Our goal as a company is to get our customers to zero... zero breaches, zero threats, zero vulnerabilities, zero inadequate cybersecurity controls. We’ve committed to achieve this by continually investing to outpace the adversary across our technology, people and processes. Today, I’m excited to share insights about one of our highest priority investments: advanced ransomware protection.
The Ongoing Threat of Ransomware
You don’t need to look far for evidence of this problem; ransomware (and the business disruption associated with it) is a top concern for IT leaders. My colleagues have spoken previously about the evolution of both the technology and tactics surrounding ransomware as well as measures you can take to combat this growing threat. In this post, I will describe the project, including the measures our threat hunters, data scientists, and security engineers are taking in order to solve this problem. I’ll elaborate on the reasons we are ‘betting big’ on this solution. And, I’ll share how we’re leveraging these investments to help our customers drive their ransomware risks toward zero.
Priority Initiatives
We’re making exciting investments across many facets of our service, including these three we believe will deliver the most impact for our customers in the coming months:
- Expanded Coverage for Cloud and Network Attack Vectors
We’ve long touted the necessity of gathering telemetry across the entire environment. This wealth of data has enabled new detections and response capabilities for network and cloud detections specifically. We have also created new anomaly detection models that improve the precision and efficiency of our threat hunting; while this is important for us as a service provider, it’s even more important for our customers, who benefit from faster detections and response, especially for unknown threats. This is how most ransomware attacks start: through account takeover, phishing and misconfiguration exploits; so expanding our detection coverage to address these vectors drives down ransomware risk. - Self-Service Security Maturity
We’re constantly looking for new opportunities to help our customers stay ahead of increasingly sophisticated attacks that we’re seeing target SMB organizations. To that end, we’re also continuing to expand our maturity model functionality, which we now deliver through an interactive web portal. The maturity model helps our customers shift into a more proactive security posture while automating tedious compliance tasks. The portal, which serves as a vehicle for our detailed and prescriptive reporting, as well as self-directed evidence repository for customers, helps our customers reduce their attack surface further by removing and remediating vulnerabilities. Exceptional hygiene still plays a role in preventing ransomware - CSO magazine notes that 60 percent of breaches in 2019 involved vulnerabilities for which a patch was available but not applied. Following recovery of key systems after a ransomware attack, many organizations begin hardening their systems with these types of controls. You shouldn’t wait until after an attack before you begin hardening your defenses. Our portal makes it easier for our customers to proactively drive down their risks. - A New Prevention Standard
Unfortunately, proactive hardening isn’t always sufficient to stop advanced attacks, so we’re complementing that with our newest investment initiative: Creating a new standard for ransomware and data extortion attack prevention. We’re training our machine learning models on ransomware specifically, to yield detections that extend beyond what our security engineers could think to look for, and do so faster than our threat hunters could achieve without AI-augmentation. As our Threat Research division ramps up, and as more organizations engage us to help them with ransomware, we gain more data about attacks that enables us to continually raise our own prevention standard.
Collectively, we call these initiatives our Zero Ransomware Initiative because our goal is for customers to lose zero minutes of sleep over the thought of the paralyzing disruption of a ransomware attack. We aim to eliminate cybersecurity anxiety with an application of purpose-built technology and focused human analysis.
How We Will Get There
Our approach delivers an unprecedented detection and response capability for ransomware to SMB and Mid-Market organizations. And we’re deploying new capabilities to ensure we deliver, including anomaly-detection based ransomware detections that adapt with dynamic attack techniques to remain effective, as described above. Beyond the aforementioned cloud and network detections, the endpoint remains a critical part of our pursuits. We’ll be announcing an exciting new partnership in the coming weeks that will complement our endpoint capabilities with additional visibility, prevention and response capabilities.
Why Ransomware? Why Now?
Why invest so much of our time and money into ransomware protection? Quite simply, it is the category of attack that results in the highest material impact to those in the market we want to serve, small and medium sized enterprises. These organizations face the same threats as larger enterprises, but often without the people, processes and technology to defend against sophisticated attackers. And these types of attacks are growing in both sophistication and reach. According to Gartner, twenty-seven percent of all malware incidents experienced in 2020 can be attributed to ransomware. That’s an especially concerning proportion when you consider the average ransom payment in just the second quarter of 2020 was $178,254 according to Coveware.
Now that we’ve begun deploying our new Zero Ransomware Initiative advanced ransomware capabilities to improve protection for our customers, we’ll continue looking for new ways to improve their security posture. Our quest for zero breaches is never done, but we’re taking another big leap forward with this initiative. For more on the problem of ransomware, check out The Rise of RaaS white paper.