Cyber Observer’s Comprehensive Management Awareness solution can pinpoint machines on your network that are susceptible to the NotPetya malware and keep your network safe.
Scant weeks after suffering global disarray from the WannaCry malware, global enterprise and government networks are again being hit in a new attack that is in almost all ways worse than its predecessor.
On their most recent blog, Fortinet characterizes the latest threat, variously referred to as ‘Petya’, ‘Petrwrap’, or ‘NotPetya’, as a new, hybrid ransomware and worm – a ‘ransomworm’ – owing to characteristics of both, including the same NSA-leaked vulnerability that WannaCry made use of.
Cyber Observer is working with partners across the cyber security industry to monitor thousands of Critical Security Controls (CSCs) and provide comprehensive awareness management to help secure networks against threats like NotPetya. Our core technology continuously monitors specifications across security domains and presents them in a holistic and intuitive way – ensuring that you can maintain a safer and more secure network.
Scanning for Missing Critical Patches
Both WannaCry and NotPetya make use of the same Windows vulnerability, for which Microsoft issued a patch in March. Enterprises pushed the patch to their IT infrastructure – but given the complex topologies of today’s networks, it’s not uncommon for some machines to have missed getting the fix. Since this new threat also spreads through networks using additional exploits, it only takes a single unpatched machine to leave your entire network open to a threat that is crippling global enterprises as we speak.
Among the CSCs we monitor are those administered by platforms such as IBM’s BigFix and Tenable’s Nessus (with similar capability available for Microsoft SCCM). For enterprise customers with these tools in their tool suite, Cyber Observer can identify unpatched machines in a few keystrokes.
In the Cyber Observer platform, navigate to the IBM BigFix or Tenable Nessus CSC relating to ‘critical security updates not installed’ simply key in the appropriate Microsoft patch identifier (Patch MS17-010 was pushed out by Microsoft to close the NSA-leaked vulnerability) and you’ll be instantly alerted if machines on your network have missed getting the patch (see image above). The alternative is asking your DB administrator to run a SQL query, export a (potentially large) file, and then manually filter to check each machine for the presence or absence of the patch – all while the clock is ticking.
Managing Complexity – Firewall Auditing
The NotPetya ransomworm spreads through specific ports across your enterprise network that may be secured by dozens, and perhaps even hundreds, of firewalls – each with their own rules and security controls. Opening and closing ports to network traffic often occurs in an ad-hoc way that is difficult to oversee and – over time – becomes a very complex management challenge.
Cyber Observer makes managing this complexity a simple process. We connect to all your firewalls and alert on insecure rules and misconfigurations with alerts presented in a single display, instantly and clearly stating which risky rules were found and which are risky ports are allowed.
Ensuring Anti-Virus Coverage
Perhaps the most basic necessity for any network is ensuring that anti-virus signature files are up-to-date across all machines. As of June 28, all major anti-virus vendors have released updates to defend against the NotPetya ransomworm and using Cyber Observer you can monitor and manage all your anti-virus solutions across your entire network and ensure that the update is pushed out to all machines.
With Cyber Observer, you get instant awareness of the health of your entire network ecosystem and recommendations to ensure its security and integrity against growing threats like the one we’re all currently facing.