CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Cyber Insight

QNAP’s suggestions on enterprise security strategies against targeted ransomware attacks

Dennis Kung/Vice presidents of technical operations, QNAP

In the past few years, many clients have been suffering from the attacks of targeted ransomware. Thus, QNAP, as a leading NAS company, aims to provide a comprehensive data protection solution to help our customers to avoid potential risks and hazards. Historically, ransomware attacks have not been classified as new malicious attacks since the massive Wannacry outbreak in 2017. Techniques of targeted attacks were also seen in many national-sponsored attacks. However, more than half of the technology manufacturers, health and welfare sectors, and public sectors are harmed by the newly targeted ransomware attacks last year, 2020, when the COVID-19 strikes.


Why corporations have been attacked by targeted ransomware so easily and resulted in encrypting files in most employee’s computers, factories’ computers, and servers? As a result, we will discuss the defense strategies and uncover the dilemma of choosing the most suitable cybersecurity solution for end-customers.


First, traditional cybersecurity solutions. Traditional cybersecurity companies provide the first defense layer which is like a city wall against known malicious cyber-attacks and malware. However, in the recent 10 years, targeted attacks and unknown malware has blossomed, and most enterprises have come to realize that there is no cybersecurity solution that has a 100% detection rate, and severe outcomes will inevitably happen even if there’s only 1% of the computers are compromised because of the difficulties of detecting lateral movements. Therefore, a lot of enterprises have paid a painful price to the cyber incidents.

 

Furthermore, QNAP NAS is located in the innermost layer of the intranet. Therefore, it will mean the final exfiltration stage of the attack if the attacker reaches QNAP NAS. That is to say, it is the last attacking phrase in the kill-chain. Therefore, defense-in-depth and network detection and response are the resolutions that are recently promoted by cybersecurity providers. However, to be honest, most customers still suffered from the hard-core targeted ransomware attacks and interrupted recovery in the past two years and they have completely relied on the backup and restoration solution that QNAP has been providing.


We contemplated why there isn’t a more effective way to respond to the targeted ransomware attacks? There are two reasons for the above, the high total costs of the implementation and the complexibility of the cybersecurity solution. For one, companies will need to spend millions of or even tens of millions of bucks on the solution from NDR cybersecurity providers. NDR solution deploys aside the core switch and has full-scanning on the pre-configured channel or protocol of traffic which is much less than all traffic due to the inability to scan the massive traffic from the core switch. Furthermore, Enterprises are facing the challenges to analyze all results from these detections as actionable insights since most of them lack skilled security experts. As of the results, decision-makers especially executives are typically not to make the decisions along with these cybersecurity solutions since it is practically not effective.


We, QNAP, would like to propose a new and innovative approach for the protection of targeted ransomware which we focus on effective and early detection of lateral movement stage. With adaptive screening, early detection and response, and completed threats analysis, the risk of attacks can be managed and controlled in the smallest amount of computers. Let’s picture this as the war of pandemic preventions. Typically, the center of the disease will construct the first layer of detection in the airports. However, this can’t prevent or filter the patients without symptoms and, when patients are validated with full medical checks in the hospital, an outbreak in the community or city might have happened since the patients have already spread the virus outside for a while. Therefore, if we can deploy a station in each community with accurate and quick screening, giving the confirmed patients early treatments and quarantine. We can probably enhance the chance of preventing the outbreak while also saving resources on recovery.


Last but not least, apart from the ADRA NDR Series, QNAP also provides other advanced data protection features, such as snapshots, virtualization applications, WORM, and QuObjects for customers to enact a more precise, effective, and complete cybersecurity solution. We are pleased to give you more information about our newly-released product, ADRA NDR adaptive screening and cybersecurity switch in CYBERSEC 2021. Stay tuned!