Ransomware Readiness Assessment

Overview​

• Prepare your organization for ransomware threats
• Discover if your security controls can safeguard your data from ransomware
• Evaluation of your organization’s current people, processes, and technology, while simulating adversary tactics, techniques, and procedures (TTPs) in your environment.
• Comprehensive security strategy to prepare for a ransomware attack, prevent compromise of systems, protect and isolate critical data, and enhance enterprise response capabilities

Top Outcomes & Benefits​

• Maturity – Identify key weaknesses and strengths in ransomware defense capabilities and controls.
• Recover Faster – Improve Incident Response. Minimize downtime. Restore to most recent clean state with just a few clicks.
• Operational Efficiency - Recognize deficiencies in the management of ransomware tasks
• Strategy – Prioritized highly actionable recommendations to further strengthen your readiness and guidance to mitigate future ransomware attacks

Base Tier Methodology

Premier Tier Methodology

Focus Areas​

Examples of Areas Evaluated​

• Backup process assessment including backup of data on systems (desktop and laptops), servers, and critical configuration files
• Business Continuity – BCP testing and evidence of testing
• Disaster recovery planning and proof of a working DR plan
• Malware and Ransomware detection and quarantine capabilities review
• Network and firewall assessment, including traffic monitoring
• Event monitoring – server and endpoint
• Endpoint security and encryption assessment, including response solutions
• User training on ransomware
• Incident response processes, tools, and plan review

Table Top Exercise​

• Working through mock scenarios to identify gaps and test your people, processes, and technology
• Validate that ransomware response procedures will work
• Verify processes into Playbooks
• Conducted in a highly engaging and interactive format, our Ransomware Tabletop Exercises ensure maximum participation and highly relevant output, and constructive discussions
• Confirm communication processes upon learning of the attack
• Verify that essential systems, applications, files, databases and other resources are protected
• Deliverable: Objective analysis of the exercise and provide a formal document which includes response plan gaps and shortfalls

Ransomware Incident Simulation​

• Simulate lateral movement using common Ransomware techniques
  • Simulation starts from one or multiple machines
• Test segmentation between networks to determine if ransomware can spread to other environments, such as:
  • Manufacturing and plant (OT) networks
  • Backup infrastructure networks
  • Retail networks
  • Other secure networks
• Test for accessible file shares which could be accessed by ransomware
• Simulate ransomware encryption behavior by using a custom, non-destructive ransomware emulation tool to mimic file encryption
• Review organization’s response capabilities
• Emulates real Tactics, Techniques, & Procedures (TTP)
• Mapped to MITRE ATT&CK^TM
• Supports all types of networks and workloads: containers, public and private clouds