Your Last Line of Defense against ransomware

We see too many organizations fall victim to ransomware despite deploying endpoint protection. Why? It’s not the endpoints that are interesting for the cybercriminals; it’s the file shares. Stop illegitimate encryption and file corruption of your critical data with RC. An agentless and proven containment system that monitors file- and cloud shares and isolates compromised users causing encryption.

Secure your organization, reputation and bottom
line when other security solutions fail.

Let’s face facts: Even the most well-protected organizations fall victim to ransomware.

Malicious attackers are constantly innovating new and novel methods to defeat traditional, prevention-based detection methods. Our unique, agentless, multi-layered detection system detects and isolates ongoing illegitimate encryption and file corruption via a three-tiered action sequence. RC is engineered to:

MONITOR & DETECT

Monitors data activity on file shares in real time

Instantly detects ongoing illegitimate encryption

ISOLATE & QUARANTINE

Identifies and isolates the user and client initiating the encryption

Deploys built-in scripts to isolate the affected user and stop the file encryption

RECOVER & REPORT

Quickly identifies any encrypted files that can be restored from the backup

Automates any necessary incident reporting

There were over 200 million ransomware attacks in the last half-year of 2020. That’s nearly 25 attacks per second. The COVID-19 pandemic has caused a surge in cybercrime. While organizations are moving workers outside of the corporate-grade firewall, more and more cybercrime groups want a piece of the pie. Experts agree that it is no longer a question of if, but when you get hit.

Ransomware is evolving. So must your security response.

New strains of ransomware can disable endpoint protection, AV, firewalls, and even backup solutions before encryption starts. What do you do if your perimeter and endpoint protection is breached? RC focus to protect your data storages; not your endpoints. You already have protection in place on your computers and endpoints, but what do you have to stop ongoing illegitimate encryption on file shares?

RC is the answer. It detects and responds the very second illegitimate encryption and file corruption begins on file shares, providing your IT team a critical Last Line of Defense.

RC FEATURES

A Different Approach

RC leverages heuristic analysis and file metadata to monitor traffic between endpoints and file shares(on-premise or cloud) to swiftly and efficiently detect evidence of an active ransomware breach. Instead of searching for ransomware, RC detects and responds to ransomware’s malicious intent: illegitimate file encryption.

Agentless Solution

RC is not installed on endpoints or any existing file servers. Our agentless solution is easily deployed within days and leverages Machine Learning to configure automatically. RC creates no network performance overhead and supports integration with existing security solutions to strengthen the overall defense.

Detects the Unknown

Cybercriminal development teams constantly monitor prevention-based security vendors for software updates; they know when existing variants are at risk of being detected and when to change their methods. RC circumvents this problem by detecting encryption caused by known and unknown ransomware variants.

Utilize the Cloud

RC works seamlessly with Office 365, Sharepoint and Google Drive. RC is OS-agnostic to the device type accessing the cloud, including mobile devices, tablets, MAC, IoT, and laptops, and also for OS independent environments, such as Windows, Android, IOS and Linux.

Cover all Entrypoints

Regardless of whether an attack starts on an endpoint, a mobile phone, an IOT device, via email, website drive-by-attack, USB cable, or was deployed by someone inside your organization, RC reacts immediately when said device or user causes encryption on file shares either on-premise or in the cloud. RC responds by isolating and containing the compromised device and user, instantly halting the encryption process.

Complementary

Organizations that fall victim to ransomware typically have between 4-7 prevention-based security tools in place. RC is not a replacement, but a complementary last line of defense security layer.

We don’t compete. We complement.

RC is not a replacement for your current security solution; rather, it complements the security defenses you have in place today. The graph on the right shows the most common solutions used by our RC customers. While many of the EDR/AV/Next-Gen AV products will protect you under most attack scenarious, they are largely endpoint-focused and therefore, not 100% failsafe.

The increasing number of successful ransomware attacks prove there is no perfect solution. Truth is, preventative-only solutions sometimes fail, and once illegal encryption begins, the source of the malware matters not; swift action to stop the attack before significant damage can occur is your #1 priority. And here is where RC steps in.

Split of AV Vendors used by Customers

Our customers utilize a wide range of different end point solutions, ranging from well-established global vendors, next gen technologies and emerging solutions. All have one thing in common: they rely on RC as their Last Line of Defense.  

Watch the video to see how RC responds to a compromised user encrypting data on a file share

Watch the video to see how rapidly the RC SharePoint Integrator reacts to encryption happening

Watch the video to see how a safe-looking lightning cable can release a ransomware outbreak

Gain control without costly network requirements or performance overhead.

