Re: [NTSysADM] Ransonware protection

[Richard Stovall]

I love Mimecast -vs- the other services I've used.  They're not perfect,
but they're really, really good if you set it up correctly.

I used Cylance at a previous job.  Nothing but praise from that experience,
but that's over a year ago.

I once heard someone say the six best things you can do to protect your
environment are patch, patch, patch, and train, train train.  I still
believe that.

On Tue, Jun 13, 2017 at 9:16 PM, Andrew S. Baker  wrote:

> Take a look at *Cylance *(www.cylance.com) and have them give you a demo.
>
> They have a super solid product that is excellent against even unknown
> malware (ransomware is not special in this sense).  They gave a most
> impressive live demo at the Gartner Security & Risk Management Summit today.
>
> At the mail gateway, Barracuda is a good idea, but also check out
> *Mimecast*.
>
> And I agree that any security awareness training will be helpful.
>
> Regards,
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker *
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
> On Mon, Jun 12, 2017 at 8:35 AM, Tom Miller 
> wrote:
>
>> Hi All,
>>
>> What would you recommend as specific software solutions to protect
>> against Ransomware?  In my company we use:
>>
>> -  Sonicwall firewalls, and the gateway security component is enabled and
>> is supposed to help block/prevent.
>> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>>
>> I'm looking at additional layers of security, such as the Barracuda
>> e-mail filter.  I used that at past jobs and that reduced the "infected"
>> e-mails considerably.
>>
>> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
>> component.  I used that in a past job and was not impressed.  Malwarebytes
>> sold is an an "enterprise" solution, but it was a stand alone product, had
>> not integration with the management console, no configuration and no
>> notifications.  It appeared to be a rush to market.
>>
>> Sophos supposedly has a similar solution specific to Malwarebytes but I
>> have not looked at it yet.
>>
>> Internally, we also have targeted employee training and use a service to
>> send "fake" messages from Amazon/UPS, etc to let them know that they need
>> to be vigilant when reviewing messages from outside the company.
>>
>> Thoughts appreciated.
>>
>
>

RE: [NTSysADM] Ransonware protection

[Melvin Backus]

+1 for Mimecast. We love it.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Tuesday, June 13, 2017 9:16 PM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Ransonware protection

Take a look at Cylance (www.cylance.com<http://www.cylance.com>) and have them 
give you a demo.

They have a super solid product that is excellent against even unknown malware 
(ransomware is not special in this sense).  They gave a most impressive live 
demo at the Gartner Security & Risk Management Summit today.

At the mail gateway, Barracuda is a good idea, but also check out Mimecast.

And I agree that any security awareness training will be helpful.


Regards,

 ASB
 http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Jun 12, 2017 at 8:35 AM, Tom Miller 
<tominyorkt...@gmail.com<mailto:tominyorkt...@gmail.com>> wrote:
Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.

Re: [NTSysADM] Ransonware protection

[Andrew S. Baker]

+5 for Cylance.   Bromium is decent, too.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Jun 12, 2017 at 9:05 AM, Webster  wrote:

> Ones I have personal experience with at customer sites:
>
>
>
> Cylance
>
> Bromium (headed by former CTO of Citrix)
>
> Citrix XenServer with BitDefender Hypervisor Introspection (HVI)
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional
>
> http://www.CarlWebster.com
> 
>
> The Accidental Citrix Admin
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Tom Miller
> *Sent:* Monday, June 12, 2017 7:35 AM
> *To:* NTSysADM@lists.myitforum.com
> *Subject:* [NTSysADM] Ransonware protection
>
>
>
> Hi All,
>
>
>
> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:
>
>
>
> -  Sonicwall firewalls, and the gateway security component is enabled and
> is supposed to help block/prevent.
>
> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>
>
>
> I'm looking at additional layers of security, such as the Barracuda e-mail
> filter.  I used that at past jobs and that reduced the "infected" e-mails
> considerably.
>
>
>
> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
> component.  I used that in a past job and was not impressed.  Malwarebytes
> sold is an an "enterprise" solution, but it was a stand alone product, had
> not integration with the management console, no configuration and no
> notifications.  It appeared to be a rush to market.
>
>
>
> Sophos supposedly has a similar solution specific to Malwarebytes but I
> have not looked at it yet.
>
>
>
> Internally, we also have targeted employee training and use a service to
> send "fake" messages from Amazon/UPS, etc to let them know that they need
> to be vigilant when reviewing messages from outside the company.
>
>
>
> Thoughts appreciated.
>

