[ad_1]
SpyCloud announces Compass, an innovative solution that helps businesses detect and respond to early warning signs of ransomware attacks.
Compass provides definitive proof that data siphoned off by malware infections is in the hands of cybercriminals and offers a comprehensive approach to incident response for malware-infected devices known as post-infection remediation. To do.
Application credentials and cookies stolen from infected employee and contractor devices are commonly used by ransomware operators and initial access brokers (IABs) to target and enter corporate networks undetected. will be
As remote workers and contractors increasingly blur the line between using managed and unmanaged devices, infecting employee-owned systems with malware is allowing cybercriminals to break traditional barriers, including endpoint protection. of ransomware protection solutions. Every time an employee logs in to work with an infected device, malicious actors can exploit single sign-on (SSO) authentication, remote access portals, virtual private networks, code repositories, accounting applications, and other critical business uses. Easy access to all employee applications. system.
In the 2022 SpyCloud Ransomware Defense Report, 87% of surveyed organizations expressed concern about infostealer malware creating entry points for ransomware on unmonitored devices. Even with these concerns, most companies still allow their employees to access corporate applications from unmanaged personal devices, relying on BYOD policies or vendors or contractors with loose control over managed devices. It relies on it, expanding the attack surface available to adversaries.
Security Operations Center (SOC) teams can use SpyCloud Compass to identify when devices, applications, and users have been compromised by malware, even when the infected device or business application is outside corporate surveillance. increase. Incident responders can visualize the scope of each threat at a glance and see all the details needed for rapid remediation. This reduces the effort of researching the potential impact of compromised devices and enables a rapid transition from detection to response.
Post-infection remediation, a comprehensive malware infection remediation approach, allows security professionals to mitigate ransomware and other cyber-attack opportunities by resetting application credentials and disabling siphoned session cookies. A set of steps is now available that can be included in a traditional incident response playbook to mitigate Infostealer malware.
SpyCloud CEO Ted Ross said: “Compass was designed to solve this problem. It reduces enterprise risk by providing security teams with information that infected devices are accessing employee critical applications. If not addressed, it opens the door for attackers to access, steal, encrypt, and even erase corporate data.”
SpyCloud’s solution alone supports post-infection remediation and has the ability to prevent cybercriminals from launching full-scale cyberattacks. Cybercriminals act on the information they gain from infostealer malware infections, enabling security teams to properly remediate compromised entry points, reducing the duration of ransomware exposure. significantly shortened.
“The post-infection remediation process is often overlooked when it comes to dealing with malware,” says Ross. “Cleaning the infection from a device cuts the ties with criminals, but it does not address the authentication and access data that criminals have already stolen. Post-infection remediation is a gap in ransomware defense frameworks. It is now a must for organizations trying to address
SpyCloud Compass enables organizations to:
- Reduce the risk of ransomware by identifying hard-to-detect malware infections that provide entry points for malicious attackers.
- Identify threats beyond your control, such as personal devices infected with employee or vendor malware used to access employee applications.
- Reduced incident response time when investigating the potential impact of infected devices
- Mitigate long-term malware risk by taking incident response beyond standard device remediation
- Uncover never-before-seen compromised assets such as credentials and cookies for third-party applications such as SSO, VPN, and CRM.
- Focus on high-priority threats with clear indicators of malware-infected devices and exposed applications on corporate networks
[ad_2]
Source link