New application uses behavioral analytics to fight ransomware
Ransomware is one of the most important security threats for business to deal with as it has the potential to cause serious damage and financial loss.
User behavior specialist Exabeam is launching its Analytics for Ransomware, a new application designed for early detection across the corporate network. Unlike other security products, Exabeam can detect ransomware movement and activity in the network, servers, workstations, BYOD devices, and cloud services.
"Ask any CISO about their biggest challenge today, and ransomware will almost certainly be the response," says Nir Polak, CEO of Exabeam. "It's bypassing security tools and overwhelming already-overburdened security analysts. Exabeam Analytics for Ransomware addresses both detection and response, bringing relief to stressed security departments. As the Internet of Things grows, the ability to monitor entity (i.e. machine) behavior becomes critical to IT security and this is our newest entry in that market".
Exabeam uses cutting-edge techniques to detect ransomware as it first enters the network and begins to spread. These include both behavioral analysis and file analysis, it can detect new ransomware via machine-learning, spotting the anomalies associated with ransomware infection.
It's also able to detect known ransomware via indicators of compromise. Known ransomware processes use certain file extensions and have known patterns or other indicators listed in threat intelligence feeds. The Exabeam Threat Research Team verifies these indicators and implements them in the product.
By looking at machine logs, Exabeam can detect ransomware operating on endpoints, in the data center or against cloud based storage services. For example, an employee might access corporate files on a cloud sharing service from home, using his personal device, and in the process, allow ransomware to begin encrypting the cloud files. Other employees accessing the same corporate files give the malware a route to begin moving across the corporate network. Exabeam can detect this activity early enough to prevent disruption.
Exabeam Analytics for Ransomware is available as either a physical appliance or a virtual machine. It can be deployed and begin protecting systems fast and existing Exabeam customers can upgrade their systems to gain these new capabilities. More information is available on the company's website.
Photo credit: wsf-s / Shutterstock