Ransomware Detection

Ransomware is a significant threat and monitoring your networks and IT systems for indicators of compromise from ransomware and other cyberattacks is essential. However, this is a specialized task, and the criminals who are targeting organizations try to hide their activities after gaining access. Critical Insight's 24x7 Managed Detection and Response (MDR) provides expert monitoring of your networks and IT systems so that activity indicative of ransomware can be spotted, and attacks stopped in their tracks.

24x7 Threat Detection and Investigation

Protecting a network requires monitoring everything that is attached, then looking for known threat activities, monitoring for anomalous behavior that might indicate a new attack, and then taking the appropriate steps to mitigate any threats. Critical Insight's 24x7 Threat Detection and Investigation Service delivers this full time. It is part of the broader suite of services that make up a full-spectrum defense offering. Our 24x7 Threat Detection and Investigation is part of the Managed Detection and Response part of Critical Insight's services. The diagram below shows the upper half of our Defense Services Wheel with the five areas included in 24x7 Threat Detection and Investigation.

This monitoring of on-premise networks, public cloud infrastructure (Azure, AWS), Microsoft 365 SaaS solutions, endpoint devices, and the rapidly growing IoT and Operational Technology (OT) sectors happens from the Critical Insight Security Operations Centers (SOCs). The SOC staff know what to look for to detect even the stealthiest ransomware, and they take immediate remedial action to prevent ransomware from spreading to limit the damage.

Here's how the SOC monitors and protects each of the five network areas to detect ransomware activity.

Traditional On-Premise Networks - a Critical Insight collector sits inside the network behind the firewalls so the SOC can scrutinize logs and replay entire events through packet capture to produce deep insights with actionable detail.

Public Cloud Infrastructure - for AWS cloud deployments, the SOC monitors Amazon's GuardDuty and investigates and responds to any alerts. SOC analysts monitor traffic through the AWS firewalls, any traffic connecting to VPC instances, and admin activity on the AWS account. For Azure, the SOC monitors alerts, the Azure AD audit logs, and Azure AD sign-in logs using the Microsoft Graph API. The SOC investigates any anomalies shown in alerts and other data, and then actions are taken to eliminate the risk.

Microsoft 365 - the SOC investigates Microsoft Cloud App Security (MCAS) alerts fully, combining that data with all other available sources to detect phishing, credential stuffing, and other attacks which may originate in the cloud but have an effect elsewhere in your infrastructure.

Endpoint Devices - the SOC monitors alerts from your endpoint device solution (irrespective of which one you use) and investigates suspicious activities on the endpoint. If you don't have an Endpoint solution in place, then Critical Insight can help you choose and deploy one.

IoT & OT - most IoT and many OT devices cannot use an endpoint agent, which makes it hard to monitor and secure them. The SOC can alleviate this issue by monitoring the device's network connection and traffic and by integrating with industry leading IoT/OT discovery solutions.

See Also: