Exabeam adds ransomware detection capabilities
User and entity behaviour analytics company Exabeam has debuted an application designed for early detection of ransomware, which it says is one of the biggest security threats in 2016.
Exabeam Analytics for Ransomware helps to provide significant early detection across the corporate network, in the absence of third party security controls. "Unlike other security products, Exabeam can detect ransomware movement and activity in the network, the servers, workstations, BYOD devices, and cloud services," the company says.
According to Exabeam, the scourge of ransomware is on the rise. Since June 2015, the National Cybersecurity and Communications Integration Center (NCCIC) received 321 reports of ransomware-related activity affecting 29 different federal agencies. Moreover, during April 2016, HIMSS Analytics released survey results indicating that half of the US hospitals surveyed had been hit by this type of malware.
"Ask any CISO about their biggest challenge today, and ransomware will almost certainly be the response," says Nir Polak, CEO of Exabeam. "It's bypassing security tools and overwhelming already-overburdened security analysts. Exabeam Analytics for Ransomware addresses both detection and response, bringing relief to stressed security departments. As the Internet of things grows, the ability to monitor entity - for example machine - behaviour becomes critical to IT security and this is our newest entry in that market."
According to Polak, ransomware can be a major disruption to business operations as it endangers data access and integrity. Furthermore, he says, the threat is more often than not detected too late to stop its effects.
"Because ransomware changes often and spreads quickly, many legacy detection techniques are ineffective, and result in temporary, or even permanent, loss of data.
He says Exabeam's techniques detect ransomware as it first enters the network and begins to spread. "These techniques include both behavioural analysis and file analysis, including detecting new strands of ransomware via machine-learning. With no signatures and no static correlation rules, the application learns the normal file and document behaviours of a business's staff, and quickly pinpoints any anomalies that might be an indicator of ransomware infection."
The application also roots out known ransomware via indicators of compromise. "Known ransomware processes use certain file extensions and have known patterns or other indicators listed in threat intelligence feeds. The Exabeam Threat Research Team verifies these indicators and implements them in the product."
Finally, the product makes use of infrastructure-wide, hybrid-cloud ransomware protection. "By looking at machine logs, Exabeam can detect ransomware operating on endpoints, in the data centre or against cloud-based storage services. For example, an employee might access corporate files on the cloud sharing service Box from home, using his personal device, and in the process, allow ransomware to begin encrypting the Box files. Other employees accessing the same corporate files enable the malware to infect their corporate workstations and begin moving across the corporate network."
Polak says the solution also inter-operates with specific security technologies, such as endpoint protection products, to perform additional analytics, and is available as either a physical appliance or a virtual machine. "It can be deployed in hours and delivers true security insight quickly. Existing customers can upgrade their systems to gain these new capabilities. Pricing is based on number of users."