Cyber deception specialist Attivo Networks has added ransomware protection to its Endpoint Detection Net (EDN) product.
Attivo’s EDN now improves file protection against human-operated ransomware by concealing and denying access to production mapped shares, cloud storage, and selected files or folders.
This limits the malware to the decoy environment, reducing the risk of a successful data compromise.
Traditional endpoint protection or endpoint detection and response products work by signature matching or behavioural anomaly detection, which are open to evasion by human attackers.
According to Attivo, such human-operated “Ransomware 2.0” attacks start with APT-style tactics designed to bypass traditional security controls and gain an initial foothold. From there, the attacker conducts network discovery, probes Active Directory, moves laterally, and identify high-value assets to target by encrypting critical data or taking control of other assets.
According to recent Mandiant threat intelligence research, in 75% of cases at least three days passed between the first evidence of malicious activity and ransomware deployment.
EDN, within the Attivo Networks ThreatDefend platform, obscures production files, folders, removable disks, network shares, and cloud storage from attackers; detects attempted exploitation and encryption of decoy file shares (when used in conjunction with BOTsink deception servers); slows attackers by distracting them with high-interaction deception techniques; detects credential theft and attempted enumeration of local administrator accounts and Active Directory for privilege escalation; and provides native integrations that deliver automated isolation and reduce response time.
More information is available here.
“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data,” said Attivo Networks senior vice president of engineering Srikant Vissamsetti.
“This advanced protection by the Attivo EDN solution disrupts ransomware’s ability to move laterally and prevents unauthorised access to data by concealing production files, folders, removable disks, network shares, and cloud storage.”
EDN’s ransomware protection capabilities are available immediately.
LOGICMONITOR WEBINAR – PROVING THE VALUE OF IT – JUNE 25
Thursday, June 25th 11:00 am AEST
Do you find it difficult to quantify the value that your IT team is providing to your internal or external customers?
Does it then limit the budget you’re able to secure to advance your team’s strategic goals, despite being aligned to your business’ core objectives?
In this webinar, we’ll explore the ways that IT drives value for your organisation and how you can quantify that value for your business partners. You’ll learn:
– Various ways organisations rely on their IT departments
– The impact IT can have on the financial and operational dynamics of a business
– How to quantify the ROI of IT investments
Click the button below to register for this valuable webinar
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.