WannaCry Health Check Empowers Enterprises to Rapidly Respond to the Ransomware Outbreak
Adaptiva has released a WannaCry Health Check Package to customers of the company’s endpoint health and security engine, Client Health™. The new health checks automatically detect and identify endpoints that are either vulnerable or have already been infected by the WannaCry ransomware outbreak that is sweeping the globe. They also contain remediation actions, which disable the Microsoft SMBv1 protocol on any potentially vulnerable machine to reduce the attack surface for this exploit and immediately secure the vulnerable devices.
The WannaCry outbreak is currently spreading rapidly around the world, infecting tens of thousands of organizations in more than 150 countries. The heavily weaponized exploit makes use of a security flaw that is present in multiple versions of Microsoft Windows, including some versions of Windows 10 and Windows Server 2016, and then aggressively spreads the attack to other computers. The scale of the damage from this outbreak is unprecedented with new variations of the exploit arising every day.
“Enterprises must rapidly respond to this new ransomware attack to stop the potential for wide-scale damage and loss of critical data,” said Dr. Deepak Kumar, CTO and founder of Adaptiva. “We created the WannaCry Health Check Package to arm Adaptiva’s Client Health customers with the tools they need to immediately assess the current and potential effects of WannaCry across all the devices in their enterprise.”
The WannaCry health checks also automatically secure any computer against the exploit and add vulnerable devices to a collection within Microsoft System Center Configuration Manager (ConfigMgr) so they can be quickly patched. Enterprises simply schedule the WannaCry health checks to run, and Adaptiva’s Client Health will take care of detection and remediation.
The WannaCry Health Check Package contains the following components:
WannaCry Infection Health Check – This check detects systems that have already been infected by WannaCry by conducting a comprehensive evaluation of Indicators of Compromise (IOC) for this exploit. Machines that fail this health check are already compromised and must be immediately quarantined. The business must then evaluate whether to reimage the affected systems or pay the ransom to retrieve data.
WannaCry Vulnerability Assessment Health Check – This health check detects systems that are vulnerable to the WannaCry attack by evaluating whether the correct patches and system updates have been applied to the system. If a machine contains none of the specified patches, it is vulnerable to attack by WannaCry. System administrators can easily update the patch list via a simple user interface to add additional patches to the health check as they become available. The health check will also add any systems identified as vulnerable to the appropriate ConfigMgr collection so they can be quickly patched.
WannaCry Vulnerability Remediation Action – This remediation action comes packaged with the Vulnerability Assessment Health Check. It will automatically disable the SMBv1 protocol on any machine identified as potentially vulnerable during the health check process and reboot it.
via DZone.com Feed https://dzone.com
May 15, 2017 at 06:27PM