BullWall RansomCare - tecnologika.com BullWall RansomCare - tecnologika.com

RansomCare (RC)

Ransomware is evolving. So must your security response.

New strains of ransomware can disable endpoint protection, AV, firewalls, and even backup solutions before encryption starts.
What do you do if your perimeter and endpoint protection is breached?

Protection

BullWall’s RC focus is to protect your data storages; not your endpoints. You already have protection in place on your computers and endpoints, but what do you have to stop ongoing illegitimate encryption on file shares?

RansomCare is the answer. It detects and responds the very second illegitimate encryption and file corruption begins on file shares, providing your IT team a critical Last Line of Defense.

Test your current defenses – schedule a Remote Assessment Now

Book Now

Protection

BullWall’s RC focus is to protect your data storages; not your endpoints. You already have protection in place on your computers and endpoints, but what do you have to stop ongoing illegitimate encryption on file shares?

RansomCare is the answer. It detects and responds the very second illegitimate encryption and file corruption begins on file shares, providing your IT team a critical Last Line of Defense.

Test your current defenses – schedule a Remote Assessment Now

Book Now

BullWall RansomCare features

A Different Approach

RC leverages heuristic analysis and file metadata to monitor traffic between endpoints and file shares(on-premise or cloud) to swiftly and efficiently detect evidence of an active ransomware breach. Instead of searching for ransomware, RC detects and responds to ransomware’s malicious intent: illegitimate file encryption.

Agentless Solution

RC is not installed on endpoints or any existing file servers. Our agentless solution is easily deployed within days and leverages Machine Learning to configure automatically. RC creates no network performance overhead and supports integration with existing security solutions to strengthen the overall defense.

Detects the Unknown

Cybercriminal development teams constantly monitor prevention-based security vendors for software updates; they know when existing variants are at risk of being detected and when to change their methods. RC circumvents this problem by detecting encryption caused by known and unknown ransomware variants.

Utilize the Cloud

75% of people that 'don't know a great deal' about protecting themselves online. Source: NCSC
RC works seamlessly with Office 365, Sharepoint and Google Drive. RC is OS-agnostic to the device type accessing the cloud, including mobile devices, tablets, MAC, IoT, and laptops, and also for OS independent environments, such as Windows, Android, IOS and Linux.

Complementary

Organizations that fall victim to ransomware typically have between 4-7 prevention-based security tools in place. RC is not a replacement, but a complementary last line of defense security layer.

Cover all Entrypoints

Regardless of whether an attack starts on an endpoint, a mobile phone, an IOT device, via email, website drive-by-attack, USB cable, or was deployed by someone inside your organization, RC reacts immediately when said device or user causes encryption on file shares either on-premise or in the cloud. RC responds by isolating and containing the compromised device and user, instantly halting the encryption process.

We don’t compete, We complement


While many of the EDR/AV/Next-Gen AV products will protect you under most attack scenarios, they are largely endpoint-focused and therefore, not 100% failsafe.

The increasing number of successful ransomware attacks prove there is no perfect solution. Truth is, preventative-only solutions sometimes fail, and once illegal encryption begins, the source of the malware matters not; swift action to stop the attack before significant damage can occur is your #1 priority. And here is where RC steps in.

We don’t compete, We complement

While many of the EDR/AV/Next-Gen AV products will protect you under most attack scenarios, they are largely endpoint-focused and therefore, not 100% failsafe.

The increasing number of successful ransomware attacks prove there is no perfect solution. Truth is, preventative-only solutions sometimes fail, and once illegal encryption begins, the source of the malware matters not; swift action to stop the attack before significant damage can occur is your #1 priority. And here is where RC steps in.

Solutions

Gain control without costly network requirements or performance overhead. Here’s how.

DETECT

Monitoring

RC’s live data activity monitoring instantly detects ongoing encryption on file shares Organizations are often unaware of the enormous amount of file changes that occurs on their file shares. RC listens into existing network notifications to analyse all file changes (created, modified, renamed and deleted) to detect ongoing illegitimate encryption within seconds.

RESPOND

Containment

Isolate and eliminate in seconds The moment illegitimate encryption detected on file shares (not the individual device), RC activates an isolation and containment protocol. Actions can include the forced shutdown of the compromised device, disabling the compromised user’s VPN, and revoking cloud access, network access and AD access. Illegitimate file encryption ceases in seconds, and your security team is instantly alerted. Integration through RESTful API to other security solutions (such as SIEM, NAC and EDR) enables your security teams to unify security management across all devices.

RECOVER

Organisation

Keep your organization running with minimal impact RCs data-recovery protocol has your organization up and running with minimal cost and downtime. After the threat has been mitigated, a comprehensive list of any files infected pre-isolation is generated, and can easily be restored from your backup either manually or via integration. An advanced history log captures all attack details, offering your security team valuable and actionable insights over any affected files.