MDR specialist
Pondurance is adding ransomware protections and a new Microsoft 365-focused service for midmarket companies that have limited budgets but face enterprise-sized threats.
The vendor, whose clients are mostly in highly regulated industries, late last week rolled out RansomSnare, a ransomware prevention module in its managed detection and response (MDR) service that can intercept and stop a malicious process when it detects an encryption attempt and keep data from being exfiltrated, according to executives.
This week, Indianapolis-based Pondurance also released a MDR service for
Microsoft-centric businesses that use such Office applications as Windows, Entra ID, and Azure Cloud. Midmarket companies tend to rely heavily on Microsoft hybrid cloud operations, which can be difficult to manage and defend, helping to make them targets for ransomware and other cyber threats.
The new services come at a time when more smaller businesses are finding themselves under attack. According to a
survey released last year by cyber insurance company
Coalition,
79% of small and midsize businesses had been attacked within the previous five years. Ransomware is one of the threats they need to worry about.
“When ransomware attacks on big-brand companies such as
Capital One,
Target, or
Equifax make headlines, it’s easy to dismiss that reality for lesser-known mid-market firms,” MSP
Netrio wrote in
a blog post last year. “The data, however, tells a different story: hackers view mid-market businesses as easier targets because they lack the sophisticated enterprise-scale defenses of their larger peers, so they’re attacked more often. Nearly one in five middle-market companies reported a breach last year.”
Another LIne of Ransomware Defense
RansomSnare is designed to work with endpoint detection and response (EDR) tools, according to
Michael DeNapoli, a senior solutions architect at Pondurance. The goal is to stop attackers that have gotten around EDR.
“Modern threat actors realize that an EDR will be in place in most organizations, and they therefore take steps to hide their malicious actions from being spotted,” DeNapoli told MSSP Alert. “Modern security controls do their best to keep up with these changes, but in the digital arms race of the cybersecurity landscape, the threat actors are often one step ahead. Their goal, however, remains the same: encrypt the data and backups so that an organization must pay a ransom to return to normal business operations.”
RansomSnares allows for an analysis of what encryption tools are legitimately being used by an organization, then blocks attempts to use any other encryption tools and techniques whenever they appear, he said.
MSSPs in the Mix
MSSPs and other partners will benefit from RansomSnare. Pondurance is a top MDR services provider to midmarket companies, but most have needs that extend beyond them, DeNapoli said.
“RansomSnare is part of the Pondurance platform, but it is often used in conjunction with hardware support, networking architecture and support, and other functions that are provided by partners throughout the country,” he said. “It’s not uncommon at all for customers to begin working with an MSSP, and then add in Pondurance MDR as they mature their cybersecurity footprint.”
A key reason RansomSnare is offered as part of the vendor’s MDR service is that such a security must be properly implemented, configured, and managed over time, particularly as encryption tools and methods will change over time. They require regular turning and management, which isn’t something all midmarket firms can do.
“Organizations have often attempted to use different advanced security controls in-house, only to find that their staff could not keep up with the overhead of using those tools safely and effectively,” DeNapoli said. “By leveraging the ongoing assistance of an MSSP and MDR provider, the overhead and complexity are greatly reduced for the organization, and the effectiveness and safe operation of more complex solutions is greatly increased.”
Microsoft and the Midmarket
Similar reasoning is behind the company’s Pondurance for Microsoft purpose-built MDR service. It provides 24/7 MDR service using Microsoft’s Defender XDR – including Defender for Endpoint – to protect against ransomware, data breaches, and other threats and to allow organizations to leverage security capabilities included in many Microsoft licenses.
The features and capabilities include direct Microsoft Graph API ingestion for M365 and Entra ID telemetry, 24/7 U.S.-based security operations center (SOC) monitoring by specialists in Microsoft-specific threats, M365 configuration hardening, and hybrid visibility across cloud services, Active Directory, endpoints, networks, and legacy systems.
Such functions are necessary, given the broad use by midmarket companies of Windows for endpoints and Office 365 and Microsoft 365 for email and collaboration, according to DeNapoli.
“When threat actors go after Windows and Microsoft applications, they are not making a judgment about the security maturity of a specific organization,” he
said in a Q&A posted on Pondurance’s website. “They are playing a numbers game. Midmarket organizations often face additional constraints. Many operate with small IT teams that must balance security with daily operational demands.”
Some midmarket firms won’t have dedicated security roles, and even when security tools are licensed, there are times they’re not fully configured or maintained. Threat actors “understand this reality and design their campaigns accordingly,” he said.
The Microsoft offerings are foundational to most organizations and aren’t themselves inherently dangerous. Risks increase when those companies don’t correctly configure the tools, delay updates, use inconsistent processes, or have users who are afraid to speak up when mistakes happen.
“Organizations in Microsoft environments that effectively use their available security tools, focus on keeping systems current, and encourage early reporting of security incidents are far better positioned to avoid or limit the impact of cyber threats,” DeNapoli said.
