AllRansomware on Servers: Detection and Prevention using Trend Micro Deep Security
Ransomware on Servers: Detection and Prevention using Trend Micro Deep Security
A Trend Micro White Paper I October 2017
Table of Contents
INTRODUCTION ..................................................................................................................... 1
PART I: A BRIEF HISTORY OF RANSOMWARE .......................................................................... 2
Types of Ransomware ....................................................................................................................2
The Evolution of Ransomware ........................................................................................................3
PART II – HOW CRYPTO RANSOMWARE WORKS .................................................................... 4
Customized Vs. Standard Encryption Cryptosystems .......................................................................4
Symmetric Vs. Asymmetric Encryption ............................................................................................5
Key Management ...........................................................................................................................5
Key Generation & Delivery .............................................................................................................5
PART III – DEFENCE-IN-DEPTH STRATEGY ............................................................................... 8
General Best Security Practices .......................................................................................................8
Deploy Layered Security Controls Using Deep Security .................................................................. 11
Network Security Controls ............................................................................................................ 12
Deep Security: Firewall Recommendations >> ................................................................................... 12
Deep Security: Web Reputation Service Recommendations >> ......................................................... 13
Deep Security: Intrusion Prevention System Recommendations >> .................................................. 14
Malware Prevention & System Security Controls........................................................................... 15
Deep Security: Anti-Malware Recommendations >> .......................................................................... 16
Deep Security: Application Control Recommendations >>................................................................. 17
Deep Security: Integrity Monitoring Recommendations >> ............................................................... 18
CONCLUSION ....................................................................................................................... 19
Trend Micro White Paper
Ransomware: Detection and Prevention using Trend Micro Deep Security
A Trend Micro White Paper I October 2017
INTRODUCTION
Intended Audience
This paper is aimed at information security professionals looking to combat Ransomware on servers. It will provide
guidance on how to adopt and implement safeguards to servers leveraging Trend Micro™ Deep Security™. It is
expected that the reader is comfortable with common computing, security, and networking terminologies and
topics.
About This Paper
This paper will assist in designing a “defense-in-depth” strategy to combat ransomware using Deep Security. We
will first discuss the generic and the most effective IT strategies over the years against threats and then provide
specific configuration guidance on how to leverage Deep Security modules, such as Intrusion Prevention System
(IPS), firewall, application control, integrity monitoring and anti-malware, to help create a “defense-in-depth”
strategy against ransomware.
This paper is not intended or claimed to provide a “magic” solution to combat ransomware nor should it be
believed that there is a single technology which will prevent all of the bad scenarios or the continued proliferation
of ransomware.
An information security professional’s job is to make it harder and increasingly frustrating for adversaries by
adopting a “defense-in-depth” or “layered security model”. This model recommends “Detective”, “Preventive”,
and “Forensic” defensive layers and we will see where Deep Security can fit into this model.
Help and Support
This paper is not meant to be a substitute for product documentation.
For detailed information regarding installation, configuration, administration and usage of the Deep Security
product, please refer to https://help.deepsecurity.trendmicro.com/.
Page 1 | Trend Micro White Paper
Ransomware: Detection and Prevention using Trend Micro Deep Security
Please complete the form to gain access to this content
