ExtraHop Enables Proactive Security to Stop Ransomware in Its Tracks

LAS VEGAS, NV--(Marketwired - Mar 1, 2016) - HIMSS16 -- ExtraHop, the global leader in real-time stream analytics for IT operations and business intelligence, today announced a targeted new solution to help organizations proactively detect and track malicious ransomware behavior in real time, identify and protect vulnerable resources before they can be compromised.

According to a report from Kaspersky Labs, in 2015 ransomware attacks doubled and ransomware programs were detected on over 750,000 computers of unique users. In the same time period, nearly 200,000 computers were targeted by encryption ransomware. For targeted organizations, the cost goes far beyond the ransom. Lack of access to critical files can effectively shut down business operations, affecting workflows, productivity, and the bottom line. In healthcare, lack of access to critical patient information can directly impact care.

The ExtraHop platform analyzes and characterizes all data in flight -- client, network, application, and infrastructure activity and behavior -- providing unmatched visibility into all East-West and North-South traffic to deliver the richest source of real-time security insights.

The ExtraHop ransomware solution enables a positive and proactive security model, putting the power of pattern-based analysis and machine learning to work against malicious actors. ExtraHop now fills the gap left by security platforms that protect the perimeter, scan for attack signatures, or analyze log files -- methods that have proven to be ineffective at early detection and remediation. ExtraHop customers are already successfully using the Ransomware Solution to identify and stop infections before sensitive corporate network file servers and storage systems can be impacted.

• Quickly detect anomalous behavior that is typically associated with ransomware attacks such as lateral movement across systems or irregular storage read/write operations.
• Prevent the spread of malicious agents through customized alerting designed to notify incident response teams within minutes of a ransomware infection and provide clear guidance on the incident.
• Remediate the affected systems by forensically investigating the source of the attack down to the client machine and URI of the external malware host.

"Traditional security solutions focus on shoring up the perimeter, relying on signatures to identify threats or incomplete log file analysis," said Erik Giesa, SVP of Marketing at ExtraHop. "The incredible acceleration of ransomware attacks should serve as a wake-up call that this is not enough. IT needs to get proactive about understanding its infrastructure and dependencies, and watching not just North-South but also all East-West traffic. With the barbarians already inside the walls, the critical requirement today is comprehensive behavioral visibility and continuous surveillance to understand where they've gained access and what they are doing. Only then can an organization begin to take a more proactive and positive security stance."

To learn more about how ExtraHop is being used to defeat ransomware attacks, check out the case study: Leading Health Services Provider Thwarts Ransomware Attack with ExtraHop. Read the datasheet for more information on the ExtraHop ransomware bundle.

To experience the power of the ExtraHop platform for yourself, explore the ExtraHop interactive online demo.

About ExtraHop
ExtraHop is the global leader in real-time stream analytics for all data-in-motion. The ExtraHop wire data analytics platform analyzes all network and application communications, including full bidirectional transactional payloads. This innovative approach provides the correlated, cross-tier visibility essential for application performance, availability, and security in today's complex and dynamic IT environments. The winner of numerous awards from Interop, TechTarget, and others, the ExtraHop platform scales up to 40 Gbps in a single appliance, deploys without agents, and delivers tangible value immediately upon deployment. Learn what we mean at www.extrahop.com.