info@swimage.com
   My Login
Request Demo
Request Quote

Swimage

Modern PC Management
  • Home
  • Solutions
    • Swimage Endpoint Management
    • Swimage Compliance Enforcer
    • Swimage Attune
    • Swimage Cloud
    • Swimage + Tranxition Ransomware Recovery
    • Swimage Encryption Converter
    • White Glove Services
  • Use Cases
    • Health and Compliance
    • Manage Remote PCs
    • Incident Response
    • Disaster Recovery
    • MSPs
    • Repair
    • Domain Migration
    • Remove Malware
    • Ransomware Risk Mitigation
    • Ransomware Recovery
    • Replace
    • OS Upgrade
    • Bare Metal Provisioning
    • Encryption Conversion
  • Differentiators
    • Encryption Handler
    • Offline Deployment Method
    • DataProtect Snapshot
    • DataProtect Rollback
    • Remote Connection Manager
    • Pre-Deployment Validator
    • Swimage Splashlock
    • Driver Interrogator
    • Provisioning Engine
    • Direct Data Transfer
    • Swimage Conductor
    • Realtime Dashboard
    • Post Deployment
    • Deployment Activity Report
    • Swimage Portal
  • Benefits
    • Maintain Security
    • Business Continuity
    • Support Remote Workers
    • Autopilot Alternative
    • Zero Trust Security
    • Fast & Easy Install
    • Own & Protect Your Data
    • Resilient Deployments
    • Full Rollback Capability
    • Customize Workflow
    • Application Installation
    • Report Activities
    • Return On Investment
    • Competitive Analysis
  • Resources
    • Case Studies
    • Webinars
    • Newsletters
    • Blog
  • Company
  • Contact Us
National Institute of Standards and Technology
Posted on October 23, 2021 by Tami Haroldsen

NIST Ransomware Profile

In September, the National Institute of Standards and Technology (NIST) issued a report titled Cybersecurity Framework Profile for Ransomware Risk Management.  This report contains a Ransomware Profile which provides guidance on helping organizations prevent, respond to, and recover from ransomware events.

The purpose of the Ransomware Profile “is to help organizations identify and prioritize opportunities for improving their security and resilience against ransomware attacks.” 

The profile suggests the following “basic preventative steps that an organization can take now to protect against the ransomware threat”:

  • Use antivirus software at all times.
  • Keep computers fully patched.
  • Segment networks.
  • Continuously monitor directory services (and other primary user stores) for indicators of compromise or active attack.
  • Block access to potentially malicious web resources.
  • Allow only authorized apps.
  • Use standard user accounts versus accounts with administrative privileges whenever possible.
  • Restrict personally owned devices on work networks.
  • Avoid using personal apps from work computers.
  • Educate employees about social engineering.
  • Assign and manage credential authorization for all enterprise assets and software, and periodically verify that each account has the appropriate access only.

To help recover from a future ransomware event, the following steps are recommended:

  • Make an incident recovery plan.  Develop and implement an incident recovery plan with defined roles and strategies for decision making. This can be part of a continuity of operations plan. The plan should identify business-critical services to enable recovery prioritization, and business continuity plans for those critical services.
  • Backup data, secure backups, and test restoration. Carefully plan, implement, and test a data backup and restoration strategy—and secure and isolate backups of important data.
  • Keep your contacts. Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.

The bulk of the report consists of a Ransomware Profile table which provides detailed guidance and informative references to the NIST Cybersecurity Framework Version 1.1. The main categories are the five Cybersecurity Framework Functions:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

For purposes of this article, we are focusing on the Recover function.  The sub-categories for the Recover function include:

  • Recovery Planning – Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cybersecurity incidents.
  • Improvements – Recovery planning and processes are improved by incorporating lessons learned into future activities.
  • Communications – Restoration activities are coordinated with internal and external parties (e.g., coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).

The report also contains multiple helpful references and resources, including NIST SP 800-184, Guide for Cybersecurity Event Recovery.

Ransomware risk management is essential for every organization.  Cybersecurity Framework Profile for Ransomware Risk Management provides extremely helpful guidance to prevent, respond to, and recover from ransomware events.

Swimage + Tranxition Ransomware Recovery fits into the NIST Ransomware Profile as a vital component of the Recover function.

Installation of our Ransomware Recovery solution is a fundamental part of the recovery planning process.  Our software performs incremental backups and stores them in a secured location.  Upon the occurrence of a ransomware event, the systems are automatically rebuilt from the ground up, from a known good source.  This includes the operating system and applications.  Then user data, profiles, and settings are restored from the secure backup location.  This is all completed in minutes and multiple systems may be rebuilt at the same time.

More information, including a short video, is available at Swimage + Tranxition Ransomware Recovery.

Posted in
  • Cloud Exit Strategy and Cloud Repatriation
  • Process Automation is Essential for the Remote Worker
  • NIST Ransomware Profile
  • Windows 11 – What to Expect
Swimage Endpoint Management

Quick Links

  • Home
  • Solutions
  • Resources
  • Company
  • Contact Us

Contact Us

info@swimage.com
Request DemoRequest Quote

Get in Touch

LinkedIn Twitter Facebook

Like Swimage

© Copyright 2023 Logical Design Solutions, Inc. dba Swimage. All Rights Reserved
WordPress Lightbox