Ransomware Investigation Powered by Machine Learning
The Ransomware Investigation platform is extremely advanced and intelligent, using machine learning to watch over an organization’s data and storage. Over time, it creates a baseline of behavior that is unique to every organization. Thereafter, it can analyze elements such as file properties, change rate, content type and entropy changes to files.
If it spots an anomaly, it will alert users about any indications of an attack getting through to other defenses. All of that processing is conducted within the cloud, so there is no impact on the local network.
DIVE DEEPER: Discover why layered security is essential to health systems' incident response planning.
A Quick Response to Ransomware Attacks
Restoration in response to a limited attack can take time. But with Ransomware Investigation, once an attack is confirmed, it can show administrators exactly what files have been compromised and how the attack was able to penetrate other defenses. This allows administrators to shore up their security and enables targeted restoration.
Instead of restoring everything — potentially, terabytes of information — only the files that were corrupted need to be replaced. That can cut down the time required to return to full operations from days or weeks to just a few hours.
Ransomware Investigation is a powerful tool that acts as a force multiplier for other defenses. That’s great news in healthcare, where protection is paramount for supporting patient care.
PRODUCT TYPE: Ransomware recovery platform
DEPLOYMENT TYPE: Core components operate within the cloud
THREATS MITIGATED: Ransomware, or anything else that corrupts or erases data
KEY FEATURES: Anomaly detection and automated recovery
ADDITIONAL CAPABILITY: Can be used for post-breach analysis to see what went wrong