A new endpoint data protection platform from Cigent Technology refocuses ransomware prevention onto protecting customer data from both encryption and exfiltration.
With no loss of data, criminal extortion is prevented.
The common approach today is to use endpoint detection and response to detect an intrusion, such as ransomware, and allow defenders to respond.
One primary problem is the speed with which ransomware operates, leaving little time for response after detection but before encryption.
Its basic approach is to protect the data to prevent encryption.
Before any ransomware compromise occurs, the data is already safe.
The two primary components to the solution are to encrypt company data at all times, and to decrypt only when the file is required for use.
Decryption is automatic when the user needs access, but this access can only be invoked with zero-trust style MFA authentication.
Without access to the file, its data can neither be exfiltrated nor encrypted by the attacker.
To minimize operational disruption, the customer has flexibility in specifying which files are to be encrypted, and what MFA will be used.
The system can be set to protect individual files, to protect by extension, by folder, or by 'hidden' drives.
The MFA flexibly integrates with all major authentication providers, such as Windows Hello and Okta.
Chief Growth Officer Brett Hansen told SecurityWeek that he personally uses a PIN that allows him to have a maximum of 10 files open at any time.
The platform also integrates with existing EDR products.
This could detect the presence of an intruder prior to any attempt to open and steal or encrypt the data - but the data would remain safe regardless.
The platform also includes its own AI-based behavioral anomaly detection capabilities.
For example, if a remote worker is physically compromised and hands over his or her MFA token, the platform will detect and respond to any sudden change in the number of files that user commonly attempts to open.
The image is of military personnel carrying remote ruggedized devices.
Critical industries have more to worry about than ransomware - the potentially more problematic danger of the wiper variant.
For now, Cigent's defense is limited to Windows devices.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 29 May 2024 12:43:05 +0000