Ransomware is an ever-present concern for organizations. According to research, 75% of organizations experienced ransomware attacks in the last 12 months, with 10% facing daily attacks.[i]
Many organizations turn to the NIST Cybersecurity Framework (CSF) 2.0 for guidance on critical cybersecurity outcomes they can adopt to manage risks from threats like ransomware. NIST CSF 2.0 outlines six key functions within organizations that can reduce cybersecurity risk: [ii]
NIST CSF 2.0 function | Activities |
Govern | Establishing, communicating, and monitoring the organization’s risk management strategy, expectations, and policies. |
Identify | Understanding current cybersecurity risks, from assets and data to people, suppliers, and facilities. |
Protect | Putting safeguards in place to prevent or lower the likelihood of adverse cybersecurity events affecting identified resources. |
Detect | Finding and analyzing possible attacks and compromises. |
Respond | Containing cybersecurity incidents when detected. |
Recover | Restoring assets and operations affected by a cybersecurity incident back to their normal/baseline state. |
The role of network security in ransomware defense
A layered security approach to combatting ransomware often involves capabilities spread across multiple solutions. A patchwork approach to security can create complexity, inconsistencies, and gaps. This makes it harder for teams to implement critical functions needed to effectively protect against ransomware threats.
Security-first, AI-powered networking from HPE Aruba Networking can help. Built on zero trust security principles, the security-first, AI-powered network provides a common foundation that security and networking teams can use to power distinctive user experiences—covering multiple NIST CSF 2.0 functions and functioning as a critical first layer of ransomware defense.
1. Govern
Global policy capabilities within security-first, AI-powered networking give security teams the ability to define and apply policies based on business intent, user, device and application resource identity, and roles. Client roles follow users and devices and span the entire enterprise, eliminating painstaking maintenance of access controls for every device in the organization.
2. Identify
Ransomware protection requires identifying sources of risk. In addition to users, IoT devices connected to enterprise networks pose some of the greatest risk to organizations today. Security-first, AI-powered networking leverages the power of AI and ML to help security teams scale protection to reduce risk from IoT devices.
Cloud-based network management solution HPE Aruba Networking Central includes AI-powered visibility and profiling with Client Insights, delivering up to 99% profiling accuracy of known clients with <5% rate of unknowns[iii] across a wide variety of endpoints connecting to the network.
Additional AI-powered security observability capabilities strengthen protection against IoT risks by using ML to analyze dynamic device attributes, including traffic patterns and behavioral characteristics such as connection state and network residency, to accurately categorize and identify IoT devices.
HPE Aruba Networking edge devices, such as access points, switches and gateways, complement these capabilities by identifying and classifying over 3,800 on-prem and cloud application resources and millions of web sites in real time.
3. Protect
HPE Aruba Networking solutions include tools to safeguard the network from intrusions that could be an attack vector for ransomware. WIDS/WIPS and RAPIDS enable security teams to quickly identify and investigate or restrict interfering devices.
Within a zero trust environment, least-privilege access can stop compromised devices from reaching corporate resources and external ransomware sites, as well as prevent lateral spread of attack. HPE Aruba Networking edge devices can be leveraged as user- and app-aware policy enforcement firewall and intrusion protection systems to inspect network traffic and apply least-privilege access policies.
For users that do not require corporate network access, HPE Aruba Networking SSE delivers a ZTNA service that enables least-privilege access to applications, providing a direct, secure path to private applications without extending network access to the end user, reducing the potential attack surface. While ZTNA keeps remote users off the corporate network, SSE local edge enables organizations to enforce the same zero trust policies on campus without hair-pinning traffic out to the cloud, allowing secure access while optimizing experience and resiliency.
For users and devices on the network throughout the distributed enterprise, Dynamic Segmentation reduces blast radius by limiting lateral movement.
4. Detect
To prevent threats from taking hold, organizations must get early, credible signals of compromise or attack.
HPE Aruba Networking Central delivers a closed-loop network detection and response (NDR) solution based on behavioral analytics. This NDR solution leverages HPE Aruba Networking Central’s industry-leading data lake (with data from nearly 4 million devices and over 1 billion clients) to train and deploy AI models to monitor and detect unusual activity in IoT devices.
