Ransomware Defense and Restoration Services

Progent's ProSight Active Security Monitoring (ASM) services include behavior analysis heuristics to provide best-in-class defense for endpoints as well as servers. This approach to malware defense addresses the new wave of cyber threats, such as crypto-ransomware, which easily evade detection by conventional signature-based anti-virus (AV) techniques.

ProSight ASM offers small and medium-sized companies the advantages of the identical anti-virus technology used by many of the world's biggest enterprises including Netflix, Visa, and Salesforce. By delivering in-line malware filtering, detection, mitigation, repair and analysis in a single integrated platform, Progent's Active Security Monitoring lowers total cost of ownership, streamlines administration, and promotes rapid recovery. The next-generation endpoint protection (NGEP) incorporated in Progent's Active Security Monitoring was ranked by Gartner Group as the "most visionary Endpoint Protection Platform (EPP)."

ProSight Active Security Monitoring remote services rely on a small-footprint software agent running on every protected device to create an active cybersecurity matrix that reacts to potential attacks instantly and sets into play unified protection featuring:

• Instant protection for Windows, Mac, Linux, iOS and Android devices
• Protection for VMs running Windows Hyper-V, VMware vSphere, and Citrix XenServer virtualization platforms
• In-depth operating system-level monitoring
• Signature-independent heuristics and automation
• Cutting-edge behavioral analysis
• Detection of new generation attacks from all vectors
• Automated after-attack remediation
• Single-click resumption of most recent secure state following a crypto-ransomware attack including Ryuk, Maze, Sodinokibi, Netwalker, Conti or Nephilim
• Instant and automatic inoculation throughput the complete grid of protected devices
• Immediate visualization of an attack's progression through your system
• Extensive forensics for identifying vulnerabilities
• Unified web-accessible management tool
• Complies with HIPAA and PCI regulations

Progent's ProSight ASM and Today's Cybersecurity Environment
Over 97% of ransomware break-ins could have been blocked by modern cybersecurity tools. Unfortunately, some attacks will succeed despite the best protective measures. Today's security landscape is too crowded with tireless extortionists, including state-funded hackers, for any enterprise to consider itself entirely safe. With this in mind, Progent's ProSight ASM is designed not simply to prevent ransomware from establishing a foothold on your information network, but also to react decisively to any breach. This entails immediate isolation of compromised machines, automatic threat removal, fast immunization of all machines via local agents, one-click restore to a safe and comprehensive forensic analysis to show you how to bolster your security profile to foil subsequent attacks. By providing leading-edge defenses during all facets of a malware assault, ProSight Active Security Monitoring offers a comprehensive platform for dealing with today's increasingly dangerous cybersecurity environment and avoiding the economic and reputation loss associated with a serious security breach.

Endpoints such as PCs, notebooks and smartphones are the most vulnerable and most typically attacked elements of a network. Progent's ASM services provide a single endpoint protection (EPP) solution to handle the complete lifecycle of a cyber attack including blocking, identification, remediation, cleanup and analytics. Threats managed by Progent's ProSight ASM include:

• File-dependent attacks such as ransomware, worms, and payload-based assaults
• File-less and memory-only malware with no disk-resident indicators
• Document-based malware embedded within macros and Office and Adobe files
• Phishing email-based assaults which make up a high percentage of cybersecurity breaches)
• Browser-based attacks integrated in drive-by downloads, Flash, JavaScript, VBS, iframe, and plug-ins
• Live attacks based on scripts such as PowerShell, Powersploit, and VBScript
• Credential-dependendent assaults such as credential-dumping, and mimikatz

Next-generation anti-virus tools supplement conventional signature-based detection with behavior monitoring. This technology tracks the activity of a potential threat and decides if the activity is typical and safe or abnormal and possibly threatening. For instance, does the code under observation impact an exceptionally large number of processes? Does it modify the registry? Does it log keystrokes? Essentially, behavior analysis focuses on potentially dangerous actions instead of on a fixed digital signature, which a cyber criminal can easily nullify simply by changing a few bytes of malicious code.

Prevention: Prior to the Break-in
Novel malware attacks are being manufactured quickly enough to swamp the ability of signature-style anti-virus software vendors. The market started to recognize the shortcomings of signature-matching endpoint protection around 2012. Since that time the situation has grown more serious.

Progent's ProSight Active Security Monitoring uses modern cloud-based anti-virus labs and whitelisting/blacklisting services from leading providers to block known malware attacks. This combined with deep file inspection and shared blacklisting and whitelisting give Progent's ASM an edge over traditional AV products. Still, prevention is only the initial phase of next-generation AV defense. Sophisticated exploits, file-less and script-dependent malware easily slip by signature-matching defenses. For example, hackers often use a packing technique to encrypt a malicious file's format so security labs and anti-virus software are unable to recognize the attack.

Detection and Mitigation: During the Assault
The second part of the EPP lifecycle involves reacting to an attack while the malicious code is executing following a breach. Progent's ProSight Active Security Monitoring uses advanced endpoint protection techniques to detect malicious activity resulting from any attack that penetrates the initial line of protection. To modify information, even file-less threats like memory-based malware perform recognizable behaviors like as making an executable file with no permission. ProSight Active Security Monitoring's small-footprint resident software agent monitors activity in every protected endpoint device and utilizes advanced behavioral threat analysis and deep activity background to detect new assaults immediately after they start. When an attack is identified, ProSight ASM at once quarantines the affected endpoint from the network to minimize the damage. Because the ProSight ASM software agent runs independently, endpoint devices stay secured even if they are detached from the Internet.

Restoration: After a Break-in
After isolating an attack, ProSight ASM initiates the remediation phase of protection. If Progent's ProSight ASM is implemented with Microsoft Windows VSS, changes to data made by a malware attack can be immediately rolled back to a safe state with one click. ProSight Active Security Monitoring also logs any system-level files and configurations that were changed by the attack and what files were recovered. When Progent's Active Security Monitoring uncovers a new malicious binary, the malware code is flagged and any devices on the system that are secured by software agents are vaccinated against the new assault. Also, the Progent's ASM management tool includes comprehensive forensics such as an informative display of the attack's storyline across the network from beginning to end. This audit trail of how an assault progressed through the network assists your IT staff to assess the impact and highlights shortcomings in security policies or processes that need to be corrected to prevent future break-ins.

Download the ProSight ASM Datasheet
To download or read a PDF datasheet describing the key features of Progent's Active Security Monitoring services, click:
ProSight ASM Ransomware Protection Services Datasheet. (PDF - 89 KB)

Contact Progent about ProSight Active Security Monitoring Services
To find out more information about how Progent can assist you set up an affordable and effective crypto-ransomware defense system with Progent's Active Security Monitoring service, call 1-800-462-8800 or see Contact Progent.