Ransomware threats are constantly increasing and evolving. AI-supported NDR (Network Detection and Response) systems can keep up better and therefore offer more protection.
According to the Swiss security company Exeon Analytics, with the emergence of the Akira ransomware, large companies in particular and those tied to Kritis or NIS 2 are facing a new danger, as there is currently no decryptor for the current versions of the malware and the new group is mainly focuses on victims from whom it can extort large ransoms.
According to Erismann, many SIEM (Security Information and Event Management) systems offer tools and functions to detect, evaluate and mitigate the effects of ransomware, but only with predefined application scenarios as a basis. In addition, native endpoint solutions – again only if they are equipped with preconfigured playbooks – can trigger incident response procedures and force malware remediation. However, such solutions are ineffective against previously unknown attack patterns and especially AI-supported, dynamic attacks because they only react to previously known patterns.
NDR recognizes unusual and unusual traffic patterns
According to Exeon, constant monitoring of all network traffic via an NDR system (Network Detection and Response) is therefore required for the early detection of dynamic ransomware attacks. Through monitoring and visibility of VPN connections, companies using NDR can detect ransomware attacks like Akira's by constantly analyzing network traffic for unusual or unknown patterns. This can also include atypical spikes in data transfer or unusual communication between devices.
In the ExeonTrace solution, Exeon relies on AI and machine learning (ML) so that traffic patterns that deviate from the established (and machine-learned) baselines are detected early on. The system looks for unusual patterns, an unexpected increase in traffic, or repeated failed login attempts. It also checks the protocols that come from Cisco ASA devices or other firewalls. Akira injects its malware via Cisco ASA.
Analyzing larger amounts of data
ML enables ExeonTrace to detect unknown attacks by correlating historical data or identifying anomalous activity that may be malicious. This approach is probabilistic and not deterministic. The integrated metadata analysis can process significantly larger amounts of data than deep packet inspection and can also analyze encrypted data traffic. This creates a significant, historical correlation that enables proactive handling of threats.
More at Exeon.com
About Exeon
Exeon Analytics AG is a Swiss cybertech company specializing in protecting IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the opportunity to monitor networks, immediately detect cyber threats and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based.