HPE Aruba Networking AI-powered IoT-device behavioral baselining gives security teams a view of anamolies that could be a signal of compromise or attack.
HPE Aruba Networking Central monitors the network for malicious activity, using IDS/IPS threat intelligence signatures to inspect network traffic and detect patterns that match the ransomware kill chain, generate threat events, and (if enabled by security administrators) drop malicious data packets. These capabilities provide an extra layer of protection that actively analyzes the network, provides signals, and takes rule-based action on traffic flows to prevent threats like ransomware in real time.
Ransomware detection signals from HPE Aruba Networking can be shared and received with multiple partner technologies within the security ecosystem via the HPE Aruba Networking 360 Security Exchange. Webhooks in HPE Aruba Networking Central can also be configured to send a notification to Zerto for preventative action.
Ransomware can also be detected in other parts of the IT infrastructure. Zerto monitors and reports on encryption as data streams in and can detect anomalous activity within minutes to alert users of suspicious activity.
5. Respond
Although there are many different facets to robust ransomware response, what resonates with experts is a multi-layered, multi-pronged approach that includes both proactive and reactive elements.
- Based on signals received from HPE Aruba Networking, Zerto can secure storage devices to prevent a ransomware attack or minimize damage.
- HPE Aruba Networking ClearPass network access policies can restrict, deny, or re-admit a device on the network based on data received from elements within the security ecosystem.
6. Recover
Continuous data protection plays an important part in comprehensive ransomware protection and resilience strategies by enabling organizations to manage, protect, recover, and move data and applications across on-premises or cloud destinations.
Using Zerto’s early warnings of a potential ransomware attack, teams can pinpoint when an attack was initiated and recover data to a point in time just prior to infection.
As a last line of defense, the Zerto Cyber Resilience Vault—including HPE Aruba Networking switching—uses an ultra-secure zero trust architecture to provide an ironclad recovery solution tailored to specific regulatory and compliance requirements.
See security-first, AI-powered network security solutions in action
HPE Aruba Networking Central, HPE Aruba Networking SSE, and Zerto rapid air-gapped recovery solutions will be on display at Black Hat USA 2024, taking place August 7-8, 2024. Stop by booth #1160 to meet HPE security experts and watch a demo.
Protect your organization from ransomware
Check out these resources to learn more.
- Protection against Ransomware and Extraction with IDS/IPS in Edge-to-Cloud Architecture (video)
- Recovering from Ransomware: Before and After (infographic)
- Counter ransomware attacks to prevent data loss and downtime (brochure)
Sources
[i] 2023 Ransomware Preparedness: Lighting the Way to Readiness and Mitigation. Enterprise Strategy Group. September 2023.
[ii] The NIST Cybersecurity Framework (CSF) 2.0. National Institute of Standards and Technology. February 2024.
[iii] Client Insights: Automatically identifies each endpoint connecting to the network with up to 99% accuracy, which is especially important as increasing numbers of IoT devices are added to networks, sometimes without approval from IT. https://www.businesswire.com/news/home/20220726005426/en/Aruba-Helps-Network-Teams-Overcome-Scarce-Staff-Resources-with-First-AIOps-Solution-that-Combines-Network-and-Security-Insights-for-Improved-IT-Efficiency. Also: Client Insights offers profiling accuracy of up to 99% with a success rate that delivers fewer than 5% of “unknowns”. The key is that Client Insights natively uses telemetry gathered from Aruba APs, switches, and gateways without the need for physical collectors that add complexity. https://www.arubanetworks.com/assets/eo/AAG_Client-Insights.pdf
Eve-Marie_Lanza
Eve-Marie Lanza is a Senior Security Solutions Marketing Manager at HPE Aruba Networking, where she leads marketing for Edge-to-Cloud Security solutions. She brings to the role more than 15 years of experience in portfolio and solutions marketing with a focus on enterprise networking and data center technologies. Eve-Marie holds an MBA from the University of California at Davis.
