Blog :: NDR

Why you should use NDR to combat ransomware

While it might seem completely counterintuitive to say so, ransomware is a huge business. Consider, for instance, that in 2020, ransomware payments increased by 311 percent to reach nearly $350 million in cryptocurrency. No other category of cryptocurrency-based crime had a higher rate of growth.  

Indeed, ransomware is such a problem that a security researcher developed the RansomWhere website to track Bitcoin payments made to attackers. Meanwhile, another group of researchers has developed a profile of what cyberattackers are looking for when planning a ransomware attack. 

Their findings indicate that the preferred ransomware target is a large US firm with a minimum annual revenue of $100 million. The preferred access methods are remote desktop protocol (RDP) and virtual private networks (VPNs), with attackers displaying a particular affinity for products developed by Citrix, Palo Alto Networks, VMWare, Cisco, and Fortinet.  

Such findings make it easy to see why enterprises increasingly turn to solutions like network detection and response (NDR) to combat ransomware. But with NDR being a relatively new solution with many players in the market, it can be difficult to know how best to evaluate different vendors.  The differences between each NDR solution can dictate just how successfully it will spot a ransomware threat. 

For instance, most NDRs on the market today are packet-based, meaning they gather data about your network by deploying probes or other collection agents at network ingress and exit points. Because such probes are expensive to deploy, enterprises typically limit deploying more than the minimum, which is why they’re deployed at ingress and exit points. The problem with that strategy is you remain blind to threats that go undetected as they enter your network. Additionally, insider threats or anomalous behavior would likely go undetected without pervasive network visibility.  

It’s also important that an NDR solution can use the data readily available from existing network and security devices—things like switches, routers, firewalls, packet brokers, security tools, and network monitoring systems. Tapping into the network flow data collected by the hundreds (if not thousands) of behavior sensors already deployed across your network—from cloud to core to edge—is the best early warning system you can have. 

When the NDR solution uses network flow data, it enables you to catch obvious signs of compromise, including command-and-control communication and data exfiltration. Likewise, you’ll be able to spot indicators that are harder to detect—things like lateral movement, data collection, and abnormal activity. By quickly identifying anomalous behavior, an NDR solution can proactively search for the tactics, techniques, and procedures that a threat actor must take as they explore your network for your critical assets. 

The Plixer NDR solution is built around these preferred features. Plixer provides early and comprehensive detection by tapping into your existing network flow data. Because we’ve spent years integrating with the kinds of devices found on your network, our team understands what well-formed traffic looks like—as well as the factors that indicate compromise. Our NDR solution provides host profiling and risk scoring to quickly identify typical behavior patterns for a device of that type and detects when the device behaves suspiciously. Additionally, our machine learning engine, through supervised learning, has been tuned to quickly identify common characteristics of ransomware so you can be alerted of its presence in real time.   

The Plixer NDR solution’s ability to spot anomalies is enhanced with the intelligence of machine learning, and integration into your existing orchestration and response infrastructure ensures your team can prioritize and act on network threats. Overall, Plixer’s NDR solution specializes in early detection of network anomalies through pervasive visibility across your entire network—with no network blind spots.  

We’ve developed a new whitepaper that provides a much deeper dive into how our platforms can help you maximize your network investments to get better performance and security.  Learn How Plixer Maximizes Network Investments or schedule a demo today.