Ransomware Protection- VMware Security Solutions Guide
Overview
Over the past decade the security industry continues to be plagued by ransomware and adversarial breaches. Observations by VMware and other industry vendors highlights the increase in destructive characteristics often times crippling organizations. According to VMware's Global Security Insights Report,
Ransomware ranked as second most common vectors that caused breaches.
In the current landscape it is not if, but when you will be hit by a ransomware threat.
This solutions guide is designed to provide an overview of VMware Security's capabilities aligned to the Ransomware lifecycle.
VMware Security
- Identify: Develop an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.1
- Prevent: Develop and implement the appropriate safeguards to ensure the delivery of services.1
- Detect: Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.1
- Response: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.1
- Recover: Develop and implement the appropriate activities to maintain plans for resilience and restore any capabilities or services that were impaired due to a cybersecurity event.1
The following image shows coverage and capabilities of the VMware solutions VMware Carbon Black Cloud, NSX Security, and VMware Cloud Disaster Recovery across the NIST Ransomware framework.
It is important to have capabilities to cover the entire Ransomware Protection cycle. VMware Security is looking at connected control points across endpoints, workloads, network, identity, and cloud; both natively and integrated to deliver higher fidelity alerts. Carbon Black, NSX, and VMware Cloud DR can not only cover the cycle with robust security capabilities but also operationally enable each other. With Carbon Black and NSX, VMware can provide robust security capabilities and use the investigative data they provide to inform solutions like VMware Cloud DR.
Continue to the subsequent sections to dive into each of the products specific capabilities. This solutions guide will cover the Carbon Black Cloud, NSX Security, and VMware Cloud Disaster Recovery
VMware Carbon Black
Product Overview
VMware Carbon Black is a next-gen AV and endpoint detection and response (EDR) solution with multiple layers of prevention, robust visibility, and response capabilities baked into a single central cloud console.
Key Advantages for Ransomware Protection:
- Multi-layered prevention approach provides protection against advanced threats
- Protect and detect ransomware like behaviors
- Built-in response capabilities in the console that decrease time to resolution
- Ability to search and filter across all events in the environment for the past 30 days giving admins confidence they have the data they need for investigation
- Alert visualization that gives an easy-to-understand view of events occurring during an attack
Get Hands-on
At VMware, there are several ways to get hands-on with our products today.
Review the below tabs to access the labs now.
VMware Carbon Black Malware Lab
This walkthrough will enable you to get hands-on with the VMware Carbon Black Cloud. The Malware Lab contains actual attacks that you can run live in a test environment to see how prevention and visibility work against the Carbon Black Cloud solution suite.
To learn more, access the VMware Carbon Black Cloud Malware Lab
VMware Carbon Black Threat Hunting Lab
Threat hunting is a very important activity in securing modern networks. While we want it to be as automated as possible, it requires a degree of human analysis by cybersecurity professionals. Fortunately, VMware Carbon Black Cloud simplifies and enriches the data it shows and alerts on so that even individuals with little to no formal training in threat hunting can understand what is occurring on a system when they see it in their VMware Carbon Black Enterprise EDR dashboard.
Access CB Ransomware - Threat Hunting lab.
Additional Resources
To learn more about VMware Carbon Black products, visit our Product Paths in TechZone. Product learning paths are designed to take you from A-Z to understand everything from product overviews to optimization/best practice content per product.
NSX Security
1232x639
Product Overview
Leverage a distributed network security architecture delivered in software and embedded in your infrastructure to detect and stop threats inside your network. The real damage of a breach happens when attacks can move laterally in your network making East-West the new battleground. NSX Firewall enables you to secure against threats with a modern distributed architecture that’s easy to operationalize and scales across your multi-cloud environments.
Key Advantages for Ransomware Protection:
- Complete network security coverage across all traffic flows and workload types
- Analyze advanced threats with a full-system emulation sandbox
- Easily create, enforce, and manage granular micro-segmentation policies to secure the East-West
- Network quarantine infected guests preventing lateral movement
- Flow visualization to understand malicious traffic and activity
Additional Resources
-
NSX TechZone Security Resources: https://nsx.techzone.vmware.com/security-resources
-
NSX Firewall Solutions Page: https://www.vmware.com/solutions/nsx-firewall.html
-
Micro-Segmentation Solutions Page: https://www.vmware.com/solutions/micro-segmentation.html
VMware Cloud Disaster Recovery
Product Overview
VMware Cloud Disaster Recovery is VMware's on-demand disaster recovery service that is delivered as an easy-to-use SaaS solution and offers cloud economics to help keep your disaster recovery costs under control.
Key Advantages for Ransomware Recovery:
Keeping in mind that VMware Cloud Disaster Recovery does not detect, prevent, or remove ransomware, it does provide the following capabilities to help recover from a ransomware attack:
- Offsite air-gapped backups reduce the direct impact of the attack
- Immutable VM snapshots with data integrity features ensure previous clean recovery points can’t be altered by malware
- RPOs as low as 30 minutes and deep history of snapshot copies
- Instant Power-On of VMs in an on-demand SDDC in the cloud
- Granular recovery of files and folders without powering on VMs
- Non-disruptive testing of recovery plans drives recovery readiness—iterate over potential recovery points to find the best candidate to conduct failover and failback operations
- Greenfield, clean operating Isolated Recovery Environment (IRE) to recover VMs
- Automated recovery at the scale of 1000s of VMs
Additional Resources
-
VMware Cloud DR Product Page: https://www.vmware.com/products/cloud-disaster-recovery.html
-
VMware Cloud DR TechZone: https://vmc.techzone.vmware.com/resource/introduction-vmware-cloud-disaster-recovery-vcdr
-
VMware Cloud DR Ransomware Recovery: https://www.vmware.com/products/cloud-disaster-recovery/ransomware.html
Summary and Additional Resources
Summary
Ransomware is a serious threat to all organizations across all industries. VMware provides many capabilities to protect organizations from ransomware attacks. If organizations are infiltrated, VMware technologies enable security operations to protect, detect and respond to these threats
Additional Resources
-
NSX TechZone Security Resources: https://nsx.techzone.vmware.com/security-resources
-
Carbon Black TechZone: https://carbonblack.vmware.com/
Changelog
The following updates were made to this guide:
|
Date |
Description of Changes |
|
4/29/2022 |
|
Feedback
Your feedback is valuable.
To comment on this paper, contact VMware Carbon Black Technical Marketing techzone-sbu@vmware.com.