Interview with Chase Cunningham of Forrester on Zero Trust Approach to Ransomware Defense

Drive-by interview with Chuck Harold — Riding The Wave Of Zero Trust Means That You Must Paddle Out

October is Cybersecurity Awareness Month — Ransomware threat is growing rapidly. Airgap Networks takes the Zero Trust Isolation approach to ransomware defense. While there are a whole bunch of security companies that are trying to prevent ransomware from getting into your network, Airgap’s Zero Trust Isolation Platform protects your organization even if your perimeter is breached or if you have unpatched vulnerable servers inside your data center. Additionally, Airgap’s “Ransomware Kill Switch” is the most potent ransomware response for the IT organization. Airgap can be deployed in minutes without any agents, forklift upgrades, or design changes.

First, thanks for agreeing to a drive-by informal talk, Chase! Even it’s only 10 mins, we are getting a lot of good information and can help the audience to rethink what we have learnt in security for the past decades.

To validate Airgap’s patent pending technology, what is better than having a quick Zero-Trust conversation with Dr. Chase Cunningham, the lead analyst of The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020 https://www.forrester.com/go?objectid=RES157494 via @forrester on enterprise ransomware strategy.

The vlog is adapted in partial for light reading. Watch the full video to get his insights on ransomware patterns.

With the recent increasing ransomware attacks, how do you see business responding? Will they be multi layer responses?

Well, it sure should be. I think one of the things that businesses are running into is that people are realizing that the existing outdated approaches that they’ve been buying and acquiring for years no longer meet the merit. And the fact, that everyone is way outside of what used to be the perimeter, now means you don’t have a choice, the days of adapter die have come and it’s no longer viable to say, well, we think we’ve got it covered. Like, this requires a different approach and a different methodology.

What’s the resistance to adapting to a different mindset on this? Is it nothing’s happened so far, therefore, nothing’s going to happen?

Uh, you know, usually, it’s really more of I think it’s kind of like, if there was a bunch of random grizzly bears running around your front yard, people would typically be like, well, as long as they can stay out there. And I’m here, I feel like I’m okay. However, sooner or later, you got to go outside. And the fact that you have to do that means you know, you’re going to run into the bear. So it’s one of these deals where just because it hasn’t hurt you doesn’t mean that the pain is not necessarily coming eventually. And it’s, it’s really a, how painful can it be?

How can we apply zero trust practices to ransomware responses?

Yeah, if you look at the history of ransomware. And I mean, I wrote about this in my book, if you look at the history of ransomware infections, ransomware infections start because of basically inherent problems within infrastructure, like the fact that you if you don’t patch against it, you can call a PowerShell. From from Word and you know, you can do things that machines aren’t meant to necessarily do an applications aren’t meant to do. You combine that with things like default credentials, shared resources, excessive privileges, and a singular ransomware infection goes from a problem to an end of days type of scenario. And in every single instance, that I’ve looked at, that that was exactly what happened, it was never some crazy, super imaginative post quantum, you know, Rainbow level encryption thing. It was just somebody got fished, somebody caused a compromise and the compromise proliferated.

Zero Trust is strategically focused on addressing lateral threat movement within the infrastructure by using micro-segmentation and granular enforcement based on user context, data access controls, application security, and the device posture. — Dr. Chase Cunningham, VP Analyst, Forrester

So, what should enterprises and CISOs do to respond when under attack? And and how do we plan for continuous remote access?

Well, so there’s two pieces of that. While you’re under attack, it’s kind of like trying to put out one of these brush fires in California, you’ve got to isolate it , control it and try and gain ground on it. So, you can localize and then remediate. This is not when it’s the time to go off and try and update systems first. Control the fire, put the fire out, and then fix your infrastructure on the far end of that. I sympathize with all the folks that are responding to this right now.

But on the on the real far into this remote access is going to be one of the primary avenues for compromise, you’ve got to have a way to push controls out to the end user, out to the device, out way past your perimeter, and make sure that you can keep them as secure as possible. Because if that “fire” gets in, if ember crosses the fire line and you’re not prepared for it, and you’ve left the doors open, it gets really, really bad really, really fast.

Chase, tell me about some of these recent events on 911 systems and Tyler Tech ransomware outbreaks?

I think what we’re seeing is, for a long time, there’s been a lot of folks saying this was going to escalate and it was going to come at a time when there was a lot of turmoil and things in the US. And that’s what’s exactly what is happening. We’ve seen it go from nuisance to problem to now where they’re targeting critical infrastructure to include 911 and hospitals. More will come I personally think that we will see a ransomware type like TylerTech infection on an election or polling station. And that’s going to cause a whole lot of strife, hate and discontent because that’s exactly the time when you would be throwing gasoline on this fire. So this is unfortunately the culmination of years of either, in some cases, willful neglect, in some cases, just hopeful ignorance. But it’s it’s coming like the time for us to have to respond and change our approach is now it can’t possibly be any more evident.

The vlog is adapted in partial for light reading. Watch the full video to get his insights on ransomware patterns. For more information on Airgap Zero Trust Isolation and the first line of ransomware response using Airgap Ransomware Kill Switch. Or simply email us at info@airgap.io.

Zero Trust Isolation — The Best Defense Against Ransomware Propagation. https://airgap.io