RansomCare (RC)
Ransomware is evolving. So must your security response.
Protection
BullWall’s RC focus is to protect your data storages; not your endpoints. You already have protection in place on your computers and endpoints, but what do you have to stop ongoing illegitimate encryption on file shares?
RansomCare is the answer. It detects and responds the very second illegitimate encryption and file corruption begins on file shares, providing your IT team a critical Last Line of Defense.
Test your current defenses – schedule a Remote Assessment Now
Protection
BullWall’s RC focus is to protect your data storages; not your endpoints. You already have protection in place on your computers and endpoints, but what do you have to stop ongoing illegitimate encryption on file shares?
RansomCare is the answer. It detects and responds the very second illegitimate encryption and file corruption begins on file shares, providing your IT team a critical Last Line of Defense.
Test your current defenses – schedule a Remote Assessment Now
BullWall RansomCare features
A Different Approach
RC leverages heuristic analysis and file metadata to monitor traffic between endpoints and file shares(on-premise or cloud) to swiftly and efficiently detect evidence of an active ransomware breach. Instead of searching for ransomware, RC detects and responds to ransomware’s malicious intent: illegitimate file encryption.
Agentless Solution
RC is not installed on endpoints or any existing file servers. Our agentless solution is easily deployed within days and leverages Machine Learning to configure automatically. RC creates no network performance overhead and supports integration with existing security solutions to strengthen the overall defense.
Detects the Unknown
Cybercriminal development teams constantly monitor prevention-based security vendors for software updates; they know when existing variants are at risk of being detected and when to change their methods. RC circumvents this problem by detecting encryption caused by known and unknown ransomware variants.
Utilize the Cloud
75% of people that 'don't know a great deal' about protecting themselves
online. Source: NCSC
RC works seamlessly with Office 365, Sharepoint and Google Drive.
RC is OS-agnostic to the device type accessing the cloud, including
mobile devices, tablets, MAC, IoT, and laptops, and also for OS
independent environments, such as Windows, Android, IOS and Linux.
Complementary
Organizations that fall victim to ransomware typically have between 4-7 prevention-based security tools in place. RC is not a replacement, but a complementary last line of defense security layer.
Cover all Entrypoints
Regardless of whether an attack starts on an endpoint, a mobile phone, an IOT device, via email, website drive-by-attack, USB cable, or was deployed by someone inside your organization, RC reacts immediately when said device or user causes encryption on file shares either on-premise or in the cloud. RC responds by isolating and containing the compromised device and user, instantly halting the encryption process.
We don’t compete, We complement
While many of the EDR/AV/Next-Gen AV products will protect you under most attack scenarios, they are largely endpoint-focused and therefore, not 100% failsafe.
The increasing number of successful ransomware attacks prove there is no perfect solution. Truth is, preventative-only solutions sometimes fail, and once illegal encryption begins, the source of the malware matters not; swift action to stop the attack before significant damage can occur is your #1 priority. And here is where RC steps in.
We don’t compete, We complement
While many of the EDR/AV/Next-Gen AV products will protect you under most attack scenarios, they are largely endpoint-focused and therefore, not 100% failsafe.
The increasing number of successful ransomware attacks prove there is no perfect solution. Truth is, preventative-only solutions sometimes fail, and once illegal encryption begins, the source of the malware matters not; swift action to stop the attack before significant damage can occur is your #1 priority. And here is where RC steps in.
Solutions
Gain control without costly network requirements or performance overhead. Here’s how.
DETECT
Monitoring
RC’s live data activity monitoring instantly detects ongoing encryption on file shares Organizations are often unaware of the enormous amount of file changes that occurs on their file shares. RC listens into existing network notifications to analyse all file changes (created, modified, renamed and deleted) to detect ongoing illegitimate encryption within seconds.
RESPOND
Containment
Isolate and eliminate in seconds The moment illegitimate encryption detected on file shares (not the individual device), RC activates an isolation and containment protocol. Actions can include the forced shutdown of the compromised device, disabling the compromised user’s VPN, and revoking cloud access, network access and AD access. Illegitimate file encryption ceases in seconds, and your security team is instantly alerted. Integration through RESTful API to other security solutions (such as SIEM, NAC and EDR) enables your security teams to unify security management across all devices.
RECOVER
Organisation
Keep your organization running with minimal impact RCs data-recovery protocol has your organization up and running with minimal cost and downtime. After the threat has been mitigated, a comprehensive list of any files infected pre-isolation is generated, and can easily be restored from your backup either manually or via integration. An advanced history log captures all attack details, offering your security team valuable and actionable insights over any affected files.
Test your current defenses
To help organizations gain an overview of their current security profile and assist
in the battle against ransomware criminals, we offer a non-binding Ransomware
Assessment Test.
Schedule Remote Assessment Now
Unify and Strengthen your Defense
Skyrocket the value of your Security Spend with a critical Last Line of
Defense solution engineered to fully integrate with your existing
security measures.
Integration Details
The Lowdown on Downtime
Investment in IT security is hard to justify for an organization, however, a
cyberattack can have a severe impact on an organization from a productivity
and revenue perspective. This calculator can help calculate the consequences,
and thereby visualize the costs of a ransomware attack.
Use the "Cost of Downtime" Calculator