Hot!Ransomeware protection using DLP

Author
mbence84
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/11 13:01:08
  • Status: offline
2020/05/25 06:22:26 (permalink)
0

Ransomeware protection using DLP

After reading the below thread I was wondering if it is possible to do the same with a Fortigate and if so how. Read the article below for finer detail but in summary if you have a windows file server you can block access to the folder to prevent ransomware encryption via shared drives etc. There are a feature called  FSRM so basically what you do is you add dummy files/folders at the start,end and between your actual files and if anyone one edit them that person/IP will get disconnected. So the idea is if a persons computer would have been compromised and the encryption is done on shared drive it will typically start alphabetical either from the top or bottom etc. When this FSRM detect a edit/change on any files it will disconnected and block that user session. So i was thinking how can this be done with a Fortigate. i have been looking into this but i am at the very early stage of this so would be great to have some other engineers also brainstorming this. I was thinking DLP could be one such feature where you create these files and use DPL to detect any changes on these files and depending on that action a block etc. Perhaps create a signature to detect a command to certain destination files to update or change on a IPS policy or something. Hoping for some feedback.
 
https://medium.com/savagesec/minimizing-ransomware-risk-with-fsrm-847d70f6212b
 
#1

0 Replies Related Threads

    Jump to:
    © 2020 APG vNext Commercial Version 5.5