Fight ransomware and APTs with MistNet NDR
“Greetings! Your company network has been hacked. All your important files have been encrypted!”
Last year, NPR revealed that more than 65,000 companies received a ransomware rating like this, with an average of seven attacks per hour. Unfortunately, things appear to be getting worse in 2021.
The New York Times recently reported that between 800 and 1,500 businesses around the world were compromised or affected by a cyber attack in a single day. Security experts have claimed that it could be the biggest attack in history consisting of hackers shutting down systems until a ransom is paid:
“This is the worst ransomware incident to date, but if we don’t act, the worst is yet to come,” said Kyle Hanslovan, CEO of Huntress Labs.
The rise of ransomware is fueled by its industrialization. The ransomware is offered as a service by criminal organizations such as REvil, with expertise provided by YouTube tutorials and gang customer service. “Any doofus can now become a cybercriminal,” Sergei A. Pavlovich, a former hacker who served 10 years in prison in his native Belarus for cybercrime, told The New York Times. “The intellectual barrier to entry has become extremely low.”
NDR to the rescue
Network Discovery and Response (NDR) provides businesses with a proactive way to detect ransomware attacks in real time before receiving the ransom demand. Network telemetry provides SecOp teams with the best vantage point to track attackers because it is difficult for actors to cover their tracks with anti-legal tools or they may ignore the need to do so. Unfortunately, traditional NDR solutions have some practical drawbacks, such as the need for expensive bandwidth to collect the high volumes of data needed for detections or creating a flood of false positives because they lack context for the metrics. compromises detected.
Benefits of MistNet NDR
LogRhythm’s MistNet NDR has been designed to provide accurate, real-time detection of ransomware, lateral movement, exfiltration, malware compromise and other threats. While other NDR solutions rely solely on machine learning applied to single data streams to detect network security issues, LogRhythm uses hybrid analyzes that combine machine learning, rule-based detection and threat intelligence to analyze network, user and host activity. This holistic approach provides a true representation of all the players and their activity in the business arena and reduces false positives by over 90%.
In addition to automated threat detection capabilities, MistNet NDR’s integrated MITER ATT & CK engine provides intelligent search for tactics, techniques, and threat groups across multiple attack vectors. Analysts receive an easy-to-understand security “story” detailing the tactics, techniques and signatures of known ATT & CK threat groups in real time. The platform includes detailed descriptions, recommended remediation tips, and reporting tools.
MistNet NDR’s powerful threat detection and research capabilities are powered by patent-pending TensorMist-AI ™ technology, which uses distributed computing to advance data collection and analysis. This approach avoids traditional NDR scale issues by co-localizing analytical processing with collection engines in the form of a distributed mesh for big data processing. This enables the collection and enrichment of security data “on the spot”, generating exceptionally accurate behavioral and threat models without having to move the data. LogRhythm’s SaaS delivery, combined with this analytical mesh network processing, creates the ideal SaaS and data collection model that maximizes scale and lowers operating costs.
New EDR and firewall integrations for greater visibility
LogRhythm recently added new integrations that bolster its industry-leading NDR solution and lay the groundwork for a larger extended detection and response (XDR) solution.
Our team has extended the capabilities of MistNet NDR to include integrations with existing Endpoint Discovery and Response (EDR) solutions including CrowdStrike, Carbon Black, and SentinelOne. Beyond EDR, MistNet NDR also integrates with industry leading firewalls for log collection. Analysts can configure these third-party solutions from the MistNet console in a plug & play fashion. These new integrations extend NDR visibility and provide additional contextual insights to holistically detect threats across endpoints, data centers, and the cloud.
MistNet NDR also provides SmartResponse ™ automation actions for market leading firewalls. Analysts can perform firewall actions from the console to respond to incidents. This mitigates advanced persistent threats and malware infected hosts by preventing network access and stopping unauthorized services or processes.
Versatile security for any use case
In addition to fighting ransomware and APTs, MistNet NDR helps customers respond to emerging security use cases for supply chains, public cloud, and IoT / OT. This SaaS-based NDR solution works with existing EDR and firewall solutions to increase network visibility and provide comprehensive threat detection across endpoints, data centers and the cloud. In combination with the LogRhythm NextGen SIEM platform, it allows companies to easily manage their security and compliance needs and with the best return on investment.
To learn more about MistNet NDR, watch this demonstration video or download the datasheet.
The article Fighting Ransomware and APTs with MistNet NDR first appeared on LogRhythm.
*** This is a Syndicated Security Bloggers Network blog from LogRhythm written by Kelsey Gast. Read the original post at: https://logrhythm.com/combating-ransomware-and-apts-with-mistnet-ndr/