If You Prevent Ransomware You Don’t Need to Recover from It
October 1, 2021 |
2 minute read
I started Cybereason to help defenders protect their networks and data against attacks—to use what I know about how cybercriminals think and how adversaries work to give defenders an advantage against all threats. Right now, one of the most pervasive threats is ransomware, and I am proud to say that we remain undefeated against ransomware attacks.
Of course, we are not the only cybersecurity vendor that claims to address the threat of ransomware. Many companies offer ransomware protection of some sort, but it’s important to know that not all ransomware solutions are created equal and make sure you understand what you’re getting exactly.
I like to share examples and stories to illustrate the point. Think of ransomware as a house fire. When is the best time to protect a house against a fire? Is it reacting after the fact to rebuild the house once it has burned down, or responding quickly while the house is burning to minimize the damage? Or, is it preventing the fire from starting in the first place?
There are cybersecurity vendors out there who fit into all of these scenarios. Some claim to protect against ransomware, but their solutions are actually fairly ineffective when it comes to proactively identifying and preventing a ransomware attack. The reality is that many vendors don’t actually “prevent” ransomware, they simply claim to be able to “rollback” the ransomware attack after the fact—essentially “rebuilding the house” after it has burned down.
There are other cybersecurity vendors who also claim to defend against ransomware attacks, but really just offer quicker recognition that the attack has already occurred, and they provide the remediation help to contain and respond after the attack in an effort to minimize the damage. Again, this isn’t actually prevention. It is better than reacting after the damage is done, but it is the equivalent of not knowing about the fire until after it has already started, and offering a service to send people to help put the fire out before the house is completely destroyed.
Then there is prevention— as in actually preventing the ransomware attack from being successful rather than simply finding ways to react or respond quicker. Cybereason takes an operation-centric approach to security—providing visibility and context across your entire environment. We analyze Indicators of Behavior (IoBs) to proactively identify threats as they emerge rather than relying on retrospective Indicators of Compromise (IoCs) that only let you address something that has already occurred.
The net result is that Cybereason actually prevents ransomware. Every time. Our ransomware protection is like having the devices and sensors in place to recognize the conditions that might allow a fire to start, and proactively taking action to ensure the fire doesn’t happen in the first place.
You have a choice between defending against ransomware to prevent it from happening, or reacting more quickly to limit the damage. Which sounds better to you? Being able to recover is better than nothing. But, it is better to stop a fire before it starts, and it is better to prevent a ransomware attack than recover from it.
About the Author
Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.