Medibank Private Finds the Cure for Ransomware with Carbon Black

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

(Editor’s Note: A form of this article originally appeared on CSO.com.)

Like most large businesses, health insurer Medibank Private was regularly experiencing a few of what CISO Stuart Harrison calls “significant incidents” every month.

Its predominantly antivirus-based security defences were missing new ransomware and other malware variants, resulting in the occasional infection of a computer that had to be restored from the company’s established backup system.

“Fortunately we had, and continue to have, a fairly robust backup and recovery strategy,” Harrison told CSO Australia. “Employees weren’t losing a lot of work as such, but it was time lost and just a bit of pain to constantly have to recover large volumes of data.”

Harrison’s dozen-strong security team began taking a more focused approach to security defences, leveraging a growing focus on automation to develop scripts that monitored the company’s systems for suspicious activity such as sudden, large volumes of disk reads and writes.

This “behavioural based approach,” Harrison said, improved the situation “a reasonable amount. But if new malware had a slightly different behaviour, we would have to modify the script.”

“This was a very manual, people-intensive approach to things. We had to get smarter about how we were solving the problem.”

The Medibank Private team went to market to evaluate more flexible solutions and ultimately settled on security tools from Carbon Black.

That company’s endpoint protection tools stood out for reasons such as its multi-platform approach; core integration with operating-system calls; suitability in heavily virtualised environments such as Medibank Private’s; and a strong roadmap that covered both protection and response.

“When we put the product through its paces, it stacked up really, really well,” Harrison recalled, noting that the broad platform support meant that 80 to 90 percent of the company’s back-end infrastructure was covered – and that outliers, such as legacy Sun Solaris servers, were in the process of being phased out anyway.

Putting security on the front foot

The system was rolled out “surprisingly easily and very much as a technical project” with just a few technical hitches that were remediated along with the support of Carbon Black. Months after the implementation, Harrison said, “we haven’t had an incident since”.

Tweaks have allowed the team to refine the enforcement level, which can be set at different levels to adjust the Carbon Black system’s aggressiveness in enforcement. This allows, for example, call centre workers to be put into a high-level enforcement mode that prevents them from running any kind of privileged command.

Yet while the new system has significantly improved the company’s security climate, reducing the incidence of malware helped the team in other very significant ways.

“The key value from my perspective is that we can start reappropriate our resources and staff to do more interesting and complex things,” Harrison explained, “because they’re not spending their day either recovering data or figuring out how to adjust the script.”

By improving their operational awareness, the security team has also been able to recast its role within the organisation.

This has, for example, enabled the establishment and promotion of a data-centric security strategy, with controls modelled on access to the data based on the criticality and sensitivity of that data.

Such a proactive approach has allowed the security team to engage with business units and executives in a way that is far less defensive than in the past.

Engagement with the board now focuses more on proactive security measures, Harrison explained, noting the adoption of ISO27001 and other information-management standards. “There has been a huge focus on compliance and regulation just generally,” he explained.

“We’ve taken a combination of various healthy things to deploy security in a business-friendly and intelligent manner within our organisation. We can report back and say that we haven’t had a Cryptolocker incident in 12 to 18 months – and the longer that goes on, the happier people are.”

The post Medibank Private Finds the Cure for Ransomware with Carbon Black appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
69 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Everyday companies put more of their assets in digital form. Healthcare records, retail purchases and personnel files are just some of the many examples of how our entire lives have moved online. While this makes our interconnected lives more convenient, it also makes them more vulnerable to attack. The monetary benefits of exploiting these vulnerabilities have created an extremely profitable underground economy; one that mimics the same one we all participate in and has led to an increase in the sophistication and frequency of attacks. At the same time, mobility and cloud are changing the security landscape. We’ve moved from a centralized to a decentralized model as end users increasingly work on-the-go and access critical business applications and resources from anywhere. As such there is more emphasis on the endpoint and individual identities - from both the defender and the attacker - than ever before. As endpoints become smarter, new challenges emerge: emerging ransomware and 0-day exploits infect all kinds of systems with ease, while many attackers use no malware at all to accomplish their malicious goals. With all this change, we spoke to 7 leading security experts to identify what’s working and how they’ve influenced their organization to make the necessary changes before becoming the next victim.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel