Intelligent CISO Issue 76 | Page 15

LATEST intelligence

RANSOMWARE DETECTION

THE CASE FOR OPEN NDR

Close the case on ransomware
With an Open Network Detection & Response Platform , being hit by a ransomware attack doesn ’ t mean all is lost . Open NDR gives you full visibility into adversary activity on your network , allowing you to see what was breached or exfiltrated , and gives you the evidence to make critical decisions for how your business responds . Case in point : one of our customers , confronted with a $ 10 million ransomware demand for stolen data , quickly determined the data had no real value , allowing them to shrug off the attack and say “ no ” to the demand .
This guide offers practical guidance and realworld examples that describe how Open NDR can provide essential context around ransomware demands , as well as techniques analysts watch for and the capabilities they use against adversaries and help your organization close other critical cybersecurity cases .
Brute force
Relentless trial and error to gain access .
Self-signed or expired certificates
Creating self-signed SSL / TLS certificates used during targeting .
ICS / OT attacks
Various techniques , tools , and malware used to achieve intended effects on ICS / OT systems .
Corelight defensive capabilities
Encrypted Traffic Collection
This Corelight collection helps analysts identify the early stages of a ransomware attack , and includes inferences and detections around SSL , SSH , and RDP traffic .
Ransomware detection with Open NDR
Download whitepaper at :
Early stage
Adversary techniques
Reconnaissance PRESENTED BY
Active scanning and gathering of information about the victim network .
WWW . INTELLIGENTCISO . COM 15