Ransomware attack is generally to make you pay the ransom. For a mutli-prong ransomware attack early stages might include data stealing, disable your AV/AM, avoid your sandbox etc. The last stage is usually encryption.
You are right. But for Check Point Harmony, the portal is secured with 2FA via authenticator. Attackers will have hard time disabling your AV unless they gain kernel access for example, via bring your own vulnerable driver abuse. That’s not exceptionally easy by itself either. The client is further password-protected if you try to uninstall and they ask you to change the default password. The portal can send out instant email alerts if a client fails to communicate, has components disabled and others.
The compliance blade can automatically isolate a computer from the network when certain conditions are not met, for example, anti-malware is not running or is out-of-date.
In addition, you as admin are supposed to keep an eye on everything at all times. Harmony Endpoint is an EDR.
Audit logs are available so you can have a look what’s going on with the devices and if anybody logged in to the portal.
Harmony also prevents credentials reuse, which is frequently the culprit behind a successful attack.
They can try to evade the sandbox but you can configure the client to block all downloads which are not emulated. For additional protection against targeted attacks (I am talking about businesses here, for home use it is not necessary), Check Point offers Harmony Email or even better, Harmony Email and Collaboration. These products will ensure emails are properly scanned for all signs of malicious intent and attachments, even in password-protected archives are emulated before they get to you.
www.deepinstinct.com
