Attivo Networks announced new capabilities to its Endpoint Detection Net (EDN) solution that improve file protection against human-operated ransomware by concealing and denying access to production mapped shares, cloud storage, and selected files or folders.
By hiding this information, the EDN solution limits the malware’s choice to engage only with the decoy environment and dramatically reduces the risk of a successful data compromise.
How EDN works to derail Ransomware 2.0
There are five primary techniques that the Attivo Networks ThreatDefend platform provides to reduce the risk and prevent the spread of a ransomware attack. These work collectively to stop infections and accurately detect in-network threats and other activities criminals would employ to escalate their attack.
- Prevents attackers from seeing or exploiting production files, folders, removable disks, network shares, and cloud storage
- Detects attempted exploitation and encryption of decoy file shares (when used in conjunction with BOTsink deception servers)
- Slows an attack by distracting it with high-interaction deception techniques
- Detects credential theft and attempted enumeration of local administrator accounts and Active Directory for privilege escalation
- Provides native integrations that deliver automated isolation and reduce response time