Johannesburg, 15 Nov 2016
Netskope, the leader in cloud security, announced the addition of ransomware detection and recovery capabilities to Netskope Threat Protection. The proprietary method of ransomware detection is an industry first, providing the Netskope Active Platform with the ability to scan sanctioned cloud services for unauthorised encryption due to a ransomware infection and quickly remediate the effects of a ransomware attack without paying a ransom.
With cyber criminals collecting $209 million in the first three months of 2016, ransomware is on track to become a $1 billion crime this year. According to the September 2016 Netskope Cloud Report, 43.7% of detected types of malware are common delivery methods for ransomware, including Javascript exploits and droppers and Microsoft Office macros.
Many users can unknowingly spread ransomware through the sync and share mechanisms present in the cloud storage services they use. As most cloud services have many connected endpoints which users rely on to sync, share and collaborate on content, the spread of ransomware throughout an organisation in a short period of time becomes very easy, creating a dangerous attack fan-out effect. Leading enterprise cloud storage services have integrated versioning capabilities to facilitate collaboration and protect data. Netskope Threat Protection uses these versioning capabilities in its ransomware recovery capabilities by incorporating an integrated workflow to recover files to earlier, unaffected versions.
"The cloud provides great opportunities for increased productivity through collaboration and sharing, but organisations need to consider myriad risks as they move to the cloud. In the case of ransomware, the versioning capabilities in some cloud services can provide powerful protection when coupled with our new ransomware detection and recovery capabilities," said Sanjay Beri, founder and CEO, Netskope. "This underscores our belief that the ongoing shift to the cloud will continue to accelerate as more organisations realise the benefits of the cloud without compromising security."
The Netskope Threat Protection ransomware detection and recovery capabilities examine files that are stored in (or have been synchronised with) sanctioned cloud services, such as Office 365, Box or Dropbox. Using proprietary machine learning to monitor file operations and advanced data transformation algorithms to detect unauthorised file encryption across more than 70 dimensions, Netskope Threat Protection can quickly detect new ransomware outbreaks that spread into sanctioned cloud services.
Netskope provides deep cloud context to help identify the source of the ransomware infection, and, through integrations with endpoint detection and response solutions can trigger the isolation and remediation of affected endpoints. After the active ransomware infection is contained, Netskope provides an integrated workflow that makes use of the versioning capabilities in cloud storage services to quickly restore encrypted files to earlier, unaffected versions, which are subsequently synchronised with any other affected endpoints.
The ransomware detection and recovery capabilities for Netskope Threat Protection will be open for early availability at the end of 2016 and generally available in the first quarter of 2017. For more information visit www.netskope.com.
Share