Awards

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

OVERVIEW

Preventing ransomware and disruption of service attacks remain a top priority for organizations of all sizes and while EPP and EDR stop most commodity infections, today’s human-controlled ransomware can evade traditional endpoint defenses. These advanced adversaries use APT-like tactics to conduct reconnaissance, steal credentials, elevate privileges, and move laterally. To defend against these advanced attacks, organizations are turning to the Attivo ThreatDefend platform’s ransomware mitigation functions which can derail even the most sophisticated ransomware attacks. The platform hides and denies access to local files, folders, removable devices, and mapped network or cloud shares. It also creates fake network file shares that feed the ransomware limitless data to stall the attack so the organization can promptly isolate infected systems and stop further damage.

The State of Ransomware

Top security concern

2/3 of respondents listed malware/ransomware as the top security concern

The State of Ransomware

Cyber criminals are increasingly turning to ransomware as a secondary source of income.

Ransomware

Ransomware is the third most common Malware breach variety and the second most common Malware incident variety.

In-Network Detection

Organizations reported their controls did not prevent or detect infiltration and ransomware tactics 68% of the time.

Ransomware Mitigation

The ThreatDefend platform offers ransomware mitigation functions through the EDN family of products and the BOTsink deception server. The EDN solution maps hidden shares locally on the endpoint that lead to decoy file servers created by the BOTsink server. These decoys look like production file servers but contain fake files. It also hides and denies access to local files, folders, removeable drives, and mapped network or cloud shares. When the ransomware attempts to look for data to encrypt by enumerating the local directories and network shares, the EDN solution prevents the ransomware from seeing the hidden user files, folders, and production network shares but will show the decoy mapped shares. As the ransomware spreads to the fake network shares to encrypts the files, the decoys alerts on the activity and feed the malware limitless data to stall the attack so the organization can respond in time. It also hides the removable USB storage drives to keep the malware from encrypting the data or using them to spread to other systems. These ransomware mitigation functions can limit damage that ransomware can inflict on user and network data while delaying its spread and giving the security teams the time to respond to the infection

PROTECTED ASSETS

Insider Threat Supplier/Local Files

Local Files

Local Folder Single

Local Folders

Network Shares

Network Shares

Mitigate Risk

Cloud Shares

Removable Drives

Removable Drives

BENEFITS

Organizations choose Attivo Networks because:

High Fidelity Detection

Early Detection

  • Get substantiated detection of ransomware activity.
Stop Propagation

Stop Propagation

  • Deny ransomware from spreading to production network shares or removeable storage media.
Prevention vs. recovery

Prevention vs. recovery

  • Prevent ransomware from damaging data by denying visibility and exploitation of files, folders, attached storage, and network or cloud shares.

Broad Effectiveness

  • Comprehensive protection and accurate detection regardless of ransomware strain.

“WE DON’T KNOW ANY OTHER TECHNOLOGY THAT HAS A BETTER SIGNAL TO NOISE RATIO. DECEPTION TECHNOLOGY IS SIMPLE, INEXPENSIVE, AND IT WORKS.”

SR DIRECTOR ANALYST AT GARTNER

Find out how deception can help you with mitigating  insider threats.