JPC Mitigates Ransomware Risk with BlackFog

The Challenge

Providing managed IT services for small to medium size businesses across multiple verticals has its challenges, particularly when it comes to convincing them that they need to adopt newer technologies to protect against threats such as ransomware.

Some customers are not interested in IT, and they entrust JPC to take all responsibility to install the right products to protect their environments, while others have limited cybersecurity knowledge and are more focussed on saving money.

JPC General Manager and Solution Architect Ronny Johnsen explains, “with new customers we are able to build the right product portfolio to ensure maximum protection from cyberthreats. With legacy customers they often need to be convinced that they need additional layers of security, and unfortunately, they feel that older technologies such as Antivirus and Firewalls are going to offer enough protection. In many cases they don’t believe they are going to be a cyberattack victim until it’s too late.”

For JPC, the threat of ransomware is the most frightening, Ronny continues, “it doesn’t happen often, but it has major impact when it does. Over the years we’ve dealt with different attacks, one notable incident saw the Norwegian Police involved when critical data was lost during a ransomware attack. The attack impacted an old firewall at the customer site and a local on- premise server. A very important database was encrypted, as were the backups.

Recovery from that incident took around 2 years and it involved recovering data from a 12 year old backup. A very costly and frustrating experience that could have been easily mitigated with the right solution in place.”

The Solution

JPC regularly reviews new technology to ensure they are offering their clients the best solutions for today’s cyber challenges. Previously unfamiliar with anti data exfiltration technology, Ronny was introduced to BlackFog by a trusted advisor who recommended he review the solution.

“Ransomware is the number one concern we have and when I learned more about how BlackFog worked I was interested in to learn more and test it in our own environment,” commented Ronny.

The Approach

JPC tested the solution on their own internal devices and some customer servers. During the one month trial period they saw a lot of connections to countries like Russia and China.

“We had some surprising events during the trial when it came to outbound data flow, on one employee computer we even saw a fitness watch sending data back to China which was interesting! Being able to see the unauthorized data exfiltration and seeing BlackFog automatically take action to prevent it was really insightful.”

JPC noted that during the evaluation BlackFog detected suspicious behavior, such as connections to the dark web, which traditional cybersecurity solutions failed to pick up.

Ronny added, “BlackFog discovered some activities during the trial that we were able to investigate, it was clear to us that BlackFog would serve as a last line of defense and an additional layer when other solutions failed to detect and prevent threats.”

Following the evaluation JPC decided to add BlackFog to its own company devices and servers. BlackFog was also added as an additional layer to its cybersecurity suite for all new customers and an optional solution for its existing customers.

The Results

JPC still has challenges when it comes to convincing some companies that traditional perimeter based cybersecurity tools are not enough to prevent attacks, but for those that have adopted BlackFog there have been zero incidents.

Ronny concluded, “BlackFog is an important solution in our portfolio, and we feel safe and protected from ransomware by having it.

For MSPs or end users who think they don’t need it, my advice would be to give it a try, look at the event logs and see what’s really going on with your data flow, you will be surprised when you see what’s happening on your devices and your servers.

The info you see in the console will clearly tell you why you should be using it.”

*** This is a Security Bloggers Network syndicated blog from BlackFog authored by Brenda Robb. Read the original post at: