Niara Adds Early-Stage Attacker Behavior to Ransomware Detection

Through the use of specifically-designed analytics that focus on the tactics of the exploit, analysts can see these attempts even before the ransomware gains a toehold in the customer environment.

Channel Partners

July 26, 2016

3 Min Read
Channel Futures logo in a gray background | Channel Futures

PRESS RELEASE — SUNNYVALE, CA – July 26, 2016 – Niara, a recognized leader in user and entity behavior analytics (UEBA), today announced the first application of UEBA machine learning to detect advanced attacks such as ransomware and whaling by including the behavior of the attacker to enhance the precision and timeliness of alerts. Through the use of specifically-designed analytics that focus on the tactics of the exploit, analysts can see these attempts even before the ransomware gains a toehold in the customer environment, and can take steps to stop them before they do widespread damage.

According to the 2016 Verizon Data Breach Investigations Report, survey respondents reported that 30 percent of phishing messages were opened and 12 percent clicked a malicious attachment or link, making it very easy for ransomware and whaling attempts to be successful and to gain a foothold in a customer environment.

Employees are often regarded as the weakest link in enterprise security, inadvertently contributing to organizations falling victim to advanced attacks. Niara now deploys automated monitoring and detection at each stage of the kill chain to deliver reliable, highly-actionable alerts that can be acted on to quarantine systems, alert users, or to determine who else in the organization has been affected. {ad}

“It’s clear that conventional defenses need a second dimension of analytics to deal with today’s highly targeted attacks such as ransomware or whaling,” said Michael Osterman, president, Osterman Research. “By applying machine learning models to an attacker’s behavior and across the kill chain, Niara has turned the tables on malicious outsiders who hide behind seemingly legitimate credentials and actions.”

Niara’s analytics solution comprehensively covers several stages of the attacker behavior:

At time of infection:

  • Email analytics to detect spoofed domains that unsuspecting users may click on and get infected

  • File analytics to detect suspicious file attachments that may infect the user

  • Anomalous indicators on the endpoint such as process or registry changes

Command and Control (C&C) Stage:

  • Anomalous DNS requests and beaconing activity

  • Integration with threat intelligence feeds for …

{vpipagebreak}

  • …known indicators of compromise

Internal Activity:

  • Network scans and abnormal access to internal resources

  • Behavioral indicators of encryption attempts on hosts, network file shares or cloud storage services

“Ransomware and whaling are on the rise and our researchers have discovered that these attacks are specifically designed to evade standard cybersecurity defenses and cause significant damage,” said, Sriram Ramachandran, CEO and co-founder, Niara. “Niara’s machine learning-based models identify the subtle changes in behavior across multiple attack stages– infection, command and control, network scans, encryption routines and when combined with other attack indicators, enable security teams to detect ransomware and whaling attempts earlier and protect an organization before irreparable damage is done.”

To learn more about Niara’s ransomware solution, visit the Niara booth (#1272) at Black Hat USA in Las Vegas from August 2 – 4, 2016.

Additional Resources:

About Niara
Niara’s behavioral analytics platform automates the detection of attacks and risky behaviors inside an organization and dramatically reduces the time and skill needed to investigate and respond to security events. The solution applies machine learning algorithms to data from the network and security infrastructure to detect compromised users, entities, and negligent or malicious insiders, reduce the time for incident investigation and response, and speed threat hunting efforts by focusing security teams on the threats that matter. Headquartered in Sunnyvale, Calif., the company is backed by NEA, Index Ventures and Venrock. For more information, visit www.niara.com.

Read more about:

Agents
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like