Even if it’s not happening to you, not a week goes by where there isn’t news about a large-scale cyber-attack exploiting a software vulnerability. Ransomware, malware and viruses are very real threats your business faces every day. They’re not minor threats either, they have the potential to decimate your operations and ruin your bottom line.
The scary thing is these aren’t static threats. They’re advancing, adapting and trying to catch you out in any way possible. Millions of new malware threats are created every week, with viruses constantly evolving to stay ahead of the definitions list antivirus software works off. ‘Zero Day’ attacks are increasingly common – attacks devised on recently discovered vulnerabilities that security software vendors have had zero days to update their product against.
How do you stay safe against this barrage of updated threat activity? Threatlocker®’s approach to application containment is an incredible start, with its Ringfencing™ offering proven in foiling hacks on multiple scales.
Today we’re going to take a look at Threatlocker®, in particular at Ringfencing™ and what it does. This is a highly effective security solution, and we want to highlight the reasons why its included as standard in a Max Shield Plan from Smile IT.
A first step in understanding this unique form of protection is to understand why applications represent such a threat to networks.
The Vulnerability of Applications
Applications on your computer are entirely necessary to perform basic and advanced business functions, from payroll to communicating. The thing is, each one of those applications poses a risk because they can do and see more than they should – more than the function you use them for.
When an attacker compromises an application, they have access to everything the user has access to. This is because all the applications on an endpoint have access to all the data a user has access to. Even a simple Google Chrome extension can allow the hacker to see what content you’re absorbing, and possibly even the passwords you use. The software you use has access to the other software on the computer, making it a gold mine for hackers looking to start stealing and encrypting files.
How Ringfencing™ Works
Ringfencing™ is designed to put an extra layer of control around applications, controlling what they do when they’re running. It’s a security measure that prevents software from stepping out of its lane, limiting its functionality to the exact purpose it was designed for.
By controlling its relationship with other parts of the system, software critical to your business functions is isolated from being weaponized by hackers. If an application attempts an unauthorized function, Ringfencing™ simply blocks it. Sensitive data such as customer information is protected from being accessed or encrypted in this way.
Basically, the perimeter applied by Ringfencing™ prevents the applications on your computer from being leveraged and exploited by cyber criminals. Your baseline level of protection on all endpoints is dramatically improved. You can customize the level of protection further by adjusting it to suit your organisational environment.
Ringfencing™ and Application Allowlisting
Used in conjunction with Ringfencing™ to provide a gold standard in protection is Threatlocker’s Allowlisting. This is a program that puts you in complete control of the software, scripts, executables and libraries running on the endpoints in your business. Only the applications you trust and approve will run on your network.
This ‘default deny’ approach gives administrators control over the software running on a network. New applications can easily be added, with a one-click request and one-click approval process that doesn’t take longer than 30 seconds.
Ringfencing® and Fileless Malware
Fileless malware is a unique kind of threat, a malicious software that doesn’t rely on files to execute its mission. Instead, it relies on the legitimate tools on your computer to carry out its attack, working on the memory instead of within the hard drive. This makes it very difficult for traditional antivirus tools to locate the threat with a hardware scan.
With Ringfencing™, Threatlocker® can protect your business against fileless malware. If the malware attempts to take over an application and use it to perform malicious functions outside its normal scope of use, it simply gets blocked by the Ringfencing™ technology. This is a massive headstart for your business in the protection against advanced cyber threats.
Real Life Examples of Threatlocker®
Moving beyond the jargon and theory, here are a couple of examples illustrating how this security solution can work.
Firstly, let’s say a user opens a compromised PDF that hijacks the process with external code. Antivirus won’t be able to detect the code, which aims to encrypt all your stored data. Thankfully, you have Ringfencing™ installed, which has built a perimeter around your applications that only allows them to access the data they need. The hackers attempt at a data breach has been foiled.
Secondly, let’s say an email enters your network with a file attached designed to execute a virus onto the system. But with Allowlisting in place, only authorized software is permitted to run, so the virus is blocked from executing.
To give you an actual real-world example, you may be familiar with the supply chain hack of Solarwinds back in 2020. But did you know that the entire Solarwinds Orion attack was mitigated by Ringfencing™? It successfully blocked the malicious code from interacting with the internet and browser applications, which was instrumental in containing the threat.
Questions about Ringfencing™?
Smile IT is a full-service managed IT services provider helping hundreds of businesses across Australia stay safe from cyber threats. As we mentioned earlier, Ringfencing™ is included as a standard feature in our Max Shield Plans, giving our managed services clients a massive cybersecurity boost. It’s one of a number of key features heightening the level of security we offer to well above the standard!
If you want to know more about Ringfencing™ and how Smile IT can help improve the cybersecurity posture of your organization, get in touch today. Our expert staff are on hand to answer your questions!
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!