A More Resilient Future With Automated Ransomware Recovery
Cisco News, Thursday, August 10,2023
The constant evolution of the digital world has not only presented an abundance of opportunities, but also raised an equal amount of security challenges, ransomware being one of the most sinister
In response to this growing threat, our team of Principal engineers at Cisco (including myself under the guidance of our project sponsors from Cisco's Security Business Group and Cisco IT), embarked on a journey towards automating ransomware recovery not just for our own enterprise, but for everyone.
The underlying problem we sought to address was the ability to automatically recover hosts from a ransomware attack. An intricate analysis of assumptions and facts was necessary, as our initial assumptions had to be validated against reality. We began by knowing all incidents require an eradication and recovery process. This responsive process could leverage automation or orchestration. Furthermore, we believed that ransomware could be mitigated by response initiated from events or alerts. This meant that activities that normally would be considered administrative in nature or 'living off the land' had to be considered in detecting adversarial activity.