Re: [NTSysADM] Ransonware protection

[Andrew S. Baker]

Take a look at *Cylance *(www.cylance.com) and have them give you a demo.

They have a super solid product that is excellent against even unknown
malware (ransomware is not special in this sense).  They gave a most
impressive live demo at the Gartner Security & Risk Management Summit today.

At the mail gateway, Barracuda is a good idea, but also check out *Mimecast*
.

And I agree that any security awareness training will be helpful.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Jun 12, 2017 at 8:35 AM, Tom Miller  wrote:

> Hi All,
>
> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:
>
> -  Sonicwall firewalls, and the gateway security component is enabled and
> is supposed to help block/prevent.
> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>
> I'm looking at additional layers of security, such as the Barracuda e-mail
> filter.  I used that at past jobs and that reduced the "infected" e-mails
> considerably.
>
> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
> component.  I used that in a past job and was not impressed.  Malwarebytes
> sold is an an "enterprise" solution, but it was a stand alone product, had
> not integration with the management console, no configuration and no
> notifications.  It appeared to be a rush to market.
>
> Sophos supposedly has a similar solution specific to Malwarebytes but I
> have not looked at it yet.
>
> Internally, we also have targeted employee training and use a service to
> send "fake" messages from Amazon/UPS, etc to let them know that they need
> to be vigilant when reviewing messages from outside the company.
>
> Thoughts appreciated.
>

RE: [NTSysADM] Ransonware protection

[Kennedy, Jim]

Applocker, locking down the user profile.  That is where most of it executes.  
And not just exe’s, don’t forget VBS. That will cover the exe and Word/VBS 
versions of the ransomeware.

Block Office Macro’s if you can.  We were able to block them for everyone 
except one person.

Yea, a good spam filter. We really like our Cuda, there are certainly other 
very good ones.



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Tom Miller
Sent: Monday, June 12, 2017 8:41 AM
To: NTSysADM@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection

Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.

Re: [NTSysADM] Ransonware protection

[J- P]

https://www.fortinet.com/solutions/ransomware.html


Using their DNS helps mitigating a host contacting a C

Ransomware - Fortinet<https://www.fortinet.com/solutions/ransomware.html>
www.fortinet.com
Fortinet prevents ransomware with comprehensive, end-to-end security.






Jean-Paul Natola




From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf 
of James Rankin <ja...@htguk.com>
Sent: Monday, June 12, 2017 9:45 AM
To: ntsysadm@lists.myitforum.com; ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Ransonware protection

Ivanti Application Manager
Bromium vSentry

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: tominyorkt...@gmail.com
Sent: 12 June 2017 1:42 p.m.
To: NTSysADM@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection


Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.

Re: [NTSysADM] Ransonware protection

[Richard Stovall]

User training.

Regular, frequent patching.

