There’s only one sure way to stop ransomware and that’s application execution management. Device Guard, AppLocker, Scense, Ivanti Application Manager, RES – these can all do it by only running trusted code. Even the best “anti-ransomware” stuff is going to be vulnerable to a targeted, unknown piece of ransomware that operates in a new way.
Of course there are overheads with maintaining whitelists, but that’s the fundamental question of security – weighing it up versus usability and maintenance. From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Gestwicki Sent: 15 February 2017 20:57 To: [email protected] Subject: RE: [NTSysADM] Fwd: Protecting from Ransomware I have never tried knowbe4.com so I cannot comment on that. I just received a quote for Sophos Intercept X last month because I was interested in the ransomware protection. It does a lot more than just ransomware protection but the cost was way too high for me to justify. Sophos Central Endpoint Intercept X - 1 Year Subscription * Includes: [Windows] Malicious Traffic Detection, Synchronized Security Heartbeat, Exploit Prevention, Cryptoguard Ransomware Protection, Malware Activity Remediation, Threat Analysis. [Managed by Sophos Central]. I have heard of free ransomware protections but I have not had time to look into them yet so I don’t know if they can be used for business. https://ransomfree.cybereason.com/ https://www.bitdefender.com/solutions/anti-ransomware-tool.html https://go.kaspersky.com/Anti-ransomware-tool.html https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/ - Stephen From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Stefan Jafs Sent: Wednesday, February 15, 2017 3:41 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Fwd: Protecting from Ransomware https://www.knowbe4.com/ Does any of you use their service? Is it worth while?Looks like the proper way to educate users. Also Sophos just came out with Intercept Anyone have any experience / recommendations? -- Stefan -- Stefan Jafs
