This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Keeping internal networks safe from the ravages of the Internet is increasingly hard, but virtual container solutions allow users to function normally while preventing the “deplorables” of the Internet– malware, exploits, and other negative phenomena – from reaching files and sensitive data.
Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you a great deal of trouble and expense.
According to industry statistics,over 90% of all malware attacks– including ransomware – have their origins in a nefarious Internet connection, like a link that automatically downloads a trojan to a user's computer, or in an attachment that contains code that connects to a C&C server that installs the malware. Once done, it's a matter of time before the ransomware is delivered – and all hell breaks loose in the organization.
Relying on users to avoid illicit links or attachments obviously doesn't work; there isn't a hospital, school, or company that doesn't warn against clicking on “suspicious” objects, so the fact that computer malware infections – and勒索威胁–grow annuallymeans that the “don't click” system isn't working.
Which is why the best strategy is to keep personnel away from dangerous connections and attachments. Not by limiting the ability to surf the Internet via whitelists or restricting access to content in messages like attachments; that would interfere with the flow of work. Instead, organizations should install virtual container solutions, which keep negative phenomena away from important files and from the internal network, while allowing the flow of work to proceed.
下这样的方案中,每当雇员上网的卷筒纸或附件到来时,所有的连接和/或接合与虚拟容器是由附件。该应用程序实际上在容器内运行,因而,读遗迹有作为,而用户可以读取连接和/或数据,听到或查看。虚拟容器隔离计算机真实的文件系统,注册表,内存和网络连接的应用程序和数据。它有效地捕获恶意软件里面它可以不造成伤害。
Attachments – among the most common access tools for hackers– are kept in the segregated area. Ditto for downloaded documents, spreadsheets, and other “legitimate” files that could be infected with poison macros, etc. The same goes for social media and communication apps (Facebook, Skype, etc.); anything damaging that tries to come through, whether a link, file, attachment, image, music file, etc. is stopped in its tracks.
的连接和文件的偏析是世俗;无论是好还是坏,他们都作出或只在容器观察(一些解决方案,让用户能够安全地缩小所选项目到内部网络)。该容器的内容被周期性地擦拭以永久删除从计算机恶意软件。其结果是,端点不容易受到基于网络的威胁,如偷渡式下载,恶意广告,以及零日层出不穷的利用,很容易绕过基于签名的防病毒软件,防火墙,网关和其他安全工具。
如果有必要实际导入文件到网络时,系统将用户覆盖有作为。一个安全桥通过提取内容,并留下任何可疑的背后缴械文件。像虚拟容器本身,这种方法不依赖于检测恶意软件的能力 - 它只是传递了“已知的好”。这使得它不受瞬息万变的威胁环境。
Hospitals and schools are especially vulnerable, having experienced numerous malware attacks. Last February, for example,a Los Angeles hospital支付40个比特币解冻其数据。一个月后,在攻击Medstar医院系统froze electronic records at ten hospitals in Maryland (according to the company,它没有支付赎金, and restored its data from backups). Other hospitals that have been attacked include one in Kansas, which was actually打两由同一个网络骗子,支付赎金要求后,在第一次进攻。到目前为止,Medstar攻击已经报道了最大的勒索软件勒索。
With virtual container systems, however, phishing efforts by hackers will come to naught; even if they convince a user to click on a bad link or manage to get a poisoned attachment past an e-mail virus checker, the malware will be unable to get past its virtual space and infect a computer, or the rest of the network, denying ransomware purveyors their ultimate goal of shutting down a company's operations. Thus, virtual container technology actually gives organizations two victories over hackers – one, by protecting their internal networks from ransomware, and two, preventing downtime and enabling employees to continue working as usual.
To learn more, visitBufferzone.