Ransomware continues to penetrate defenses and cause damage to organizations, despite the fact that detection approaches, algorithms for detonation in virtualized environment, machine learning based detection algorithms, etc. have been employed to detect ransomware.
Acalvio leverages a different approach to address ransomware and help companies build defensive techniques. They call it Deception 2.0. Deception-centric techniques come to us from nature (think venus fly traps and salamanders) but applying these techniques have had mixed success when applying them to security. That’s why Acalvio has built on top of Splunk Enterprise Security to bring us the next generation of Deception for detecting ransomware.
Deception-centric architecture deploys bread crumbs and honey traps on the end host and in the network. When ransomware infects the end host, it performs a set of discrete activities such as: encrypting the files on the infected host, deleting the shadow backup, etc. It may perform other malicious activity, such as creating a registry entry for persistence, drop a copy of itself, perform code injection, disable UAC, etc. Some families of ransomware move laterally to mapped and unmapped files shares, databases and encrypt the files in the mapped and unmapped drives. These malicious activities trigger the events on the honey traps. Once these events get generated, they are validated for the presence of ransomware. If the validation algorithm confirms that ransomware has infected the end host, then the infected endpoint is isolated from the network, limiting the damage caused by ransomware.
Please join us for a webinar on Tuesday, August 22, 10am PST to learn more about how Acalvio and Splunk help organizations to defend against Ransomware. We’ll cover the ShadowPlex-R ransomware solution, the Splunk Adaptive Response Initiative, and how we have partnered to deliver a unified, effective solution.