Ransomware Can’t Encrypt What It Can’t See!
Announcing Stormshield Endpoint Security Ransomware Defense Edition
Stormshield has pioneered the security area of behavioral endpoint protection and continues to be the leader in detecting and stopping unknown malwares. For over a decade, while many well-known security vendors continued to push signature-based protections, organizations that were extremely concerned about attacks turned to Stormshield to eliminate Zero Day attacks and to stop malware that had never been seen before (or was even fileless). Today, in every test and comparison, Stormshield continues to be the industry leader in this aspect of malware prevention.
As organizations today are desperately searching for a way to protect themselves from a new malware threat (the ransomware variant), the SES-RDe capabilities to identify and stop the ransomware attacks from installing on computers is unprecedented and unmatched. Despite the creativity of the cyber-criminals and the tens (hundreds?) of thousands of ransomware variants, SES-RDe will almost always identify the attack and stop it before there is any damage.
Yet, despite this industry-leading capability to identify and stop ransomware attacks, Stormshield faces the same dilemma that all security vendors face (but most don’t want to talk about) – no product or combination of products on the market today will guarantee that they can stop all ransomware attacks. Even if a product like SES-RDe can cite detection and prevention rates of 99%+, given the volume of ransomware attacks that are flooding the world, that less than 1% penetration rate can still be a huge exposure.
The solution to this dilemma is direct and practical: Ransomware can’t encrypt what it cannot see.
Extension Whitelisting: Even a single successful execution of a ransomware can have devastating consequences for an organization. SES-RDe recognizes this and has developed the ultimate barricade against the true ransomware threat – encryption of targeted data. The only way that ransomware wins is if the targeted data is successfully encrypted. Even if a ransomware finds its way into your organization and executes on a computer, it still has not caused any damage. In order to “succeed” it must find a way to encrypt the files that have value to the organization so that the cyber-criminal can attempt to extract a ransom.
SES-RDe provides a unique Extension Whitelisting capability that limits the access to file extensions to specific applica¬tions (validated by executable signed certificate or checksum). This Extension Whitelisting barricade effectively neu¬ters the attempts of any ransomware to encrypt files while not disrupting the normal workflow of users and computers. SES-RDe can limit the access for “.docx” to only certain applications, for example Microsoft Office, Windows Explorer and Web Browsers, thus preventing unknown applications from having access to these extensions. To identify the applications that are allowed to make changes, SES-RDe can use digital signatures or checksums of the applications.
In addition to stopping the data encryption, the Extension Whitelisting application includes a range of security measures that recognize when an application is attempting to access files that it is not authorized for and a set of quarantine, remediation, notification and other proactive protection measures are automatically initiated across the enterprise.
SES-RDe: Industry leading protection to keep malwares out of your organization. Unique Extension Whitelisting to stop the tiny percentage that sneak by from doing any harm!
SES-RDe Ransomware Protection Features
SES-RDe provides a unique Extension Whitelisting capability that limits the access to file extensions to specific applications (validated by executable signed certificate or checksum). This Extension Whitelisting barricade effectively neuters the attempts of any ransomware to encrypt files while not disrupting the normal workflow of users and computers. For example, SES can limit the access for “.docx” to only certain applications: Microsoft Office, Windows Explorer and Web Browsers thus preventing unknown applications from having access to these extensions. Applications are validated by digital signatures or checksums of the applications.
Extension Whitelisting Attack Identification and Remediation:
SES-RDe also monitors and takes notice of the attempted encryption activities of the ransomware. Based on this gathered intelligence, SES-RDe will remove the ransomware from this computer and report this activity to the SES-RDe management console and also, optionally, send an alert to the SES-RDe administrator. A rule including the name of the executable or the checksum for this specific ransomware will be created and automatically propagated to all other SES-RDe protected computers. This rule will then block this ransomware from running and, if it is already on the computer, delete it.
SES-RDe identifies and stops ransomware prior to execution virtually eliminating the zero-day threat. SES-RDe even protects against fileless ransomware attacks that run completely in memory and can therefore bypass traditional signature-based security products. SES-RDe does not rely on easily defeated signatures, sandboxing, mathematic algorithms, etc. but instead SES-RDe uses a set of security layers that work against attempts to compromise the computer system – detection of exploited vulnerabilities (e.g., corruption of the memory in order to execute malicious code), detection of malware installed on the computer, detection of malicious actions and all other known attack methods – proactive, real-time.
Supplemental SES-RDe Ransomware Protections:
DLL Injection Protection
Hard Drive Protection
ANNOUNCING RDe SPECIAL PRICING
RANSOMWARE PROTECTION FOR LESS THAN $10 PER SEAT!
Matrix has announced a special 4th QTR program so that SES-RDe can be licensed by customers for less than $10 per seat. Additional quantity based tiered discounts are available for customers that increases the value even more. “Matrix has heard from our customers how much ransomware is concerning their organizations and we want to provide the first true ransomware protection at a price point where it fits into their budgets so that they can act quickly to eliminate this threat,” said Bob Foley, President of Matrix. “We understand the frustration of organizations that are tired of the confusing product hype being done by so many vendors about their ransomware “protections”. Our Extension Whitelisting provides the ultimate safeguard to be assured that your data will not be encrypted by ransomware.“
Learn more about SES-RDe: