The Power of Data in Defending Against Ransomware

While the volume of ransomware attacks may have declined year-over-year, attackers are more successfully going after high-value targets and critical infrastructure operatives, causing massive social disruption and coming away with lucrative pay outs to show for it. Just look at the latest attacks, including those on Kaseya and Colonial Pipeline, and you’ll quickly come to the conclusion that not only is ransomware getting worse, but that it’s exploded into a full-blown crisis.

Attackers’ tools are becoming increasingly sophisticated, and their choice of targets more painful for more people. Private criminal organizations have increasingly begun adopting attack methods similar to those used by nation-states, including tactics, techniques and procedures (TTPs) such as zero-day vulnerability exploits, in-memory-only attacks, stealthy long dwell times for reconnaissance, and leveraging distribution points and supply chains. On top of this, ransomware-as-a-service (RaaS) groups like REvil and DarkSide are making it easier than ever for novice cybercriminals to get their hands on off-the-shelf, ready-to-use ransomware kits.

Investment in defensive technologies like endpoint security that protect against advanced attacks and help detect nefarious activity is crucial for businesses, but this also has to be backed by comprehensive data sources and go hand-in-hand with a human element. A security operations center staffed by expert, human-led threat hunting teams in conjunction with protective software is the best path forward when it comes to ransomware protection.

Partners have a significant opportunity to help their customers refine their security strategies and protect themselves from devious ransomware attacks.

Extended Detection and Response

In May, Sophos enhanced its endpoint security offering to help defend against these more sophisticated attacks. The launch of Sophos Extended Detection and Response (XDR) is a game changer for proactively defending against the most sophisticated and evasive attacks – especially those that leverage multiple access points to gain entry and move laterally to evade detection.

Sophos XDR is built on the industry’s richest data set. The cloud-based Sophos data lake offers partners and customers even more detailed insight when performing threat hunting or IT operations tasks. Sophos XDR is driven by data and provides a big picture view of your organization’s cybersecurity environment, along with the ability to deep dive into areas of interest for granular detail.

While Endpoint Detection and Response (EDR) has been the market standard for some time, XDR goes beyond the endpoint and server, combining firewall, email, and other data sources to give customers and partners an incredibly broad view of an organization’s environment. It delivers the most comprehensive and precise data across multiple dimensions for the most accurate threat detection, investigation, and response. This is achieved thanks to the scope of data, range of sources, and data quality.

These new features allow partners and customers to research historical events even when a machine is offline, use suspicious network detections from the firewall to investigate suspicious hosts, examine phishing attempts, and much more. Threat hunting and IT operations teams will reduce their time to detect by seeing the bigger picture of what is happening in their environment. When something suspicious is detected, investigations are faster and easier, reducing the overall response time.

Sophos XDR is now available for MSSPs. Learn more here.

Guest blog courtesy of at Sophos. Read more Sophos blogs here.