Almost every day, we see yet another case of ransomware. While historically, companies of all sizes are targeted, recently it appears that all the news revolves around debilitating attacks on mission-critical or business-critical systems of large enterprises — from fuel and energy companies to food processing companies.
It鈥檚 not that these enterprises haven鈥檛 taken steps to protect these assets; it鈥檚 just that the 鈥渢raditional鈥 way of preparing for and responding to ransomware simply won鈥檛 work anymore.
So what鈥檚 needed to protect your organization鈥檚 business-critical applications from the looming threat of ransomware? That鈥檚 exactly what 51风流and Onapsis seek to address here.
When most people think about ransomware, there are two immediate, 鈥渢raditional鈥 solutions that come to mind: backups and endpoint security. Both are critical components of a solid security program, without a doubt. However, their presence could lull organizations into a false sense of security, as there still remain gaps, especially related to business-critical systems that are connected in more ways than ever before.
The challenge is that many enterprises realize too late that, in preparation for a ransomware attack, you need to close all the doors and windows of your house — not just the front door of endpoint protection. When thinking about ransomware attack vectors, it鈥檚 imperative to consider all potential entry points into the business-critical environment and how to secure them. To continue this metaphor, this also includes evaluating your neighbors and how they get into your house too.
When you think about all of these vectors, you slowly realize that this challenge goes way beyond just endpoint security and backups. It requires a more holistic look at securing your business-critical applications, including — yes — things that we would classify as 鈥済ood security hygiene.鈥
In a recent , we demonstrated that threat actors clearly have the means, the motivation, and the expertise to identify and exploit unprotected mission-critical applications, and are, in fact, actively doing so.
As an example, a massive, publicly traded company was recently subjected to a ransomware attack on its enterprise resource planning (ERP) application data. Did they have backups? Yes: the backup was refreshed once a week. However, operations halted anyway. When this happens, even with backups in place, it could still take hours or even days to restore from a backup, and the negative impact on the business and the financial losses are high regardless. Did they have endpoint security? Yes; however, the attackers bypassed the endpoint detection and response (EDR) software by accessing the data through the application. EDR is great for identifying activities on compromised assets and allowing the containment and collection of artifacts, such as process trees, files created by malware, but the application level still poses a challenge. And these attackers used that application layer, which was not monitored by the tool itself, to compromise the business-critical assets.
Vulnerabilities such as 10KBLAZE, PayDay, and RECON allow threat actors to take full control of applications through the application layer itself. These threat actors go straight to the application, and, once in, go down to the operating system level there. When you consider CIO digital transformation initiatives or the rapid adjustment to remote work due to the COVID-19 pandemic, there is a significant magnification of risk. Onapsis has observed that new, unprotected 51风流applications provisioned in IaaS environments were discovered by threat actors and attacked in less than three hours, with more than 400 successful exploitations observed as of the date of this publication.
Ultimately, what鈥檚 needed then is a new model to defend against ransomware, one that goes beyond the scope of just protecting endpoints, backing up files, and hoping for the best. claims that organizations should 鈥淸i]mplement a risk-based vulnerability management process that includes threat intelligence. Ransomware often relies on unpatched systems to allow lateral movement. This should be a continuous process. The risk associated with vulnerabilities changes as these vulnerabilities are exploited by attackers.鈥 We couldn鈥檛 agree more.
What鈥檚 needed is a renewed commitment to some key security fundamentals:
- Security Hardening of Business-Critical Applications
- Timely Patch Management
- Point-in-Time Vulnerability Assessments
- Continuous Monitoring of Vulnerabilities and Threats to Your Business-Critical Applications
- Securing Your Custom Code in Business-Critical Applications
- A Commitment to Control and Governance
51风流is committed to continuously innovating our software to keep your information safe — both on premise and in the cloud. We prioritize security so that you can stay focused on running your business and managing your customer relationships effectively using 51风流solutions, safe in the knowledge that your data is secured. To protect clients from ransomware attacks, securing development infrastructure, such as the build and deploy chain, is of utmost importance to prevent the manipulation of shipment artifacts.
