Posted 6/16/2016 11:57:13 AM by RICHARD HARRIS, Executive Editor
Exabeam has released Exabeam Analytics for Ransomware, a new behavior-based security intelligence platform designed for early detection of ransomware across a corporate network. Exabeam can detect ransomware movement and activity in the network, the servers, workstations, BYOD devices, and cloud services.
Exabeam detects ransomware as it first enters the network and begins to spread. It uses both behavioral analysis and file analysis for:
- Detecting new (unknown) ransomware via machine-learning: With no signatures and no static correlation rules, Exabeam learns the normal file and document behaviors of an organization’s employees, and quickly finds the anomalies associated with ransomware infection.
- Detecting known ransomware via indicators of compromise: Known ransomware processes use certain file extensions and have known patterns or other indicators listed in threat intelligence feeds. The Exabeam Threat Research Team verifies these indicators and implements them in the product.
- Infrastructure-wide, hybrid-cloud ransomware protection: By looking at machine logs, Exabeam can detect ransomware operating on endpoints, in the datacenter or against cloud based storage services. For example, an employee might access corporate files on the cloud sharing service Box from home, using his personal device, and in the process, allow ransomware to begin encrypting the Box files. Other employees accessing the same corporate files enable the malware to infect their corporate workstations and begin moving across the corporate network. Exabeam can detect this activity end to end, and early enough to prevent disruption.
Exabeam Analytics for Ransomware can inter-operate with specific security technologies, such as endpoint protection products, to perform additional analytics. It is available as either a physical appliance or a virtual machine. Pricing is based on number of users.Read More http://www.exabeam.com/product/applications...