Carbon Black & VMware Announce Expanded Partnership to Secure the Software-Defined Data Center (SDDC) Learn more

Stop Ransomware Before It Starts with Cb Defense

Ransomware on the Rise
benweb
October 3, 2016 / Ben Johnson

Even the most educated end users, well versed in security best practices such as never clicking on email attachments, can become victims of drive-bys and other sophisticated exploit kits that can deliver ransomware.

Traditional, signature-based antivirus can sometimes protect an organization’s endpoints from existing, known malware. However, there are new variants of ransomware, such as Locky, as well as advanced attacks that leverage
PowerShell, scripts, macros, remote shell attacks and memory-based attacks that AV simply cannot stop. These attacks now make up more than 50 percent of the attacks targeting enterprise organizations. The first step every organization can take is to stop relying on AV solutions to defend their endpoints, servers and critical systems.

Cb Defense is the most powerful next-generation antivirus solution available today. Using a combination of endpoint and cloud-based technologies, Cb Defense stops more attacks, sees more threats, and closes more security gaps, using deep analytics to inspect files and identify malicious behavior. This comprehensive approach blocks traditional malware as well as increasingly common malware-less attacks that exploit memory and scripting languages such as PowerShell.

Cb Defense stops ransomware attacks including the Locky variant more effectively and efficiently than any other solution available. And it does so at multiple points in the infection workflow for layered defense.

First, Cb Defense checks the reputation of all executables and binaries downloaded to an endpoint against the Cb Collective Defense Cloud. The Cb Collective Defense Cloud contains reputation scores on more than 8 billion files, adding approximately 200,000 per day, while also leveraging threat intelligence from more than 20 threat partners to determine good software and binaries from malicious.

If the XYZ.exe is a zero-day and has no reputation score on file, Cb Defense would block the execution of the malicious binary based on behavior. In this example, Cb Defense would recognize the attempt on behalf of the executable to inject code into legitimate running processes or the creation of new child processes from packed memory buffers. Cb Defense is able to detect this infection workflow in part because of its focus on patterns of attack versus simply indicators of compromise. Additionally, in this scenario, Cb Defense would also block the attempt of the executable to ‘phone home’ to the C+C server.

carbon_black_cb_defense_stop_ransomware_before_it_startsOnce ransomware is blocked, Cb Defense provides full visibility into how the attack happened. By capturing and analyzing behavior in advance, Cb Defense pinpoints the exploit. Armed with this insight from Cb Defense, IT and SecOps teams can proactively patch the vulnerabilities exploited by the exploit kit. Cb Defense also provides a suite of remediation tools to quarantine machines, blacklist software, and remove unwanted items.

Cb Defense uses a lightweight sensor that installs in less than a minute and consumes less than one percent of the CPU, disk, and network. Once installed, Cb Defense can be completely managed from the cloud through an easy-to-use web-based interface.

Cb Defense is a core component of the Cb Endpoint Security Platform which also includes Cb Response and Cb Protection. The Cb Endpoint Security Platform helps organizations of all sizes replace ineffective antivirus, lock down endpoints and critical systems, and arm incident response teams with the most advanced tools to hunt down threats.

Cb Protection provides the most proven application control solution for enterprise endpoints and critical systems. With Cb Protection, IT, compliance, infrastructure, and security teams establish automated software execution controls and protection policies that safeguard corporate and customer data.

Cb Response is the most precise IR and threat hunting solution, allowing you to get the answers you need faster than any other tool. Only Cb Response continuously records and captures all threat activity so you can hunt threats in real time, visualize the complete attack kill chain, and then respond and remediate attacks, quickly.

____________________

Ransomware on the Rise eBook by Carbon Black

Looking for more info on ransomware? Click here to download the free eBook.

TAGS: Carbon Black / Cb Defense / ransomware

Related Posts