Neutering Ransomware Through XDR
Ransomware groups typically shoehorn their way into a victim organization and then employ a variety of techniques to move laterally throughout the victim’s network, said Sophos CEO Kris Hagerman. It often becomes a footrace between the attacker moving from one estate to the next to find and exfiltrate valuable information while the defenders try to close doors and block hallways to minimize exfiltration.
Well-implemented XDR (extended detection and response) technology can make the attacker’s life more difficult by removing the gaps between network, endpoint, server, and email security products, he said. Humans have struggled to look quickly across all of a company’s data and get actionable insights on their own, and Hagerman said businesses should leverage automation and ML to accelerate that process.
At the same time, Hagerman said human analysts have a very important role to play when it comes to pattern recognition around more advanced attacks. By putting all of an organization’s information in the same place with a rich set of telemetry and granular data, Hagerman said appropriately executed XDR can prevent and detect ransomware attacks.