Products and Solutions

Introducing NetWitness Ransomware Defense Cloud Services

Aug 04, 2021 | by Arthur Fontaine |
blog post

It’s a terrifying thought: at any moment your organization’s digital infrastructure could be brought down by ransomware.  Some unknown cybercriminal, sitting in some cozy permissive environment anywhere in the world, can inflict immeasurable harm without any recourse.  Your world suddenly changes and normal operation is just a memory.

There’s a feeling of powerlessness involved, but you’re not without means to defend yourself.  Guidance such as Stop Ransomware recommendations from the US Cybersecurity & Infrastructure Security Agency (CISA) are a great starting point.  Current, offline backups are essential, as is a detailed response plan.  Other best practices include vulnerability scans and regular patching.

But now there’s more that you can do.

NetWitness Professional Services has a long history of helping customers prepare for, defend against, and respond to cyberattacks.  Our security experts continually battle with the dark forces working to profit from attacks, including ransomware, and have built a body of knowledge and specific assets to help you fight back.

Today at Black Hat 2021 we are announcing NetWitness Ransomware Defense Cloud Services, a subscription-based service to help protect against ransomware and prepare in case you are attacked.  This proactive approach to ransomware augments other strategies and adds peace of mind that you’ll be well-positioned in this scary new environment.

With NetWitness Ransomware Defense Cloud Services, your servers and client systems leverage NetWitness Endpoint, a specialized endpoint agent specifically designed to watch for anomalous behavior and quickly alert you before damage can be imposed.  Like any other advanced persistent threat (APT), ransomware must perform operations like reconnaissance, network traversal, and credential harvesting before it can detonate its nasty payload.  Having visibility into these activities is critical, and knowledge of the specific tactics, techniques, and procedures (TTPs) that ransomware campaigns use help protect you from damage.  The NetWitness Professional Services team manages the service on the back end, able to alert your security team when a known TTP is found.  Also included in the service is periodic threat hunting sessions that can help your analysts grow their skills.

Unlike a managed security service provider (MSSP) in that it doesn’t constantly monitor and hunt for threats, but it does look for specific indicators of compromise (IOCs) and behavioral signatures that signify a potential ransomware attack in progress.  This added level of protection helps give you confidence that you are doing meaningful things to defend yourself.

But there are always novel attacks such as supply chain events.  In the event of a ransomware attack, the data collected in the service can help response activities, and the ability to figure out how it happened and what the attackers achieved.  Optional NetWitness Incident Response services are available to help, and hit the ground running.

So while ransomware is inducing a lot of sleepless nights for IT and security professionals, there are ways to defend your critical infrastructure.  NetWitness Ransomware Defense Cloud Services is a great way to tilt the playing field back in your direction.

For more information or to request a demo, please contact us.