The pandemic has helped highlight a shared concern within both SMBs and enterprises: secure enablement of managed remote work. Sure, many entrepreneurs and start-ups have “wild-wested” their way into remote operations, but properly managed systems that are risk-averse and planned strategically require more. Now, with the threat landscape changed by the pandemic, the scale of businesses looking at cyber defense technologies has changed. While mature operations have already implemented better safeguards for their business and personal data, current remote work challenges dictate an even wider need for protection against both ransomware and new, previously unknown threats.
Increased protection against ransomware is just the start
Niche enterprises and SMBs that may not have invested into their defenses beyond traditional endpoint protection are now taking a second look, prompted by the risks of having a substantial number of employees working outside of better-protected corporate networks. With the trend of small and medium-sized businesses, such as government or military contractors, healthcare clinics and practices, private investigative businesses, legal firms, etc., often coming into possession of critical data, many other businesses have begun to follow.
Such high-value data is a great opportunity for ransomware gangs looking for high yields. As such, an effective way of increasing pressure on businesses to pay up comes via tactics such as doxing or “auction houses,” requiring the criminals to exfiltrate or remove the data before encrypting it. Methods that target backup data have also made inroads. Businesses refusing to pay for decryption keys are then threatened that their data will be sold. That is exactly what happened to the law firm, Grubman Shire Meiselas & Sacks, when Sodinokibi (aka REvil) ransomware operators reportedly stole 756 GB of data, threatening to auction it off, starting with the personal data of celebrities such as Nicki Minaj and LeBron James.
More striking may be the massive business continuity outage suffered by Garmin, a GPS and fitness tracker market leader. The outage was traced back to WastedLocker ransomware that prevented user access to Garmin Connect – a software that holds data on runs, workouts and activities – as well as to production systems and call centers. Likewise, smaller companies can face the same challenge, be they fitness centers with data-savvy members, or food delivery services using customer and location data.
Invest more in tough times?
With margins tightening, businesses have even lower tolerance for disruption and reputation loss, so possession of highly confidential data greatly benefits from a rapidly acting and secure solution against ransomware, such as ESET Dynamic Threat Defense (EDTD). EDTD acts as a “subcontractor” for endpoint solutions by undertaking the analysis of suspicious files via a vastly more powerful, dedicated system capable of analyzing samples in minutes. The subcontractor? A powerful, cloud-based sandbox that uses high-performance cloud instances to run a machine learning engine that analyzes samples submitted from your environment for ransomware and other complex threats.
<Image 1. EDTD function – in this scenario vs. email threat>
In the case of a successful ransomware infection (worse still, with non-existent or non-functional backups), a company could lose access to invoices, customer data and even entire systems. Cybercriminals have increasingly moved to establish longer-term persistence, for example, via Remote Desktop Protocol (RDP), until extending their grasp even over dedicated backup systems. Thus, an infection may fully bring work to a standstill or cause a halt in production and, depending on its specialization, clients may also suffer, which can ultimately lead to their switching to a competitor.
Malicious actors target organizations of all sizes
The renewed surge in digitalization, including supply chains, e-commerce, customer relationship management platforms and services, and online banking, has seen businesses and their clients fundamentally raise the value of the web economy. In turn, cybercrime stakes have risen exponentially, with a corresponding rise in the sophistication of threats and the number of threat vectors faced by legitimate organizations.
Moving beyond ESET Endpoint Protection’s Ransomware Shield (a specific behavioral module that evaluates the behavior of a malicious code to detect whether it really is ransomware), EDTD extends coverage, regardless of the threat or vector, be it email-distributing ransomware, a zero-day threat or an exploit, and is beneficial for organizations of all sizes, starting with only 5 devices.
Is it a race or an arms race?
To combat these scenarios and the threats they introduce to the network, ESET Dynamic Threat Defense is triggered. Smaller businesses can utilize a cloud-based sandboxing technology that uses multiple machine learning models to detect new, never-before-seen types of threats (zero-day). A prime example may be email attachments that are classified as malicious, and then quarantined, with the email recipient and IT administrator receiving information about the detection.
Racing to support rapidly growing demand for secure remote work, ESET has opened EDTD up to a wider audience. Simply, more companies need enhanced protection and, with user-friendly remote management consoles, variable license sizing and scalable costs, and no resources needed for deployment – only a valid license – businesses can now substantially increase protection.
Not only SMBs … even SOHOs can arm themselves
Accessed via ESET Security Management Center or ESET Cloud Administrator, even security teams managing smaller numbers of seats will be able to lock in core EDTD functionality and keep costs in check via the purchase of new types of bundles. The bundles, starting with provision for just 5 seats, are well-suited to help companies concerned with their remote work challenges. Scaled for admins of smaller fleets of remote machines, this package cuts some functions concerned with behavioral reporting, but maintains its defensive capabilities and File Response Status (EDTD results).
For larger, more complex or more “mature” businesses wanting to cover 100 seats or more, EDTD provides its full functionality and battery of reporting metrics. Pricings for both the 5-99 seat and 100+ seat versions of the offer are made possible via the introduction of a “soft” Fair Usage Policy (FUP) on the number of samples per seat, per month, allowed, which is applicable to the following scaled bundles: ESET Dynamic Endpoint Protection, ESET Targeted Attack Protection and our new ESET Remote Workforce Offer (ERWO).
<Image 2. Scaled packages, your preferred console and FUP to sum up your risk>
ERWO was built for businesses with needs of up to 250 seats. The package includes EDTD managed via the ESET Cloud Administrator platform and comes complete with ESET Full Disk Encryption.
*MSPs wishing to leverage EDTD are still able to access this resource in the stand-alone offer, without any limitations on numbers of samples submitted (FUPs) to the cloud sandbox analysis (see graphic above).
Deliver awareness to admins first
Building employee awareness may be key, but scanning recent news, we can see that immediate risks exist. With EDTD, IT admins receive direct alerts when protected machines have a detection; awareness is raised at the network level. Thus, whether security incidents are the results of the attackers’ skills or the negligent security habits of employees, is a moot point. The acute risks mean that bringing remote workers as close as possible to managed corporate network security standards is a top priority.
If this is a concern for your organization, you can explore how a multi-layered security suite like ESET Endpoint Protection, with an advanced threat defense component like EDTD, can scale with current and developing needs here.