Ransomware attacks are a fact of life, so real-time detection, response is critical
Strikes can be diminished using an understanding of breach behavior and machine learning
By Rodika Tollefson, ThirdCertainty
As 2017 unfolds, ransomware has become one of the biggest security headaches, a menace that has grown rapidly in the number of attacks, their sophistication, and the ransoms demanded.
But Cybereason, a Boston security company hopes to stop attackers in their tracks with its real-time ransomware-detection platform. They have honed their tools to help not only large organizations, but also small businesses and consumers, foil ransomware strikes.
Related video: How bitcoin has help accelerate ransomware
Relying on signatures, traditional antivirus (AV) and antimalware tools can’t keep up with ransomware—new variants are easy to create and pop up regularly. So Cybereason uses behavioral analysis technology instead of signatures.
“It uses a behavioral and proprietary deception technique to target the core behaviors that are typical of ransomware attacks,” says Cybereason CISO Israel Barak. “Unlike traditional AV solutions, it targets a much broader variety of never-before-seen ransomware types, including fileless ransomware.”
The company recently integrated these ransomware-detection capabilities into its enterprise product, the Cybereason Detection and Response Platform.
Banking on bad behavior
The platform, which Cybereason describes as “military-grade,” uses big data, behavioral analytics and machine learning for real-time detection of complex cyber attacks.
“There’s a significant difference between security against cyber threats and disrupting advanced cyber operations,” Barak says.
He points out that attacks succeed even within organizations that have sound security protocols, and that’s because there’s a gap in the typical approach to security.
“The idea [behind Cybereason] is to bring into play the understanding of how the attackers think—they’re not trying to get past certain security controls but trying to launch an operation,” he says.
A successful operation advances through certain stages, including an escalation of privileges. Cybereason doesn’t add another security control but rather the detection capability and visibility into these stages, along with the evidence needed for remediation.
The platform is deployed across all of the organization’s servers and endpoints. It can detect attacks regardless of how they’re carried out—whether it’s malware, a shell attack on a compromised machine, or other means. It also can pinpoint the point of penetration, including Internet of Things devices.
“We find single components of attacks and connect it to other pieces of information we gather, to reveal the pieces of the entire hacking campaign so that it can be shut down immediately,” says Lior Div, Cybereason co-founder and CEO.
Help for the little guy
For small entities and individuals, sectors that may be facing even bigger risks, Cybereason says it has the answer: a free tool, called RansomFree, that the company claims can detect and stop 99 percent of ransomware attacks.
These users are typically less prepared than larger organizations to handle this type of threat, Barak explains, yet they are “particularly vulnerable to ransomware attacks, mostly due to lack of proper backups and minimal or no security on their computers.”
According to Kaspersky, 62 new ransomware families were discovered by the third quarter of 2016. At the same time, the number of attacks on businesses grew from one every two minutes to one every 40 seconds between January and the end of September, and from every 20 seconds to every 10 for individuals.
More stories related to ransomware:
Evolving ransomware targets schools, local government agencies
Understanding ransomware helps organizations devise solutions
Your money or your data: Ransomware attacks leave everyone vulnerable