Blog :: NDR

How Plixer can help address CISA ransomware recommendations

markus spiske gcgvesH Ac unsplash scaled

Ransomware continues to be a major cybersecurity threat for businesses of all sizes across the globe. In 2021, a Sophos study revealed that the average cost of ransomware doubled to $1.85 million—adding to the disappointing discovery only about 8% of businesses that pay a ransom actually get their data back. Recently, the US CISA, FBI, and NSA published a joint Cybersecurity Advisory (together with the UK and Australian cybersecurity agencies) on ransomware trends, techniques, and mitigations adding to the urgency that companies strengthen their security posture against ransomware.

As stated in the report, ransomware groups are expanding their impact by targeting the cloud, managed service providers, industrial processes, and software supply chain. They are also targeting organizations during off-hours like weekends and holidays. This report comes off the heels of a report last year where the FBI found a yearly increase of 62% from 2020 to 2021.

Plixer’s security intelligence capabilities, as part of our Network Detection and Response (NDR) platform, help our customers address many of the areas outlined in this advisory. To briefly summarize:

Advisory: Technical detailsPlixer’s NDR platform capabilities:
Gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting vulnerabilities.Monitor RDP for abnormal usage as well as brute force detection.  
Targeting the cloud.Analyze cloud flowlogs and seamlessly combine that with on-premise network traffic monitoring.
Attacking industrial processes.Provide device discovery and profiling for managed and unmanaged devices (including IoT), accompanied by continuous network traffic analysis.
Targeting organizations on holidays and weekends.Use separate training data to model weekend network usage patterns from normal workweek usage, to rapidly detect anomalies.
Advisory: Mitigations 
Keep all operating systems and software up to date.Include asset discovery and profiling capabilities. 
If you use RDP or other potentially risky services, secure and monitor them closely.Provide this capability ‘out of the box.’
Segment networks.Analyze network traffic flows to help with effective network segmentation planning. 
Implement end-to-end encryption. An effective security tool even when end-to-end encryption is deployed. Where needed, Plixer supports encrypted traffic analysis techniques such as JA3/JA3S fingerprinting and malware detection using supervised machine learning for identifying traffic behavior.
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool.Are purpose-built for network monitoring, leveraging multiple detection methods including supervised machine learning, unsupervised machine learning, and sophisticated algorithms.
Document external remote connections.Provide the ability to customize what the Machine Learning engine watches—helping to implement zero-trust for critical applications and infrastructure.
Collect telemetry from cloud environments.Ingest cloud flowlog data. It also includes application monitoring capabilities.

Enterprises looking to lower their exposure to ransomware need a best-in-class NDR solution. The Plixer security intelligence platform is an innovative and intelligent NDR solution that processes network flow data with machine learning, allowing you to monitor behavior across your network and quickly detect, investigate, and remediate threats like ransomware.

Interested in learning more? Request a demo today.