Here’s how.

DETECT

RC’s live data activity monitoring instantly detects ongoing encryption on file shares

Organizations are often unaware of the enormous amount of file changes that occurs on their file shares. RC listens into existing network notifications to analyse all file changes (created, modified, renamed and deleted) to detect ongoing illegitimate encryption within seconds.

RESPOND

Isolate and eliminate in seconds

The moment illegitimate encryption detected on file shares (not the individual device), RC activates an isolation and containment protocol. Actions can include the forced shutdown of the compromised device, disabling the compromised user’s VPN, and revoking cloud access, network access and AD access. Illegitimate file encryption ceases in seconds, and your security team is instantly alerted. Integration through RESTful API to other security solutions (such as SIEM, NAC and EDR) enables your security teams to unify security management across all devices.

RECOVER

Keep your organization running with minimal impact

RCs data-recovery protocol has your organization up and running with minimal cost and downtime. After the threat has been mitigated, a comprehensive list of any files infected pre-isolation is generated, and can easily be restored from your backup either manually or via integration. An advanced history log captures all attack details, offering your security team valuable and actionable insights over any affected files.

How impenetrable are your defenses?

Despite having the best prevention-based solutions that money can buy, an increasing number of organizations are falling victim to ransomware. Preventative solutions don’t stand a chance if even one user or device is compromised, or a patch is missing. Today’s ransomware variants are capable of encrypting up to 10,000 files per minute per infected machineIt takes, on average, hours before an organization realizes they are under attack; at this point, stopping the breach is next to impossible.

Ransomware’s financial and reputational impact is increasingly damaging and costly. Paying the ransom only incentivizes criminals to launch even more attacks and develop new methods to breach your defenses. Understanding the total effectiveness of your current security posture is therefore crucial; these few questions can help determine how well your current defenses can protect your data in the event of a ransomware breach.

Assess your risk

Discover your hidden vulnerabilities.

Does your current security setup allow you to identify the user and device that initiated the outbreak (Patient Zero)?

Do you have the ability to immediately stop illegitimate encryption before significant damage occurs?

Do you have complete visibility over what files have been encrypted and their location?

Test your current defenses 

Are you unable to answer the questions above? If so, you’re not alone. Few organizations are 100% aware of their hidden vulnerabilities.

To help organizations gain an overview of their current security profile and assist in the battle against ransomware criminals, we offer a non-binding Ransomware Assessment Test. The assessment is conducted by our cybersecurity experts who test your current infrastructure resilience against a ransomware outbreak.

The two-hour assessment will give you a clear overview of  your current defense posture and demonstrate how RC’s Last Line of Defense solution provides an additonal, and crucial, layer of security.

Unify and Strengthen your Defense

Skyrocket the value of your Security Spend with a critical Last Line of Defense solution engineered to fully integrate with your existing security measures.

RC seamlessly integrates with Cisco ISE, Aruba, Splunk, IBM QRadar, ATP and other solutions typically within hours.

In the event illegitimate encryption is detected, RC immediately sends an alert and relevant information to integrated solutions.

All integration, communication and alert functions are fully operable whether you’re hosting in the cloud or have an MSP managing your IT solutions and infrastructure.

The Lowdown on Downtime

A successful ransomware outbreak can wreak serious and long lasting damage on an organization’s reputation and bottom line. Aside from the immediate costs and expenses related to downtime, ransomware can undermine relationships with suppliers, partners, customers and institutions your business depends upon.

Forward-thinking technology leaders understand that building a security profile that effectively mitigates risk and can respond to potential breaches requires a firm understanding of the costs related to downtime.

What Does Your Organization Have to Lose?

Choose a currency and calculate your risk

Hassle Free Reporting & Compliance

A ransomware breach can encrypt files on multiple shares and folders across your network, making mandatory reporting a formidable challenge. Compliance reporting such as GDPR, CCPA, HIIPA and PCI-DSS-regulated entities often carry the additional burden of having to file a report within a certain timeframe following a breach event1.

RC’s immediate response means that in the event of a breach very few files are likely to be compromised and require the filing of a minor incident report to document the incident. RC’s fully automated internal and external incident reporting ensures accuracy and compliance.

 

RC ensures compliancy by automatically:

Recording the exact time of the attack (beginning to end)

Identify the compromised user and device

Listing all affected files and their owner

Detailing how and when the breach was stopped

Generating an incident report to key stakeholders

Generating an incident report for sharing with Data Protection Authorities

1Art. 33 GDPR Section 1: In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority…”

Complete Your Security Profile

Discover how RC’s Last Line of Defense solution
stops ransomware dead in its tracks.