Home Prevention - Malware / Ransomware Controls

Prevention - Malware / Ransomware Controls

Devoteam Cyber Trust has compiled a cross-sectional set of suggested controls and practices to reduce the risk associated with Malware / Ransomware. For information about Malware / Ransomware Assessment services, contact us.

Network

Segmentation

Network

Throttling High Consumers

Network

Monitor atypical activity

Network

Backup segmentation

Network

Activate detailed logging

System

Restrict administrative privileges

System

Software updates

System

Hardening

System

Backups

System

Anti-virus

System

Monitoring

System

Access Control

System

Content Filtering

System

Honeypots

System

Threshold specific API Calls

System

Password quality

System

Activation of specific system logs

System

Disable usage of plaintext cached credentials on LSASS

Perimeter

Address urgently any identified critical and high severity vulnerabilities

Perimeter

Email with AV, reputation check, and SPF/DKIM/DMARC

Perimeter

Limited exposure of services to the Internet

Perimeter

Verification of the reputation of source IP addresses

Perimeter

Implement IDS/IPS (including layer7)

Perimeter

Segment the perimeter according to the criticality / nature of the services

End-point

Proxy with content filtering

End-point

Patching and update (no excuses)

End-point

Disable Macro Scripts

End-point

Disable Plug and Play for non data volume devices

End-point

Active notifications every time a website tries to execute or install software

End-point

Antivirus / malware with active detection and updated databases

End-point

Disable access via remote desktop services

End-point

Complex passwords

End-point

Firewall enabled in the remote workstation

End-point

Disable or remove all “guest” accounts / users or that are no longer in use

End-point

Remove all unused network interfaces

End-point

Perform day-to-day tasks with accounts / users without administration privileges

End-point

Do not install software without authorization and do not uninstall software installed by the Organization

End-point

Do not use accounts / users without a password

End-point

Updated web browser and related plugins

End-point

Keeping information in centralized controlled repositories and avoiding information being dispersed

Remote Work

WIFI only WPA2

Remote Work

Wireless VLAN for work access

Remote Work

Inhibit more than 1 connection per user on the VPN

Remote Work

2FA/MFA/UFA

Remote Work

Firewall enabled in the remote workstation

Remote Work

Antivirus / malware with active detection and updated databases

Remote Work

Disable access via remote desktop services

User Awareness

User Awareness

User Awareness

Do not use pirated software

User Awareness

Define and communicate contact point

User Awareness

Evaluate user-awareness through Phishing campaigns

User Awareness

Perform table-top exercises

Incident Response

Incident Response Plan

Incident Response

Relevant Contacts

Incident Response

Contextual impact analysis

Incident Response

Disconnect / Isolate

Incident Response

Sandbox implementation

Incident Response

Check if decryptor is available

Incident Response

Containment

Incident Response

Restore

Incident Response

Report the Infection (authorities)

Cybersecurity newsletter

Do you want to receive our newsletter?

Subscribe here

Contact us.

Headquarters

Edifício Atrium Saldanha
Praça Duque de Saldanha, nº 1, 2º andar
1050-094, Lisboa | Portugal
T: +351 21 33 03 740
E: info@integrity.pt

And we are present in 18 more countries across EMEA.
world map
 




Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.