ExtraHop Enables Proactive Security to Stop Ransomware in its Tracks

Targeted New Behavioral Analytics Solution Delivers Real-Time Detection and Response for Ransomware, Enabling IT and Security Departments to Detect, Investigate, and Mitigate Ransomware Attacks in Minutes
March 1, 2016

SEATTLE, WA - March 1, 2016 – ExtraHop, the global leader in real-time wire data analytics for IT intelligence and business operations, today announced a targeted new solution to help organizations proactively detect and track malicious ransomware behavior in real time, identify and protect vulnerable resources before they can be compromised.

According to a report from Kaspersky Labs, in 2015 ransomware attacks doubled and ransomware programs were detected on over 750,000 computers of unique users. In the same time period, nearly 200,000 computers were targeted by encryption ransomware. For targeted organizations, the cost goes far beyond the ransom. Lack of access to critical files can effectively shut down business operations, affecting workflows, productivity, and the bottom line. In healthcare, lack of access to critical patient information can directly impact care.

The ExtraHop platform analyzes all data in flight—client, network, application, and infrastructure activity—providing unmatched visibility into all East-West and North-South traffic to deliver the richest source of real-time security insights.

The ExtraHop ransomware solution enables a positive and proactive security model, putting the power of pattern-based analysis and machine learning to work against malicious actors. ExtraHop now fills the gap left by security platforms that protect the perimeter, scan for attack signatures, or analyze log files – methods that have proven to be ineffective at early detection and remediation. ExtraHop customers are already successfully using the Ransomware Solution to identify and stop infections before sensitive corporate network file servers and storage systems can be impacted.

  • Quickly detect anomalous behavior that is typically associated with ransomware attacks such as lateral movement across systems or irregular storage read/write operations.
  • Prevent the spread of malicious agents through customized alerting designed to notify incident response teams within minutes of a ransomware infection and provide clear guidance on the incident.
  • Remediate the affected systems by forensically investigating the source of the attack down to the client machine and URI of the external malware host.

"Traditional security solutions focus on shoring up the perimeter, relying on signatures to identify threats," said Erik Giesa, SVP of Marketing at ExtraHop. "The incredible acceleration of ransomware attacks should serve as a wake-up call that this is not enough. IT needs to get proactive about understanding its infrastructure and dependencies, and watching not just North-South but also East-West traffic. With the barbarians already inside the walls the critical requirement today is comprehensive behavioral visibility and continuous surveillance to understand where they've gained access and what they are doing. Only then can an organization begin to take a more proactive and positive security stance."

To learn more about how ExtraHop is being used to defeat ransomware attacks, check out the case study: Leading Health Services Provider Thwarts Ransomware Attack with ExtraHop. Read the datasheet for more information on the ExtraHop ransomware bundle.

To experience the power of the ExtraHop platform for yourself, explore the ExtraHop interactive online demo.

About ExtraHop

ExtraHop makes real-time data-driven IT operations possible. By harnessing the power of wire data in real time, network, application, security, and business teams make faster, more accurate decisions that optimize performance and minimize risk. Hundreds of organizations, including Fortune 500 companies such as Sony, Lockheed Martin, Microsoft, Adobe, and Google, start with ExtraHop to discover, observe, analyze, and intelligently act on all data in flight on-premises and in the cloud. To experience the power of ExtraHop, explore our interactive online demo. Connect with us on Twitter, LinkedIn, and Facebook.

Press Contact
Rachel Pepple
ExtraHop Networks