CDR takes potentially malicious documents and tries to detonate them by removing scripts, macros, and other potentially malicious content embedded in these documents. However this approach only works for certain document types. It doesn’t defend against malicious app installers, executables, websites, or peripherals. It can also remove some document functionality or corrupt some documents.

So what unites these flaws? What do they have in common that renders them vulnerable?

They all have the same design flaw: They mix multiple security domains on a single OS. Sensitive data is sitting on the same endpoint as risky/malicious applications. This affects all endpoints and is the primary reason that we see ransomware being so successful. 

 

To solve this, we need a solution that can:


  • Protect against Zero Day Attacks
  • Protect Apps, Browsers, and operating systems
  • Requires minimal user training
  • Requires a minimum of IT overhead
  • Doesn’t mix multiple security domains on the same OS.

 

Isolate Endpoint Threats with Hysolate

We can reduce the risks of ransomware by using a separate OS for risky activities that can contain endpoint threats. Every time an employee clicks a suspicious link or file, that potentially malicious content will be seamlessly launched in a separate OS. 

That’s what OS isolation does – admins pre-define what types of apps, sites, and resources can be opened in the ‘corporate’ OS and then any other activity is automatically redirected to a local  OS running on the user’s device. Because this ‘risky’ OS looks exactly like a standard Windows desktop, there’s no added training for users. IT managers can set policies that apply to multiple users, reducing IT overhead. And because OS Isolation doesn’t rely on a database of ‘known’ malicious behavior, it will continue protecting against malware for years to come. 

To learn more about Hysolate’s endpoint isolation Workspace, download Hysolate Free, or request an enterprise demo.

 

Tal Zamir

Tal is a 20-year software industry leader with a track record of solving urgent business challenges by reimagining how technology works. An entrepreneur at heart, he has pioneered multiple breakthrough cybersecurity and virtualization products. Before founding Hysolate, Tal incubated next-gen end-user computing products in the CTO office at VMware. Earlier, he was part of the leadership team at Wanova, a desktop virtualization startup acquired by VMware. Tal began his career in an elite IDF technology unit, leading mission-critical cybersecurity projects that won the prestigious Israeli Defense Award. He holds multiple US patents as well as an M.Sc. degree in Computer Science, and the honor of valedictorian, from the Technion.