The Latest Aruba Networks (HPE) News
Product and Solution Information, Press Releases, Announcements
Ransomware Decoded: Five Keys To Detect Stealthy Attack Signals Early | |
Posted: Mon Oct 14, 2019 09:07:03 AM | |
By Ron Kent, National Cyber Security Senior Systems Engineer Although ransomware has been a threat for 30 years, it’s dramatically different and increasingly dangerous today. There’s been an uptick in customers expressing concern about it especially given recent incidents where a large ransom was paid or an enormous cost was incurred to remediate an existing infection. In this blog post, we will discuss why it’s still a threat, Aruba's approach to detecting ransomware and how this is different from other solutions you may know of. One reason ransomware has spanned multiple decades is because authors are constantly changing their tactics, techniques and procedures (TTPs). For example,
What can you trust to give you timely and reliable signals of infection? While there are no magic bullets to staying ahead of the bad guys and detecting the ransomware du jour, Aruba IntroSpect has an effective way to address ransomware with a layered defense and machine learning as the foundation. While there are no magic bullets to staying ahead of the bad guys and detecting the ransomware du jour, Aruba IntroSpect has an effective way to address ransomware with a layered defense and machine learning as the foundation. Detecting Ransomware Let’s walk through a few examples of how IntroSpect uses multiple mechanisms – including ransomware specific analytics – that all work in concert throughout the kill chain to detect manifestations of malware or ransomware infections on the network.
Remediation Both rapid detection and response are essential to stop ransomware before it does damage. When IntroSpect is integrated with Aruba ClearPass Policy Manager and any of the above analytics fired or there was increase in risk score indicating an active ransomware attack, ClearPass could take an immediate policy-based action to quarantine the user or device and possibly prevent any lateral movement, sensitive data access, or data exfiltration. This alone can keep one infected machine from becoming a thousand. Summary IntroSpect is a powerful platform for surfacing the subtle signs of malware and ransomware from the sea of IT and network data that it continuously ingests and monitors. IntroSpect arms the SOC team with purpose-built threat analytics that span the entire kill chain. Additionally, the ransomware-specific analytics can generalize to new variants without signatures, scripts, rules or other hardcoded means that depend on prior knowledge. And once ransomware is detected, the SOC team can stop it in its tracks by taking immediate action with ClearPass Policy Manager to contain it and prevent it from spreading even further. |