LATEST INTELLIGENCE

With an Open Network Detection & Response Platform , being hit by a ransomware attack doesn ' t mean all is lost . Open NDR gives you full visibility into adversary activity on your network , allowing you to see what was breached or exfiltrated , and gives you the evidence to make critical decisions for how your business responds . Case in point : one of our customers , confronted with a $ 10 million ransomware demand for stolen data , quickly determined the data had no real value , allowing them to shrug off the attack and say “ no ” to the demand .

This guide offers practical guidance and real-world examples that describe how Open NDR can provide essential context around ransomware demands , as well as techniques analysts watch for and the capabilities they use against adversaries and help your organization close other critical cybersecurity cases .

Ransomware detection with open NDR – early stage

Adversary techniques

Reconnaissance

Active scanning and gathering of information about the victim network .

Brute force

Relentless trial and error to gain access .

Self-signed or expired certificates

Creating self-signed SSL / TLS certificates used during targeting .

ICS / OT attacks

Various techniques , tools , and malware used to achieve intended effects on ICS / OT systems .

Corelight defensive capabilities Encrypted traffic collection

This Corelight collection helps analysts identify the early stages of a ransomware attack , and includes inferences and detections around SSL , SSH , and RDP traffic .

• Corelight alerts on SSH and RDP brute-forcing activity and flags known RDP clients such as Metasploit Scanner .

• The included x . 509 log shows certificate details for all TLS connections . The presence of self-signed or expired certificates can serve as an early warning indicator of malware infection that could lead to a ransomware attack . p

PRESENTED BY

www . intelligentcio . com INTELLIGENTCIO APAC 19