Fighting the Ransomware Crisis with Better Data

Looking at the most recent high-profile ransomware attacks on Kaseya and Colonial Pipeline, it’s clear that the cybersecurity community is facing a crisis that has been a long time in the making. Ransomware-as-a-service (RaaS) like REvil and DarkSide are making it easier than ever for novice cybercriminals to launch attacks, and the sophisticated tactics, techniques and procedures (TTPs) that were once reserved for nation-state attacks are now becoming common among private cybercriminal affiliates.

Although a recent survey commissioned by Sophos indicates a general decline in ransomware attacks year over year, attackers are choosing their targets more carefully to cause the most damage possible and put pressure on targets to pay highest ransoms we’ve ever seen. Hospitals, schools and critical infrastructure are particularly vulnerable. And, because these services are so essential, there’s added pressure to pay; in many instances, cybercriminals are walking away with massive pay outs.

Investment in defensive technologies like endpoint security that protect against advanced attacks and help detect nefarious activity is crucial for businesses, but this also has to be backed by comprehensive data sources and go hand in hand with a human element. A security operations center staffed by expert, human-led threat hunting teams in conjunction with protective software is the best path forward when it comes to ransomware protection.

Partners have a significant opportunity to help their customers refine their security strategies and protect themselves from devious ransomware attacks.

Extended Detection and Response

In May, Sophos enhanced its endpoint security offering to help defend against these more sophisticated attacks. The launch of Sophos Extended Detection and Response (XDR) is a game changer for proactively defending against the most sophisticated and evasive attacks – especially those that leverage multiple access points to gain entry and move laterally to evade detection.

Sophos XDR is built on the industry’s richest data set. The cloud-based Sophos data lake offers partners and customers even more detailed insight when performing threat hunting or IT operations tasks. Sophos XDR is driven by data and provides a big picture view of your organization’s cybersecurity environment, along with the ability to deep dive into areas of interest for granular detail.

While Endpoint Detection and Response (EDR) has been the market standard for some time, XDR goes beyond the endpoint and server, combining firewall, email and other data sources to give customers and partners an incredibly broad view of an organization’s environment. It delivers the most comprehensive and precise data across multiple dimensions for the most accurate threat detection, investigation and response. This is achieved thanks to the scope of data, range of sources and data quality.

These new features allow partners and customers to research historical events even when a machine is offline, use suspicious network detections from the firewall to investigate suspicious hosts, examine phishing attempts, and much more.  Threat hunting and IT operations teams will reduce their time to detect by seeing the bigger picture of what is happening in their environment.  When something suspicious is detected, investigations are faster and easier, reducing the overall response time.

Sophos XDR is now available for MSSPs. Learn more here.

This guest blog is part of a Channel Futures sponsorship.