Why XDR is the only defense against Enterprise Ransomware
In late 2021, Helpnet Security analysts published a report on ransomware attacks – and its content is worrying to say the least. It may sound funny because ransomware has been keeping security professionals awake at night for at least 3 years, however … Let’s look at the numbers: in the third quarter of 2021 alone, security analysts detected 190.4 million ransomware attempts – almost as many attacks as 195, 7 million ransomware infections that appeared in the media in the first three quarters of 2020. by the end of the year, representing a 134% increase year on year.
A 2021 cost data breach study found that the average cost of a ransomware infection rose to $ 4.62 million. The price was more than the $ 4.24 million the organizations paid after the data breach. It included the cost of escalation, notification, lost transactions and responses, but not the cost of paying the ransom.
The Cybereason company we describe added some interesting points to their Ransomware: The True Cost to Business report:
- Two-thirds of organizations suffered significant loss of revenue as a result of the ransomware attack
- More than half (53%) of organizations have suffered brand and reputation damage after ransomware infection
- About three out of 10 ransomware victims said they lost C-Level talent and laid off some employees as a direct result of a successful ransomware attack
- A quarter of organizations said that they experienced disruptions in operation after the ransomware attack
The key is to change the way you think…
Above all, organizations need to realize that the very nature of today’s complex, highly targeted ransomware attacks (RansomOps) makes traditional prevention methods largely ineffective. RansomOps is a different level of threat compared to the usual ransomware attacks of the past, which used spray & pray tactics to target individual victims for small ransom demands, and most of all used phishing attacks to “trick” the target into clicking a malicious link or opening a contaminated one document as the main vector of infection.
RansomOps campaigns are low-speed and slow-acting attacks, more akin to APT operations, in which malicious actors first gain access to as much of the target network as possible before detonating the ransomware payload for maximum effect and the possibility of paying a multi-million ransom.
… and catching the melody of the attack in the noise of events…
In large companies, the scale of events is tens of thousands of system events and hundreds of gigabytes of raw logs for processing. These data must be prioritized, sorted, correlated and conclusions drawn from them. No wonder that the playbook-based combination of SIEM + SOAR has long ceased to suffice. Currently, the organizations most vulnerable to attacks are using XDR solutions based on artificial intelligence. They can analyze large sets of telemetry data with high accuracy to identify the most subtle Indicators of Behavior (IOB) on a scale that manual analysis can never achieve. The advantage here is the automation of detecting events that usually require human analysis and relieving the security teams from the inefficient task of sorting signal from noise in the network.
Artificial Intelligence increases the efficiency of each member of the security team and strengthens the effectiveness of the entire security stack. Finding one element of an attack from a single alert lets defenders know that further investigation is needed. Even so, even the most skilled analysts cannot quickly and efficiently search through all available real-time telemetry data for significant rates of root cause attack.
… and Cybereason gained our trust because …
The most popular companies – such as Crowdstrike and SentinelOne, cannot provide effective behavioral analysis about RansomOps attacks because their platforms cannot analyze large-scale events and are forced to filter critical telemetry. They try to promote this as an intended feature, calling it smart filtering, but eliminating the critical telemetry required to detect and contain an attack at the earliest stages undermines the ability to truly automate detection and response to complex attacks.
Organizations harnessing the power of the AI-powered Cybereason XDR that connects:
- Industry-leading MalOp ™ Detection Engine – Analyzes over 23 trillion security events per week
- Google Cloud analytical engine – Chronicle – which acquires and normalizes petabytes of telemetry data from around the world
… Are able to secure the entire IT environment. Why?
The combination of Cybereason and Google’s capabilities means absolutely no telemetry is filtered, allowing AI / ML predictive analytics to identify RanomOps attack activity earlier and fix the threat faster.
Remember – early detection requires analyzing every available telemetry. That is why it is worth choosing a solution that provides such possibility. For your and your team’s sake.