Responding to and Decoding the Ransomware MenaceCrowdStrike's Nitin Varma on Orchestrating a Ransomware Response Plan
A well-orchestrated strategy for responding to ransomware or malware intrusion requires the right mindset and an approach that covers the entire kill chain process. Nitin Varma, managing director of CrowdStrike for India and SAARC, discusses how to respond and restore after being attacked.
Varma points out that many organizations view ransomware as a problem of financial loss if they have the means to restore their environment after being attacked. "From our perspective, it's a two-pronged problem: malicious code and an identity-based problem. In a malicious code execution, the adversary will start from the first step of the kill chain. Still, in today's modern-day attacks, the adversaries are starting after gaining credentials in the customer environment, moving as a legitimate user and moving laterally, giving the customer less time to defend and react."
The core problem is identity, he says, and organizations should respond by covering the entire kill chain process.
In this video interview with Information Security Media Group at ISMG's Cybersecurity Summit held in Mumbai, Varma discusses:
- Aligning IAM policy with the organization's threat detection process;
- The need to establish context-based security and a behavior-based security baseline;
- Detecting identity-based attacks by ensuring security goes beyond intrusion.
Varma has more than 20 years of experience leading teams across sales, operations and strategy across multiple industry sectors including telecom and communications business. He has experience in handling large business projects at the national level in networking, data center, collaboration, mobility, contact center, compute, security and software.