Customer Story

Health Services Provider Thwarts Ransomware Attack with RevealX

A leading health services provider

Download customer story

Rapidly isolated the source of malicious code in an ongoing ransomware attack

Created alerts on the file extension to rapidly detect and prevent future attacks

Schedule a Demo

The CHALLENGE

An employee reported performance issues on his client machine. Upon investigation, the IT department discovered these issues were symptoms of an ongoing ransomware attack.

Today's threat actors are taking advantage of vast attack surfaces that extend across every endpoint, from the branch office to the datacenter or the cloud, and too often they operate unnoticed. At ExtraHop we've spent years developing technology that can analyze the entire network in real time—every critical asset and every transaction—so that there are no blind spots.

Jesse Rothstein Co-Founder, ExtraHop

The Technology Environment

Vital network-attached storage (NAS) resources that malicious actors were attempting to access and encrypt as part of a ransomware attack.

WHY REVEALX

Why the Health Services Provider Chose RevealX

Real-time insight from the network to the machine

Using ExtraHop to monitor and analyze east-west traffic, the IT team was able to monitor the client machine and watch, in real-time, each file that the ransomware was reading before quickly isolating impacted assets and stopping the attack from progressing.

The organization was already using RevealX for network performance monitoring

The Outcome

Stopping Ransomware in Its Tracks

Smarter investigations uncover root cause

Using the look-back functionality in the ExtraHop Discover appliance, the security team was able to investigate the employee's activity on his machine, determining that the ransomware came not from a PDF or executable file the user had intentionally downloaded, but from a URI on which the employee had clicked.

Security inside the perimeter

Real-time insight into east-west traffic empowers IT and security to detect and track anomalous behavior—like unusual NAS activity—through the entire application delivery chain so they can stop potential breaches in their tracks.

Proactive quarantine and alerting

Using the ExtraHop ransomware bundle, the organization's information security team identified that the malicious file had an unexpected extension and searched for it across the entire infrastructure. This allowed them to quickly identify and isolate compromised systems, as well as create alerts for instances of that file extension moving forward.

All customer stories

Keep exploring

Is RevealX right for you?

Schedule a demo Contact us

Products

What will your story be?

Security

Network Detection & Response (NDR)

RevealX NDR

Use the power of network visibility and AI for real-time detection, rapid investigation, and intelligent response for any threat.

Product overview

View capabilities

Performance

Network Performance Monitoring (NPM)

RevealX NPM

Use network data and machine learning to identify network and application performance issues and expedite time to response.

Product overview

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Health Services Provider Thwarts Ransomware Attack with RevealX

A leading health services provider

Download customer story

Rapidly isolated the source of malicious code in an ongoing ransomware attack

Created alerts on the file extension to rapidly detect and prevent future attacks

An employee reported performance issues on his client machine. Upon investigation, the IT department discovered these issues were symptoms of an ongoing ransomware attack.

The Technology Environment

Why the Health Services Provider Chose RevealX

Real-time insight from the network to the machine

Using ExtraHop to monitor and analyze east-west traffic, the IT team was able to monitor the client machine and watch, in real-time, each file that the ransomware was reading before quickly isolating impacted assets and stopping the attack from progressing.

The organization was already using RevealX for network performance monitoring

Stopping Ransomware in Its Tracks

Smarter investigations uncover root cause

Security inside the perimeter

Real-time insight into east-west traffic empowers IT and security to detect and track anomalous behavior—like unusual NAS activity—through the entire application delivery chain so they can stop potential breaches in their tracks.

Proactive quarantine and alerting

All customer stories

Keep exploring

Is RevealX right for you?

What will your story be?

Security

Network Detection & Response (NDR)

RevealX NDR

View capabilities

Performance

Network Performance Monitoring (NPM)

RevealX NPM

View capabilities

An employee reported performance issues on his client machine. Upon investigation, the IT department discovered these issues were symptoms of an ongoing ransomware attack.

The Technology Environment

Why the Health Services Provider Chose RevealX

Real-time insight from the network to the machine

Using ExtraHop to monitor and analyze east-west traffic, the IT team was able to monitor the client machine and watch, in real-time, each file that the ransomware was reading before quickly isolating impacted assets and stopping the attack from progressing.

The organization was already using RevealX for network performance monitoring

Stopping Ransomware in Its Tracks

Smarter investigations uncover root cause

Security inside the perimeter

Real-time insight into east-west traffic empowers IT and security to detect and track anomalous behavior—like unusual NAS activity—through the entire application delivery chain so they can stop potential breaches in their tracks.

Proactive quarantine and alerting

All customer stories

Keep exploring

Is RevealX right for you?

What will your story be?

Security

Network Detection & Response (NDR)

RevealX NDR

View capabilities

Performance

Network Performance Monitoring (NPM)

RevealX NPM

View capabilities