The XDR Solution to the Ransomware Problem – Cisco Blogs

The XDR Solution to the Ransomware Problem - Cisco Blogs

During a ransomware attack, it is critical to detect and respond early and quickly. By decreasing your mean time to detection in identifying the attacker’s behavior, your security team can quickly investigate and respond timely to prevent a ransomware incident. And, if you can interrupt the attacker’s tools, tactics, or techniques early in the process that will force most attackers to abandon the campaign as they cannot progress further along in the “kill chain”.

MITRE maintains a kill chain framework known as MITRE ATT&CK®. The framework models tactics, techniques, and procedures used by malevolent actors. The Enterprise Matrix has categories for Windows, macOS, Linux, and Cloud.

To protect against a ransomware incident, it is important to interrupt the kill chain as early as possible. One way to make it radically simple and fast is to harness the power of XDR (eXtended Detection and Response).

XDR relies on the combination of three solutions to provide the greatest outcome:

With the correct combination of those three solutions, organizations are witnessing better security outcomes such as:

Let’s take a deeper look at each of the components as it relates to detecting and responding to ransomware

Endpoint ransomware protection

Endpoint security should constantly monitor all endpoint activity, so it will see ransomware as it unfolds—it can then rapidly terminate the offending processes, preventing endpoint encryption, and stopping the ransomware attack in its tracks.

Cisco Secure Endpoint has several key features that help identify such an attack:

In fact, during the most recent MITRE Engenuity ATT&CK Evaluation, Cisco scored impressive results in the key areas that would thwart ransomware attacks. Cisco Secure Endpoint recognized and stopped lateral movement automatically. Cisco Secure Endpoint’s advanced telemetry recognized and stopped suspicious file execution without human intervention. Cisco Secure Endpoint also identified unauthorized privilege escalation and discovered defense evasion techniques.

Ransomware investigation and response

The cloud-native integrated security platform must automatically collect and correlate data from multiple proprietary security components. XDR products are designed to alleviate challenges. They consolidate multiple vendor-specific security products into a cohesive security incident detection and response platform that is accessible to the mainstream market without extensive integration efforts.

Centralization and normalization of data improve detection by combining softer signals from more components to detect events that might otherwise be ignored. Detection across components can also detect tricky problems such as account takeover attacks, insider threats, and detecting incidents in IoT/ OT systems. Security can also be improved by enabling more rapid sharing of local IOC information among components to provide faster protection across all devices.

This improved correlation, context, and analytics lead to reduced security alerts requiring human intervention by automating actions and providing stronger pre-validation capabilities. With XDR you can now spend more time on incidents and less time on alerts that lack context.

Cisco SecureX is a cloud-native, built-in platform that connects our Cisco Secure portfolio and your infrastructure. It allows you to radically reduce dwell time and human-powered tasks. SecureX has several capabilities to assist organizations in preventing, detecting, and responding to ransomware attacks:

Network ransomware protection

Your organization must know who is on your network and what they are doing using telemetry from your network infrastructure. Your security team must detect advanced threats and respond to them quickly all while protecting critical data with smarter network segmentation. Your security professionals need comprehensive visibility into all user and endpoint behavior both on- and off-premises. The solution needs to provide your security analysts the information they need to conduct more efficient and context-rich investigations into user machines that exhibit suspicious behavior.

Cisco Secure Network Analytics delivers an agentless network detection and response solution that monitors your network traffic and sees when something anomalous occurs—like a ransomware infection. Using multilayer machine learning and entity modeling to detect ransomware, you will be able to quickly accelerate your response to stop ransomware attacks.

Cisco Secure Network Analytics delivers real-time threat detection through:

Bringing it all Together

As was stated earlier, “The whole is greater than the sum of its parts”.


And lastly, imagine what your security outcome will look like with a massive reduction in the mean time to detection and the mean time to respond.

Next Steps

Gartner states that “XDR products may be able to reduce the complexity of security configuration and incident response to provide a better security outcome than isolated best-of-breed components.” What if the best-of-breed components all came from one company that delivers an XDR solution that truly protects against ransomware.

Sign up for free trials of the Cisco Secure XDR solution

Read more about Cisco’s XDR solution

Review our latest information on ransomware defense

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.