In the cybersecurity industry, there is an arms race. Cybersecurity services providers and products are increasing their efforts in detecting new attacks (called zero-day vulnerability exploitations).
At the same time, cybercriminals are finding unheard ways to exploit networks. So far, ransomware gangs are winning – now is the time to invent or re-think if the current detection-only methodology is working.
In an arms race, the end result is that damages or threats are getting more destructive. First-generation ransomware only encrypts files.
Now, the latest ransomware attack uses inventive methods to maximize their threats. The attackers would extract a large quantity of sensitive information from victims before encrypting data, and then threaten to release or sell the stolen information, exerting greater pressure and urgency on the victims to pay the ransom.
Lockfile evades detection
AI and ML are used to detect abnormal behaviour in the network or PCs. But ransomware developers are not sitting ducks. Recently, there is new ransomware called Lockfile, using an innovative file encryption technique to evade detection.
It does not continuously encrypt files, it encrypts 16 bytes of data in a file and then skips 16 bytes. This saves time and is also harder to detect by cybersecurity tools. The data file is damaged (or taken hostage ) nevertheless. LockFile is just one example of this cat and mouse game, never-ending!!
“The use of blacklisting as a form of cybersecurity protection is common, but it requires security personnel to keep a permanent eye out for any malware they want to block from an agency’s IT environment. That can be a daunting prospect.” said Erin Brereton from fedtechmagazine.
Also Read: Explore cutting-edge cybersecurity tech at SINCON 2021
One method able to end this arms race is URL whitelisting. IT managers can isolate their network using whitelisting and only allow a list of trusted or pre-approved domains for users to access. These whitelists should only include well known, vetted and trustworthy websites, like banks or government websites.
Since ransomware is not hosted on these websites, it is impossible for ransomware to download or upload data as each network connection to malicious websites is blocked by default.
Whitelisting websites has its disadvantages and it is why it is not popular. Firstly, it reduces productivity – users are not able to access new websites or anything outside the whitelist. Secondly, maintaining the whitelist is resource-intensive with a complicated risk assessment process to approve new websites and add the domain name into the whitelist.
The inversion of whitelisting is blacklisting, which most of the security vendors are offering. They constantly collect logs, netflow or file hashes and then send alerts, threat intelligence or Indicator of compromise (IOCs).
Company security teams convert these alerts or threats intel into firewall rules or web filtering rules. It is a never-ending game and only effective if your company has a team of cybersecurity professionals. Collecting logs and user activities without violating privacy laws is also challenging!
“At first blush, this (whitelisting) seems to make security a snap: you don’t have to worry about new malicious code emerging as a threat to your infrastructure because the only things your machines can access are things you already know are safe.” by Josh Fruhlinger, journalist from CSO Online.
Augmented whitelisting
Traditional whitelisting is not user-friendly. Hence, we propose a new augmented whitelisting, which allows users to access unknown or not yet approved websites in a walled garden.
With AP Lens augmented whitelisting, pre-approved or well-known websites are allowed and users access it directly. For example, the top 100K websites in users’ countries. When accessing a new website outside of this 100K domain, users are forwarded to an AP Lens virtual browser session.
Also Read: Practical tips to protect your business from cyber attacks
The virtual browser is delivered to the end-user instantly without any software install and in the same Chrome/Firefox/Safari/Edge. The website is opened automatically inside AP Lens with full user interactions.
In this new setup, the user’s freedom is not restricted and there is no blocking of information flow. The new website is fully operational inside a remote sandbox totally segregated from the company network.
The organisation should develop a web domain whitelist for each HyperText Transfer Protocol Secure domain and Secure Socket Layer domain.
Augmented Whitelisting means you enforce 100 per cent network protection without sacrificing users’ freedom or productivity. The walled garden by AP Lens is the key to augmented whitelisting. Users are using the internet inside a sandbox hosted in a cloud-based system.
Any attack or exploitation is totally separated from the company network. The uniqueness of AP Lens is that users can access the Internet instantly without IT support manually updating the whitelist which solves the major drawback when implementing whitelisting — a time-consuming process to update the URL whitelists.
With AP Lens, productivity and cybersecurity are balanced, by combining whitelisting and cloud-based remote secure browsers.
Agentless and supports four popular browsers (Chrome/Firefox/Safari/Edge) on smartphone/desktop, AP Lens is a distributed cloud system that offers both low latency and also robust cloud infrastructure. Each AP Lens session is disposable which means that any attack or downloaded code is not stored or affecting the next session.
Also Read: What is web 3.0 and why should you care?
In 2021, we are facing an increasing level of targeted cyberattacks, at the same time cybersecurity industry is short-handed. It is time to adjust our cyber defence strategy with a new paradigm.
Do not overly rely on resource-intensive cyber threats detection and blocklist. Lockdown the network and let users access the internet in a walled garden offers simple and balanced web access protection.
–
Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic
Join our e27 Telegram group, FB community, or like the e27 Facebook page
Image credit:
The post Creating a trusted internet with augmented whitelisting appeared first on e27.