A Cybersecurity Engineer’s Perspective On Wannacry
Posted May 16, 2017 by Sayers
A Cybersecurity Engineer’s Perspective On Wannacry
When an otherwise routine crypto cash-grab becomes international news, it can make the most seasoned of us pause momentarily in reflection. At its core – WannaCry isn’t anything special. It has your usual components of a ransomware attack – the Bitcoin buy, scary pop-ups and flutter. It has the usual components of a worm – once in the network, slithering laterally to others with the same holes as the infected.
So why has an otherwise unremarkable attack become the most destructive in modern history?
Cybersecurity Engineer. That’s a humble, moderately ambiguous, yet globally recognized title for someone whom is in our industry. However, my job at Sayers goes considerably deeper than words. I have a responsibility to our clients to provide solutions that work. Solutions that provide you confidence. Assurance. There’s a fundamental difference in the way we work here at Sayers – and it certainly was confusing to many of my non-industry friends on how I could shrug at an incident so large.
Cylance. That’s an organization many have become familiar with in the next-generation Anti-Virus / Anti-Malware space. It is an emerging technology that has quickly risen to become the top solution of interest by our clients. We’ve all heard the trope – now is time to take action. Truth is, the legacy and most recognized brands we have built trust in… they’ve all left gaps that no longer can be ignored.
If Sayers implemented Cylance in your organization, you were protected this weekend. When we designed the policies and took the additional time to familiarize ourselves with your environment, we listened and heard that your Windows Update and patching methods didn’t match your business processes. So when Cylance’s offline mathematics model from 2015 is able to stop the “world’s largest ransomware attack” two years before it was launched…it can make any Engineer chuckle. We knew you had the best proactive and preventative ransomware solution for your environment. It’s not simple luck – that’s the product of meticulous insight and care.
This same story can be echoed on every side of the Cybersecurity hype-cycle and in each of our individual areas of practice. Here are just a few examples:
Tenable has been scanning the ShadowBrokers vulnerabilities since March.
Proofpoint engineers helped an independent researcher implement the first WannaCry kill-switchthe same day it took down the UK’s NHS and was rampantly proliferating across Asia.
Attivo Networks’ clients were instantly notified once unprivileged, highly unusual access patterns were detected with the SMB protocol spreading laterally within the same network.
WannaCry never had any impact for me.
We are not a simple VAR. We’re not a reseller – and no, we certainly don’t sell “all the same stuff” as everyone else. We sell only the best, as tested by our amazing engineering team. We partner with the leaders in the industry as we see them. No pitches before we do.
My job as a simple Cybersecurity Engineer is to ensure that you get the right technology to address your current & future needs, no matter what those may be. We’re constantly researching the dark, always vetting new technologies for value, always investing in our labs, test environments and scenarios – all so we can provide some confidence that when the next WannaCry hits, you’ll be just as calm as I am.