Your Last Line of Defense against ransomware
Preventative security measures are never 100% failsafe. Stop ransomware dead in its tracks with an agentless and proven containment system.
Secure your organization, reputation and bottom line when other security solutions fail.
Let’s face facts: Even the most well-protected organizations fall victim to ransomware.
Malicious attackers are constantly innovating new and novel methods to defeat traditional, prevention-based detection methods. Our unique, agentless, multi-layered detection system stops ransomware in its tracks and minimizes data loss and downtime via a three-tiered action sequence. RC is engineered to:
MONITOR & DETECT
Monitors all network traffic in real time
Instantly detects an active ransomware outbreak
ISOLATE & QUARANTINE
Identifies and blocks the user and client initiating the encryption
Deploys built-in scripts to disable the affected user and stop the file encryption
RECOVER & REPORT
Quickly identifies any encrypted files that can be restored from the backup
Automates any necessary incident reporting
There were over 200 million ransomware attacks in the last half-year of 2020. That’s nearly 25 attacks per second. The COVID-19 pandemic has caused a surge in cybercrime. While organizations are moving workers outside of the corporate-grade firewall, more and more cybercrime groups want a piece of the pie. Experts agree that it is no longer a question of if, but when you get hit.
Ransomware is evolving. So must your security response.
New strains of ransomware can disable endpoint protection, AV, firewalls, and even backup solutions before encryption starts. What do you do if your perimeter and endpoint protection is breached? RC is the answer. It detects and responds the very second encryption begins, providing your IT team a critical Last Line of Defense.
A Different Approach
RC leverages heuristic analysis and file metadata to monitor traffic between network shares and network file servers to swiftly and efficiently detect evidence of a active ransomware outbreak. Instead of looking for the ransomware itself, RC looks for the purpose of ransomware, namely the illegitimate encryption process crippling your data.
RC is not installed on endpoints or any existing file servers. Our agentless solution is easily deployed within days and leverages Machine Learning to configure automatically. RC creates no network performance overhead and supports integration with existing security solutions to strengthen the overall defense.
Detects the Unknown
The criminals have development teams that constantly monitors when prevention-based security vendors update their solutions; this way they know when existing variants are at risk of being detected and its time to change technique. With RC, this is not a problem; it detects encryption outbreaks caused by known and unknown strains.
Utilize the Cloud
RC features a SharePoint Integrator and integrates seamlessly to Office 365 and other cloud solutions. RC is OS-agnostic to the device type accessing the cloud i.e. Mobile Phone, Tablet, MAC, IoT or Laptop and OS independent i.e. Windows, Android, IOS and Linux.
Cover all Entrypoints
Regardless of whether an attack starts on an endpoint, a mobile phone, an IOT device, via email, website drive-by-attack, USB cable, or was deployed by someone inside your organization, RC reacts immediately by isolating and containing the compromised device and user, instantly halting the encryption process.
Organizations that fall victim to ransomware typically have 4-7 prevention-based security tools in place. RC doesn’t replace those, it is complementary to them.
We don’t compete we complement
RC does not overlap existing security; in fact, it is a complementary solution to the security defenses you have in place today. The graph on the right shows the most common solutions used by RC customers today. While many of the EDR/AV/Next-Gen AV will protect you in some cases, they are mostly endpoint-focused and not failsafe. The increased number of ransomware attacks proves there is no silver bullet. Suppose they fail, or cybercriminals use an unrecognized attack vector; what do you have in place to stop encryption on file shares? If encryption begins, it matters less how the malware got in but how you stop it – and this is where you utilize RC.
Our customers use a wide range of different end point solutions the well-established global vendors, next gen technologies and the new ones. However, all have one thing in common they use RC as an extra layer, a Last Line of Defense.
Gain control without costly network requirements or performance overhead.
Live data activity help RC identify an outbreak rapidly
Organizations are often unaware of the enormous amount of file changes that occurs on their infrastructure. RC leverages machine learning to create a baseline of all file activity throughout your network, and continuously monitors file changes to detect ongoing illegitimate encryption within seconds.
Isolate and eliminate the threat within seconds
Illegitimate encryption is instantly detected, and RC will activate isolation and containment steps immediately. Steps can comprise of a forced shutdown of the compromised device, disabling the compromised user’s VPN, revoke cloud access, network access and AD access. Any illegitimate file encryption ceases in seconds, and your security team is alerted. Integration through RESTful API to other security solutions (such as SIEM, NAC and EDR) means your security teams can unify security management across all devices.
Keep your organization running with minimal impact
RCs data-recovery protocol has your organization up and running with minimal cost and downtime. After the threat has been mitigated, a comprehensive list of any files infected pre-isolation is generated, and they can easily be restored from your backup either manual or via integration. An advanced history log captures all attack details, offering your security team valuable and actionable insights to any effected files.
How impenetrable are your defenses?
Despite having the best prevention-based solutions that money can buy, an increasing number of organizations are falling victim to ransomware. Preventative solutions don’t stand a chance if just one user or device is compromised or a patch is missing. Today’s ransomware variants are capable of encrypting up to 10,000 files per minute per infected machine. It takes, on average, hours before an organization know that they are under attack; at this point, it’s often too late.
Ransomware’s financial and reputational impact is increasingly damaging and costly. Paying the ransom only incentivizes criminals to launch even more attacks and invest in new techniques used to breach your defenses. Understanding the total effectiveness of your current security posture is therefore crucial; these few questions can help you determine how well your current defenses can protect your data in the event of a ransomware outbreak.
Access your risk
Discover your hidden vulnerabilities.
Does your current security setup allow you to identify the user and device that initiated the outbreak (Patient Zero)?
Do you have the ability to immediately stop illegitimate encryption before significant damage occurs?
Do you have complete visibility over what files have been encrypted and their location?
Test your current defenses
Are you unable to answer the questions above? If so, you’re not alone. Few organizations are 100% aware of their hidden vulnerabilities.
To help organizations gain an overview of their current security profile and assist in the battle against ransomware criminals, we offer a non-binding Ransomware Assessment Test. The assessment is conducted by our Cyber Security Experts who test your current infrastructure resilience against a ransomware outbreak. There is no such thing as a silver bullet when it comes to cyber security however, an assessment will give a clear picture of how strong your defenses are and whether you need to consider an extra layer, a Last Line of Defense.
The assessment takes two hours.
Unify and Strengthen your Defense
Skyrocket the value of your Security Spend with a critical Last Line of Defense solution engineered to fully integrate with your existing security measures.
RC seamlessly integrates with Cisco ISE, Aruba, Splunk, IBM QRadar, ATP and other solutions typically within hours.
In the event illegitimate encryption is detected, RC immediately sends an alert and relevant information to integrated solutions.
All integration, communication and alert functions are fully operable whether you’re hosting in the cloud or have an MSP managing your IT solutions and infrastructure.
Hassle Free Reporting & Compliance
A ransomware oubtbreak can encrypt files on multiple shares and folders spread across your network, making mandatory reporting a formidable challenge. Compliance reporting such as GDPR, CCPA, HIIPA and PCI-DSS-regulated entities have the additional burden of filing a report often within a certain amout of time after the breach event1.
RC’s immediate response means that in the event of an outbreak very few files are likely to be compromised and require the filing of a minor incident report to document the incident. RC’s fully automated internal and external incident reporting ensures accuracy and compliance.
RC ensures compliancy by automatically:
1Art. 33 GDPR Section 1: In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority…”