NowCloud Security provides Continous Compliance for GoldenEye and Petya

A little over a month after WannaCry affected hundreds of thousands of devices around the world, world-wide news is reporting that a new “massive ransomware campaign” that revolves around a member of the GoldenEye and WannaCry ransomware family is “currently unfolding worldwide.”

GoldenEye is particularly nasty because it’s more thorough than other ransomware. In addition to encrypting individual files, GoldenEye also encrypts NTFS structures and “has a specialized routine that forcefully crashes the computer to trigger a reboot.” There’s currently no workaround–if your device is affected by GoldenEye, you’ll either have to cough up the $300 ransom or bid farewell to that particular computer.

Don’t be caught this time around  wondering if your systems are vulnerable in a reactive manner.  We at NowCloud are continually tracking DSS, FBI, US-CERT, and other sources for the latest news on vulnerabilities which impact you.

Our latest video shows a quick glimpse into our new service, NowCloud Security which provides real-time and proactive assessment and remediation of your environment for the latest vulnerabilities.  In addition to providing you with an automated, continuous compliance approach for managing vulnerabilities, NowCloud maintains a up-to-date catalog of detection techniques, and remediation mechanisms, which provides you with instant visibility to impact to your organization.

Join us at our weekly webinars to learn how NowCloud is a better way to Cloud™

 

Why Those Affected by WannaCry need NowCloud

By now, the world has come to grips with what has been termed as the largest Cyber attack in history – the WannaCry Ransomware- affecting over 100 countries.

And by now, most have understood it was not a new attack or a novice way of hacking via an unknown zero-day vulnerability. Microsoft identified this vulnerability -and- patched it back in March 2017.

The news relates to how lacking most enterprises are in just-in-time vulnerability management.  Most, if not all, organizations have a cyclical rhythm of Identification and Remediation that spans weeks, if not months:

  • Analyze infrastructure for known vulnerabilities
  • Identify known vulnerabilities to Operations
  • Operations schedules approved patches for application on infrastructure
  • Scheduled changes and risk to systems have varying degrees of frequency of remediation.
  • Apply patches.

The net result is that it’s not that difficult to understand why WannaCry happened:  Most enterprises (SMBs too) go over a month or more without remediation against known (and patched) vulnerabilities.

Worst yet, most enterprises focus on Critical vulnerabilities, leaving the Moderate, Important, or even Low severity vulnerabilities outstanding due to short staff or lack of awareness.

Where can NowCloud Help?

Unlike traditional processes where Identification is air-gapped from Remediation, NowCloud provides you with a single self-service platform for vulnerability identification and remediation against On-Premise and Public Cloud workloads, leveraging Daily updated patches and vulnerability information for all public operating systems. We like to call this SecDevOps.Patching Options

Through a single portal, you can attach a Compliance Check against your workload, and non-intrusively we will tell you if your workload is vulnerable.

If vulnerable, you have the choice to apply the latest patches from the appropriate vendor, or enroll your system into a patch schedule of your liking. NowCloud will handle the remediation of any known vulnerability.

In world-wide crisis like WannaCry, NowCloud is the choice to provide your organization the necessary identification and remediation capability in an integrated platform.

Are you ready to prevent the next WannaCry attack?  We are, let us know you how we can help!  Contact a member of our sales team at sales@nowcloudtechnology.com.