Exabeam Adds Ransomware Detection Capabilities to its Security Intelligence Platform
New Application Uses Behavioral Analytics to Detect Ransomware as it Enters Corporate Networks
June 13, 2016
GARTNER Security & Risk Management Summit 2016 (Booth #544), National Harbor, MD – June 13, 2016 – Exabeam, the leader in user and entity behavior analytics (UEBA) for security, today announced Exabeam Analytics for Ransomware, a new application designed for early detection of ransomware, one of the most pressing security threats in 2016. With this new application, Exabeam can provide significant early detection across the corporate network, in the absence of third party security controls. Unlike other security products, Exabeam can detect ransomware movement and activity in the network, the servers, workstations, BYOD devices, and cloud services.
In April of this year, the DHS released a report indicating that the National Cybersecurity and Communications Integration Center (NCCIC) had received 321 reports of ransomware-related activity affecting 29 different federal agencies since June 2015. In the same month, HIMSS Analytics released survey results indicating that half of the U.S. hospitals surveyed had been hit by ransomware. Another 25% indicated that they had no way of knowing if ransomware had penetrated their networks.
“Ask any CISO about their biggest challenge today, and ransomware will almost certainly be the response,” said Nir Polak, CEO of Exabeam. “It’s bypassing security tools and overwhelming already-overburdened security analysts. Exabeam Analytics for Ransomware addresses both detection and response, bringing relief to stressed security departments. As the Internet of Things grows, the ability to monitor entity (i.e. machine) behavior becomes critical to IT security and this is our newest entry in that market.”
Ransomware can significantly disrupt business operations by threatening data access and integrity. However, this threat is usually detected too late to stop its effects. Because ransomware changes often and spreads quickly, many legacy detection techniques are ineffective, and result in temporary – and potentially permanent — data loss. Exabeam uses cutting-edge techniques to detect ransomware as it first enters the network and begins to spread. These techniques include both behavioral analysis and file analysis:
• Detecting new (i.e. unknown) ransomware via machine-learning. With no signatures and no static correlation rules, Exabeam learns the normal file and document behaviors of an organization’s employees, and quickly finds the anomalies associated with ransomware infection.
• Detecting known ransomware via indicators of compromise. Known ransomware processes use certain file extensions and have known patterns or other indicators listed in threat intelligence feeds. The Exabeam Threat Research Team verifies these indicators and implements them in the product.
• Infrastructure-wide, hybrid-cloud ransomware protection. By looking at machine logs, Exabeam can detect ransomware operating on endpoints, in the datacenter or against cloud based storage services. For example, an employee might access corporate files on the cloud sharing service Box from home, using his personal device, and in the process, allow ransomware to begin encrypting the Box files. Other employees accessing the same corporate files enable the malware to infect their corporate workstations and begin moving across the corporate network. Only Exabeam can detect this activity end to end, and early enough to prevent disruption.
Exabeam Analytics for Ransomware can inter-operate with specific security technologies, such as endpoint protection products, to perform additional analytics.
Exabeam Analytics for Ransomware is available as either a physical appliance or a virtual machine. It can be deployed in hours and delivers true security insight quickly. Existing customers can upgrade their systems to gain these new capabilities. Pricing is based on number of users. For more information, go to: http://www.exabeam.com/product/applications
Exabeam will be demonstrating Exabeam Analytics for Ransomware at the Gartner Security & Risk Management Summit this week in National Harbor, Maryland. Visit Booth #544 for a demo.