Active Defense for Ransomware Protection
Ransomware continues to plague business of all sizes and industries. Regular backups and standard preventive controls are clearly insufficient, as the attacks have become more sophisticated and have added data exfiltration and extortion threats.
“It’s a big problem that is getting bigger, and the data indicates a lack of protection from this type of malware in organizations, but that can be stopped. “
Verizon DBIR 2020 on Ransomware
AI-Driven Advanced Deception Technology
Acalvio ShadowPlex uses AI-Driven Advanced Deception Technology to deliver effective Active Defense to combat Ransomware. It includes three attributes that provide precise, rapid Ransomware detection and mitigation.
First, ShadowPlex provides detection at every phase of the Ransomware kill chain:
The pre-defined ShadowPlex Ransomware playbook determines the correct mix of decoys, breadcrumbs and baits to act as tripwires for each stage of the kill chain. Both known and unknown (zero-day) attacks are effectively detected with this approach.
Second, the solution uses the advantages inherent in ShadowPlex to create an operationally viable and credible defense:
Automates the deployment and updates of deception artifacts
Deception Farm and Fluid Deception
Resource efficient, high scale pooling of deception assets
Easy to deploy; low risk to production systems
Third, ShadowPlex integrates with EDR and SOAR solutions for automated mitigation:
Stops lateral movement propagation
Stops encryption, backup deletion, and C&C communication
Custom mitigation and response
As Ransomware gets more and more sophisticated, Security teams need to consider more flexible strategies that are immune to defeat by these advances in attacker techniques and tactics. ShadowPlex was built from the ground up as a next-generation Active Defense platform for breach detection. Combining Ransomware-specific playbooks and kill-chain tripwires with broad mitigation options, ShadowPlex is a gamechanger.