Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

WannaCry: Separating Truth from Marketing

May 18, 2017

  • Blog
  • Archive

WannaCry Truth vs Marketing

As a vendor in the security space, our role is to provide organizations with real solutions to help protect them from real threats. As vendors, we need to clearly articulate when and how we can help. With the recent outbreak of WannaCry and EternalBlue hitting thousands of companies across the globe, we see security vendors jumping in to tell you how their product will stop the attack. They use well-crafted sentences and walk the line between what’s true and not true. So, let’s look at the facts of the case by examining two aspects of this outbreak – initial attack vector and propagation.

Initial Attack Vector (or, How it Gains a Foothold on Your Network)

Application control (including capabilities such as allow listing, greylisting and block listing) and least privilege solutions offered by BeyondTrust and other vendors can certainly protect and reduce the impact of phshing and ransomware attacks. In the case of WannaCry, if phishing was the initial attack vector to gain a foothold, then application control and least privilege could help to mitigate this scenario. However, upon inspection it appears that that the WannaCry initial attack vector was not a phishing attack. See this article, "Dr. Chenxi Wang Discusses WannaCry - A Simple Attack That Took Down The Internet" for a great overview.

Propagation (or, How the Infection Spreads)

Application control and least privilege solutions are not able to stop the propagation of WannaCry and Eternalblue due to the nature of the attack. This is the nature of a worm-able exploit operating in ring 0 of the operating system and something very rare in the cyber security community. We include more details on the outbreak and propagation in this blog, "WannaCry Ransomware Attack Explained".

How to Protect Your Organization

To protect yourself from this specific infection there is prescriptive guidance that includes updating malware rules and app control rules, removing SMB1/CIFS, patching your systems, and blocking incoming TCP ports being used to drive the initial infection. However, it is important to note that the specific payload leveraging this exploit can be modified quickly. The best approach to protect yourself from this and future variants is to either patch or shutdown vulnerable systems.

At BeyondTrust we do offer a free scanning solution to allow customers to discover where they are vulnerable to this attack. We can also offer ways to help mitigate against phishing and ransomware attacks.

As security solution providers and advisors, vendors need to be upfront with our customers and the market. We need focus on what’s important – helping our customers stay secure – and less about the fantastic marketing.

Brad Hibbert

With over 20 years of experience in product strategy and management, Brad leads BeyondTrust’s solution strategy. He joined BeyondTrust via the company’s acquisition of eEye Digital Security, where Brad led strategy and products. Under Brad’s leadership, eEye launched several market firsts, including vulnerability management solutions for cloud, mobile and virtualization technologies. Prior to eEye, Brad served as Vice President of Strategy and Products at NetPro before its acquisition in 2008 by Quest Software. Formerly, at FastLane Technologies, which was sold to Quest Software in 2001, Brad worked extensively with key Microsoft business units on product direction and go-to-market strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.