Using AI to deal with ransomware attacks
Ransomware is a particularly cruel, but undeniably lucrative business. Criminals target schools, critical infrastructure, and even patient records in an attempt to extract money. AI Deal With Ransomware, As a result, many security professionals place ransomware defensive strategies high on their to-do list. Naturally, most of these strategies start with actions that minimize the anchor points that attackers can find. Checking incoming emails for ransomware payloads, educating users on how to use the Internet safely, and monitoring the network for suspicious activity are essential parts of an anti-virus strategy. effective ransomware.
But they don’t go far. Emerging AI-powered data governance solutions offer an additional weapon in the fight against ransomware with situational awareness informed by in-depth content insights, including one recently launched by Concentric. Concentric CEO Karthik Krishnan tells us more about how they work.
BN: There’s a lot of talk about malware defense and ransomware protection. Where are the gaps and what aspects of security do you think are being overlooked?
RAM antivirus security professionals use defense-in-depth strategies to think through every cyber threat, and ransomware is no exception. The ransomware depth chart offers good malware prevention and data recovery options, but the least privileged access governance – especially at the data level – is not as mature. Access governance programs, for example, are not as ubiquitous as anti-malware tools. Indeed, AI Deal With Ransomware’s old approaches to access governance is heavily rule-based and policy-driven, and many organizations that take this route find themselves with a maintenance nightmare. Better knowledge of content and access governance tools would help minimize the damage caused by ransomware.
Why is content awareness so important as a step in combating ransomware?
Understanding where business-critical data resides and who can access it is essential if you want to protect it. Multi-level defense strategies must consider not only prevention and recovery but also mitigation and damage assessment. What will happen if an attacker succeeds in infiltrating the network? What access will they have and will you know what has been compromised?
Knowing what you have, where it’s stored, and who has access to it helps answer these questions. Knowing the content prepares you for a possible attack in two ways. First, you will be able to lock access to files to limit what an attacker can see and modify. This can prevent the spread of an attack and protect data from unnecessary exposure to risk. Second, knowing the content makes forensic analysis simpler and more accurate during and after the attack. Knowing what has been compromised provides critical situational awareness that helps you make better decisions in the heat of the attack. It can also speed up your recovery and give you a better negotiating position if you decide to consider paying a ransom.
Why is it so hard to protect today’s data-heavy structured and unstructured data environments?
We are seeing a long-term trend towards user empowerment on a broad IT front. Cloud services simplify file sharing, putting end-users in charge of data access decisions that would have been under much tighter control just a few years ago.
As you can imagine, this creates problems. While the IT organization is responsible for data security, they are not content experts. You can’t expect them to understand the business criticality of a contract or a random business plan (let alone who should or shouldn’t have access to it). We have tried asking end-users to classify their own documents, but success has been mixed at best. We tried using rules and pattern matches to automate data discovery, but it turned out to be a lot more complicated than we thought.
This is where we are today. Typical organizations have tens of millions of documents at stake. About 12% of these documents are sensitive or strategic, but finding and protecting them is effectively impossible. Structured data, while a little easier for an IT team to understand, also suffers from a discoverability issue, especially when searching for databases with private or regulated data. There’s also the problem of structured to unstructured data “leaking” when users pull data into spreadsheets or pass it on to third parties for analysis. AI Deal With Ransomware
What makes Concentric’s ransomware solution different?
Concentric uses artificial intelligence to autonomously and accurately research and assess business-critical data. This means security professionals don’t need to create and maintain complex rules and policies, and there’s no need to rely on end-users for help. And that means data discovery, risk assessment, and least privilege access control are finally within reach, even for small IT teams with limited staff
How can this help to ensure organizations are able to quickly detect and defend against ransomware?
Content awareness brings two capabilities to the table for ransomware advocates. With Concentric, you can implement and maintain a complete and accurate access control program with the least privileges. Essentially, we help you lock your interior doors, making data exfiltration and lateral movement much more difficult for an attacker. Content Awareness also provides critical situational awareness when you need it most. You can act faster to protect existing data and assess damage after the attack. It can even help you decide how much – or if – you will pay in ransom.