LATEST INTELLIGENCE

CLOSE THE CASE ON RANSOMWARE

With an Open Network Detection & Response Platform , being hit by a ransomware attack doesn ’ t mean all is lost . Open NDR gives you full visibility into adversary activity on your network , allowing you to see what was breached or exfiltrated , and gives you the evidence to make critical decisions for how your business responds . Case in point : one of our customers , confronted with a $ 10 million ransomware demand for stolen data , quickly determined the data had no real value , allowing them to shrug off the attack and say “ no ” to the demand .

This guide offers practical guidance and realworld examples that describe how Open NDR can provide essential context around ransomware demands , as well as techniques analysts watch for and the capabilities they use against adversaries and help your organization close other critical cybersecurity cases .

CORELIGHT DEFENSIVE CAPABILITIES

Encrypted Traffic Collection

This Corelight collection helps analysts identify the early stages of a ransomware attack , and includes inferences and detections around SSL , SSH , and RDP traffic .

• Corelight alerts on SSH and RDP brute-forcing activity and flags known RDP clients such as Metasploit Scanner .

• The included x . 509 log shows certificate details for all TLS connections . The presence of self-signed or expired certificates can serve as an early warning indicator of malware infection that could lead to a ransomware attack . x

PRESENTED BY

Scan

QR code to download whitepaper here www . intelligentcxo . com

21