Prevention: reducing attack surface
Patch critical systems, block public RDP, enforce MFA for admins, control Office macros, and restrict local admin/USB use. Phishing simulations complement email gateways.
Network segmentation limits lateral movement — separate VLANs for servers, backup, and users with internal firewall policies.
Detection and response
EDR/XDR, NGFW IPS, and SIEM correlation speed up detection of mass encryption. Incident runbooks: isolate hosts, preserve logs, notify leadership, coordinate backup restore.
Avoid reckless reboots before minimal forensics — evidence may be lost.
Recovery as mitigation
Immutable backup, offline copies, and quarterly restore drills define recovery in hours vs weeks. Test restores from copies isolated from production AD during incidents.
Intilogy designs integrated mitigation: firewall, endpoint, Veeam backup, and tabletop exercises.
Frequently asked questions
Is enterprise antivirus enough?
No. You need EDR, segmentation, immutable backup, hardening, and incident process. Signature-only AV is insufficient for modern ransomware.