On Jun 12, 2017 8:42 AM, "Tom Miller"  wrote:

> Hi All,
>
> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:
>
> -  Sonicwall firewalls, and the gateway security component is enabled and
> is supposed to help block/prevent.
> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>
> I'm looking at additional layers of security, such as the Barracuda e-mail
> filter.  I used that at past jobs and that reduced the "infected" e-mails
> considerably.
>
> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
> component.  I used that in a past job and was not impressed.  Malwarebytes
> sold is an an "enterprise" solution, but it was a stand alone product, had
> not integration with the management console, no configuration and no
> notifications.  It appeared to be a rush to market.
>
> Sophos supposedly has a similar solution specific to Malwarebytes but I
> have not looked at it yet.
>
> Internally, we also have targeted employee training and use a service to
> send "fake" messages from Amazon/UPS, etc to let them know that they need
> to be vigilant when reviewing messages from outside the company.
>
> Thoughts appreciated.
>

Re: [NTSysADM] Ransonware protection

[James Rankin]

Ivanti Application Manager
Bromium vSentry

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: tominyorkt...@gmail.com
Sent: 12 June 2017 1:42 p.m.
To: NTSysADM@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection


Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.

Re: [NTSysADM] Ransonware protection

[Joey Smith]

On Mon, 12 Jun 2017, Tom Miller wrote:

> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:


Not sure how you need to scale it, but Cybereason has some interesting
products.One of my clients has used it.   Back in January I did some
senario testing with the product and had good results.   

www.cybereason.com

Re: [NTSysADM] Ransonware protection

[Ed Ziots]

If u can afford it bit9 parity.. application white listing helped immensely
again ransomware in past. In lockdown mode we just harvested the malware
drops and updated av..

On Jun 12, 2017 8:41 AM, "Tom Miller"  wrote:

> Hi All,
>
> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:
>
> -  Sonicwall firewalls, and the gateway security component is enabled and
> is supposed to help block/prevent.
> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>
> I'm looking at additional layers of security, such as the Barracuda e-mail
> filter.  I used that at past jobs and that reduced the "infected" e-mails
> considerably.
>
> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
> component.  I used that in a past job and was not impressed.  Malwarebytes
> sold is an an "enterprise" solution, but it was a stand alone product, had
> not integration with the management console, no configuration and no
> notifications.  It appeared to be a rush to market.
>
> Sophos supposedly has a similar solution specific to Malwarebytes but I
> have not looked at it yet.
>
> Internally, we also have targeted employee training and use a service to
> send "fake" messages from Amazon/UPS, etc to let them know that they need
> to be vigilant when reviewing messages from outside the company.
>
> Thoughts appreciated.
>

RE: [NTSysADM] Ransonware protection

[Sean Chapman]

Not exactly software but I set up a whitelisting SRP policy awhile ago and its 
been fantastic and I get to feel really confident that our users cant easily 
screw things up.  Its been 2 years now since our last infection.  Pain in the 
butt with webex and gotomeeting and whatnot though.  Since we now are going to 
Win 10 Enterprise Im going to set up Applocker since it’s a little easier to 
manage.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Tom Miller
Sent: Monday, June 12, 2017 7:35 AM
To: NTSysADM@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection

Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.








The information contained in this communication and all accompanying documents 
from Coilcraft may be confidential and/or legally privileged, and is intended 
only for the use of the recipient(s) named above. If you are not the intended 
recipient you are hereby notified that any review, disclosure, copying, 
distribution or the taking of any action in reliance on the contents of this 
transmitted information is strictly prohibited. If you have received this 
communication in error, please return it to the sender immediately and destroy 
the original message or accompanying materials and any copy thereof. If you 
have any questions concerning this message, please contact the sender.

RE: [NTSysADM] Ransonware protection

[Webster]

Ones I have personal experience with at customer sites:

Cylance
Bromium (headed by former CTO of Citrix)
Citrix XenServer with BitDefender Hypervisor Introspection (HVI)

Thanks


Carl Webster
Citrix Technology Professional
http://www.CarlWebster.com
The Accidental Citrix Admin

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Tom Miller
Sent: Monday, June 12, 2017 7:35 AM
To: NTSysADM@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection

Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.

RE: [NTSysADM] Ransonware protection

[Katherine M. Moss]

Malwarebytes for Business version 3 on clients.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Tom Miller
Sent: Monday, June 12, 2017 8:35 AM
To: NTSysADM@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection

Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.