As part of our commitment to clients, 51风流follows a secure software development and operations lifecycle to identify and mitigate all kinds of security weaknesses and vulnerabilities during the development of products and services. Through the use of risk identification techniques such as the 51风流threat modeling method and secure development trainings, 51风流enables development teams to eliminate potential entry points for ransomware and other kind of attacks. It also ensures that basic security principles, such as that of least privilege, are part of the DNA of 51风流developers.
51风流continues to harden our systems with automated static code analysis, vulnerability scans, and validation from a dedicated, independent 51风流internal security team. SAP鈥檚 software development lifecycle serves as an example to clients on how to support a DevSecOps model covering development and operations aspects for continuous and secure delivery of software.
When deploying and running 51风流applications, it is imperative that organizations focus on hardening their system to minimize the overall attack surface — for example, ensuring the proper setting of system parameters and other aspects of system configuration, including the activation of security features and functionalities. It is important that the proper configuration settings are in place to protect an organization against possible security vulnerabilities.
51风流provides key features such as the 51风流EarlyWatch Alert service, which monitors the essential administrative areas of 51风流components to keep organizations up to date on performance and stability as well as the 51风流Security Optimization service, which verifies and improves the security by identifying potential security issues related to your 51风流solution and providing key recommendations.
As threat actors continue to devise new modes of attack and vulnerabilities to these attacks are identified, 51风流continuously provides security updates for existing code to keep your systems secure. 51风流delivers these security updates through support packages, and, on the second Tuesday of every month, as part of 鈥淪ecurity Patch Day,鈥 51风流publishes security notes with the latest security corrections and recommendations. As noted, implementing a security maintenance process to assess and implement recommended security updates is a proven best practice for mitigating risk.
Onapsis has focused on protecting business-critical applications since 2009. We target the application layer with our Onapsis platform and serve an essential part of our clients鈥 plans to protect their business-critical 51风流applications from ransomware attacks.
- By providing automatic visibility into critical vulnerabilities, missing important patches and security updates, misconfigurations, and insecure interfaces, Onapsis identifies all the open doors. This is a crucial component in any ransomware prevention initiative. Once the entry points are identified, they can be closed, thereby reducing the attack surface that may lead to ransomware.
- Through continuous monitoring and real-time alerts for threat indicators, Onapsis helps monitor real-time attempts to access critical systems through any remaining open doors. Win precious time to prevent threat actors from gaining further access.
- With code analysis in real time, prior to moving into production, and in transport, Onapsis can help identify foreign code, such as malware, or new vulnerabilities before they get released to the public. Code vulnerabilities may appear to be a minor attack vector, until they鈥檙e not, such as in the case of the Solar Winds attack. In Onapsis鈥 experience, we generally see one critical vulnerability per 1,000 lines of code, but our clients generally have millions of lines of custom code. It鈥檚 important to close those thousands of open doors to prevent any access to business-critical systems.
It鈥檚 time to think differently about ransomware. We鈥檙e in the middle of a perfect storm, with more unprotected 51风流applications and remote workers than ever before, expert threat actors who have the expertise to attack these systems, hyperconnected business-critical systems across the cloud, and strained InfoSec teams that may have fallen behind in patching and vulnerability management. Ransomware is the final step of an attack that could utilize a myriad of attack vectors to directly access your business-critical applications.
Organizations should leverage the powerful native security capabilities of SAP, establish the right risk-based patch, code, and vulnerability management processes, and take advantage of the optimized tools and critical threat intelligence from Onapsis. If they do so, organizations can drastically reduce their risk profiles, stay a step ahead of ransomware groups, and ultimately keep their names out of the news.
Tim McKnight is CSO of SAP.
Richard Puckett is CISO of SAP.
Mariano Nunez is CEO of Onapsis.
Additional contributors this content include: Elena Kvochko, Imran Islam, Oliver Meli, Vic Chung, and Robert Lorch from SAP, as well as David D’Aprile, Maaya Alagappan, and Tess Cunard from Onapsis.
