Vertek Corporation, a leading provider of end-to-end Managed Security Service Provider (MSSP) and Telecom Operations Services, and Halcyon, the world’s first cyber resilience platform designed from day one to defeat ransomware, have forged a strategic threat-targeted partnership designed to better protect customers.
“We remain steadfast in our mission to ensure our customers have the right mix of security products and services to strengthen their cybersecurity defenses. Our partnership with Halcyon empowers our customers to confidently embrace the latest technologies, knowing their digital assets are protected,” said Ron Hruby, Vertek’s Chief Operations Officer.
Ransomware Brief
The state of ransomware threat actor groups is constantly evolving, but there are a few trends that have emerged in recent years.
The number of active ransomware providers and their criminal affiliate partners continues to grow each year. According to a report by the Cybersecurity and Infrastructure Security Agency (CISA), there were twenty-three known ransomware groups operating in 2020. There are currently at least 50 ransomware providers in 2023 with hundreds or even thousands of active affiliates that target organizations worldwide. This increase is due to the lucrative nature of ransomware attacks. Ransomware groups can easily hold crucial data hostage while demanding millions of dollars in payments, and many victims are willing to pay in order to keep their businesses operational.
Ransomware by the numbers:
- 978,000 Attacks Attempted Daily (Avg. USDOJ)
- $2,000,000 Average Recovery Cost
- $14,000,000,000 Ransomware Industry in 2022
- For companies under $10M in review, the average cost to recover from an attack was at least $160K. For companies over that threshold the recovery cost is in the millions.
Ransomware groups are becoming more sophisticated. In the past, they would simply encrypt a victim’s data and demand a ransom payment. However, now they are using more sophisticated techniques, such as stealing data and threatening to release it if the ransom is not paid. This can cause brand damage, invoke regulatory actions and lead to lawsuits against the victim organization.
Ransomware groups are targeting a wider range of victims. In the past, ransomware groups would primarily target large organizations. However, now they are targeting a wider range of victims, including small businesses, individuals, government offices, and even schools. This is because ransomware groups can easily find and exploit vulnerabilities in a wide range of systems.
Traditional Endpoint Detection and Response (EDR) products can be a valuable tool for detecting and responding to ransomware attacks, but like any broadly developed tool, EDR products have typical limitations:
- EDR is typically reactive: Many EDR products can only detect and respond to threats that have already occurred. This means that it cannot prevent ransomware attacks from happening in the first place.
- EDR can be bypassed: Ransomware attackers are constantly evolving their techniques to evade detection by EDR solutions. This means that EDR cannot always be relied upon to stop ransomware attacks.
- EDR does not provide automated decryption: If ransomware is successful in encrypting files, EDR cannot automatically decrypt them. This means that organizations will need to rely on manual decryption methods, which can be time-consuming and expensive.
Ransomware protection requires multiple layers of defense. The risk of letting ransomware run rampant through an organization is too large to leave to a single, broad endpoint protection solution.
Halcyon Anti-Ransomware Platform
Halcyon uses multiple unique layers of prevention to stop the process of ransomware from completing its task. If a single layer fails, Halcyon responds accordingly. A persistent actor may breach any defense, which is why Halcyon designed an autonomous resilience and recovery layer as a last resort to prevent the spread of ransomware across your company.
Halcyon defends along multiple layers through each phase of an attack: (See Figure 1)
Halcyon Anti-Ransomware is an AI-powered solution that uses a variety of techniques to detect and prevent ransomware, including:
- Pre-Execution Prevention: Halcyon has built AI models trained on the largest corpus of live ransomware samples in the industry in order to build its predictive and preventative layers that detects and stops even previously unknown ransomware from running.
- Behavioral analysis: As a complementary layer, Halcyon autonomously analyzes the behavior of a process to detect more discreet ransomware. For example, it can detect if a file is trying to encrypt files or delete data.
- Deception techniques: Halcyon uses exploitation techniques borrowed from offensive cyberwarfare to trick ransomware processes into revealing themselves even if they managed to get past previous layers.
“Many technology leaders report they have inherited security products and technologies that aren’t integrated, monitored or being staffed appropriately. It’s a fact that leaders are at increased risk during these types of business transformation activities,” says George Rhodes, Vertek Sr. Security Analyst, “It’s important to call that out- Halcyon brings targeted ransomware protection to customers that need to feel confident as they evolve.”
Like any security product, Halcyon needs to be properly deployed, managed, and monitored by a modern SOC that can provide additional oversight, data enrichment and triage expertise to make decisions to adequately respond to identified threats.
Vertek RansomMDR Service
Using a combination of Halcyon’s Anti-Ransomware Platform, D3 Security’s Smart SOAR™ (Security Orchestration Automation Response) Platform, Vertek proprietary custom security operations, threat hunting and threat intel; Vertek has developed a custom fully managed Anti-Ransomware Managed Detection Response (MDR) cybersecurity service which is designed to actively monitor for possible compromises and intrusions on endpoints- providing alarm triage, threat analysis and taking incident response actions.
Key service features:
- 24/7/365 monitoring and threat detection: Monitoring of all endpoints for signs of malicious activity. This helps to ensure any threats are detected and responded to quickly before they can cause damage.
- Expert threat intelligence: Our security team is constantly monitoring the threat landscape and developing new ways to provide context to Halcyon service-generated alarms (both human and machine enrichment), so that the SOC analysts can respond with as much context surrounding the alarm as possible. This protects your organization from the latest threats.
- Incident response: The service includes incident response capabilities, which helps to quickly contain and remediate threats. By taking active measures to engage a client or make changes we reduce the impact of a security incident and minimize the amount of time and resources required to recover.
- Reporting and insights: Reports and analytics are used to identify areas where your security could be improved and to track the effectiveness of your security measures over time.
Key service benefits:
- Low-cost, high-value solution: Vertek’s RansomMDR service is a cost-effective way for businesses of all sizes to protect themselves from ransomware attacks. It combines the power of Vertek’s SOAR capabilities and Halcyon’s Anti-Ransomware Platform services into a single solution that is easy to deploy and manage.
- Protects against one of the most lucrative attacks in the cyber landscape: Ransomware attacks are one of the most common and costly types of cyberattacks. Vertek’s RansomMDR service provides comprehensive protection against ransomware threats, including early detection, prevention, and response.
- Brings Vertek’s additional threat intelligence analysis: Vertek’s RansomMDR service includes access to Vertek’s team of security experts who provide 24/7 threat intelligence and analysis. This helps customers to stay ahead of the latest ransomware threats and to respond quickly and effectively to any attacks that do occur.
- Speed to respond: Vertek’s RansomMDR service is designed to help customers respond to ransomware attacks as quickly as possible. The service includes a variety of features to help customers minimize downtime and recover their data quickly, such as automated incident response and threat hunting.
Also Read: Kinds of Ransomware and How to Prevent Them
Packaging Vertek MDR, SOAR and SOC capabilities with the Halcyon Anti-Ransomware platform, organizations get a comprehensive Anti-Ransomware MDR solution for protecting against cyber threats, including ransomware.
“In the realm of cybersecurity, the adversaries are relentless, and the landscape is perpetually shifting. Our alliance with Vertek is not just strategic; it’s essential. By melding Halcyon’s state-of-the-art anti-ransomware capabilities with Vertek’s profound expertise in managed detection and response, we’re not merely addressing the threats of today. We’re anticipating the challenges of tomorrow, ensuring that businesses have a proactive, agile, and resilient defense in an era where cyber risks are omnipresent.” Said Tommy Perniciaro, Halcyon’s Head of Solution Architecture.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.