MFA at RSA
The first live RSA Conference in two years is nearly upon us. Pre-Covid, RSA typically had a predominant theme–stopping APTs or AI. What will this year’s dominant theme be? There should be little debate over this: Ransomware.
Recently, Refeeq Rehman published his CISO Mindmap with 2022 security priorities. Top of the list: Ransomware. As Rafeeq put it, “Ransomware is widespread and will continue to be in the near future, as it provides a quick monetization path to attackers. In many industry sectors, it also touches human life and safety (energy, healthcare, manufacturing, shipping, etc.) making it even more impactful.” He adds, “Ransomware attacks have high visibility among corporate boards and executive leadership.”
So what should security teams look to learn at RSA about ransomware? Well, the title of this blog does kind of give you a hint, but let’s look at some key topics with a little more in depth.
- MFA everywhere: Imagine MFA EVERYWHERE in your organization. Post Snowden, it’s a safe bet to assume that nation-state actors like the NSA, Mossad, GRU, China, and more have all deployed–and scaled–MFA everywhere. And where nation states go, eventually so does the rest of the industry. MFA has proven highly effective where it has been applied. However, MFA currently works in primarily cloud environments, leaving a big gap for the on prem world. Could Ransomware thrive if MFA was everywhere?
- Cost-effective ransomware tools: Every vendor puts a Ransomware spin on their product. At Black Hat Europe last year, our research team developers released the RPC Firewall–a free tool designed to stop Ransomware. RPC is a common technical backbone in the vast majority of Ransomware attacks. The tool impedes ransomware’s ability to deploy via the RPC protocol. How does it work? The RPC Firewall:
- Identifies valid RPC activities in their environment using the RPC firewall audit capabilities.
- Continuously fingerprints known TTPs for reconnaissance and lateral movement.
- Deploys both Allow and Block lists to detect and block RPC based attacks.
Set up a meeting with Zero Networks and learn how we stop Ransomware
Zero Networks won’t have a booth, but we’ll be at RSA. In fact, we’ll have a meeting space near Moscone. Leading companies in healthcare and finance use Zero Networks – a Gartner Cool Vendor – to automatically take every asset and restrict network access to exactly what is needed–applying protection for client, server, home, office, on-premises or in the cloud.
Set up a 30 minute meeting with us at RSA and we’ll give you a set of AirPods! Simply schedule the meeting now and come by our meeting room for your complimentary AirPods.