Ransomware attacks are a fact of life, so real-time detection, response is critical

Strikes can be diminished using an understanding of breach behavior and machine learning

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

As 2017 unfolds, ran­somware has become one of the biggest secu­ri­ty headaches, a men­ace that has grown rapid­ly in the num­ber of attacks, their sophis­ti­ca­tion, and the ran­soms demanded.

3C_011117_Graphic_v5_JMAnd crim­i­nals are cap­i­tal­iz­ing on this new­ly lucra­tive niche.

But Cyberea­son, a Boston secu­ri­ty com­pa­ny hopes to stop attack­ers in their tracks with its real-time ran­somware-detec­tion plat­form. They have honed their tools to help not only large orga­ni­za­tions, but also small busi­ness­es and con­sumers, foil ran­somware strikes.

Relat­ed video: How bit­coin has help accel­er­ate ransomware

Rely­ing on sig­na­tures, tra­di­tion­al antivirus (AV) and anti­mal­ware tools can’t keep up with ransomware—new vari­ants are easy to cre­ate and pop up reg­u­lar­ly. So Cyberea­son uses behav­ioral analy­sis tech­nol­o­gy instead of signatures.

ed-note_cybereasonIt uses a behav­ioral and pro­pri­etary decep­tion tech­nique to tar­get the core behav­iors that are typ­i­cal of ran­somware attacks,” says Cyberea­son CISO Israel Barak. “Unlike tra­di­tion­al AV solu­tions, it tar­gets a much broad­er vari­ety of nev­er-before-seen ran­somware types, includ­ing file­less ransomware.”

The com­pa­ny recent­ly inte­grat­ed these ran­somware-detec­tion capa­bil­i­ties into its enter­prise prod­uct, the Cyberea­son Detec­tion and Response Platform.

Bank­ing on bad behavior

The plat­form, which Cyberea­son describes as “mil­i­tary-grade,” uses big data, behav­ioral ana­lyt­ics and machine learn­ing for real-time detec­tion of com­plex cyber attacks.

There’s a sig­nif­i­cant dif­fer­ence between secu­ri­ty against cyber threats and dis­rupt­ing advanced cyber oper­a­tions,” Barak says.

He points out that attacks suc­ceed even with­in orga­ni­za­tions that have sound secu­ri­ty pro­to­cols, and that’s because there’s a gap in the typ­i­cal approach to security.

Israel Barak, Cybereason CISO
Israel Barak, Cyberea­son CISO

The idea [behind Cyberea­son] is to bring into play the under­stand­ing of how the attack­ers think—they’re not try­ing to get past cer­tain secu­ri­ty con­trols but try­ing to launch an oper­a­tion,” he says.

A suc­cess­ful oper­a­tion advances through cer­tain stages, includ­ing an esca­la­tion of priv­i­leges. Cyberea­son doesn’t add anoth­er secu­ri­ty con­trol but rather the detec­tion capa­bil­i­ty and vis­i­bil­i­ty into these stages, along with the evi­dence need­ed for remediation.

The plat­form is deployed across all of the organization’s servers and end­points. It can detect attacks regard­less of how they’re car­ried out—whether it’s mal­ware, a shell attack on a com­pro­mised machine, or oth­er means. It also can pin­point the point of pen­e­tra­tion, includ­ing Inter­net of Things devices.

Lior Div, Cybereason co-founder and CEO
Lior Div, Cyberea­son co-founder and CEO

We find sin­gle com­po­nents of attacks and con­nect it to oth­er pieces of infor­ma­tion we gath­er, to reveal the pieces of the entire hack­ing cam­paign so that it can be shut down imme­di­ate­ly,” says Lior Div, Cyberea­son co-founder and CEO.

Help for the lit­tle guy

For small enti­ties and indi­vid­u­als, sec­tors that may be fac­ing even big­ger risks, Cyberea­son says it has the answer: a free tool, called Ran­som­Free, that the com­pa­ny claims can detect and stop 99 per­cent of ran­somware attacks.

These users are typ­i­cal­ly less pre­pared than larg­er orga­ni­za­tions to han­dle this type of threat, Barak explains, yet they are “par­tic­u­lar­ly vul­ner­a­ble to ran­somware attacks, most­ly due to lack of prop­er back­ups and min­i­mal or no secu­ri­ty on their computers.”

Accord­ing to Kasper­sky, 62 new ran­somware fam­i­lies were dis­cov­ered by the third quar­ter of 2016. At the same time, the num­ber of attacks on busi­ness­es grew from one every two min­utes to one every 40 sec­onds between Jan­u­ary and the end of Sep­tem­ber, and from every 20 sec­onds to every 10 for individuals.

More sto­ries relat­ed to ransomware:
Evolv­ing ran­somware tar­gets schools, local gov­ern­ment agencies
Under­stand­ing ran­somware helps orga­ni­za­tions devise solutions

Your mon­ey or your data: Ran­somware attacks leave every­one vulnerable