With the rising incidence of ransomware in the enterprise constantly grabbing the headlines, security firm Exabeam Inc. is trying to do something about it. The company has just introduced a new tool onto the market that tries to spot ransomware before it locks down an organization’s all-important files, by using machine learning-based behavioral analytics to track suspect behavior on internal networks.

Exabeam, which specializes in security analytics, says its early warning system is able to spot ransomware activity on corporate networks without the help of any third-party security tools. In addition, the new tool can also identify suspicious activity taking place in the cloud, in on-premises systems, and also on employees’ personal devices that connect to corporate networks, the company said.

The threat of ransomware is growing worse by the day, and so the ability to monitor networks for suspect behavior is now “critical to IT security”, said Exabeam CEO Nir Polak.

“Ask any CISO about their biggest challenge today, and ransomware will almost certainly be the response,” said Polak in a statement. “It’s bypassing security tools and overwhelming already-overburdened security analysts.”

Exabeam is one of a number of new security startups that have emerged in recent years touting analytics-based monitoring systems. According to a report on machine learning technology drivers released by 451 Research earlier this month, machine learning-based solutions are only “coming to security now because IT doesn’t believe that technology can prevent everything, and desperately needs a way of catching an attack before a customer reports it.”

“A lot of security incidents like ransomware, which encrypts your share file, are done by the time big data even starts analyzing,” the report continued. “So the [machine learning] trick is turning a big data problem (profile creation) into a ‘little data’ problem (anomaly detection), to be able to react quicker.”

The primary target for ransomware distributors has been hospitals and healthcare providers, due to their urgent need to access data, and also their ability to pay up quickly. However, attackers are rapidly switching to other targets, including universities. One recent case saw the University of Calgary in Canada pay a ransom of $20,000 in Bitcoin to decrypt emails and other important files.

The BBC says the problem will only get worse, with security researchers having identified more than 120 different types of ransomware.

“Ransomware and crypto-malware are rising at an alarming rate and show no signs of stopping,” the BBC quoted an Intel Corp. official as saying.

In the face of such a sinister threat, machine learning-based tools like Exabeam’s could prove to be a vital defense for organizations that can’t afford to be held to ransom. Exabeam’s tool uses data from the company’s existing logs to build up behavior profiles for each device and user within an organization. Doing so, it can compare unknown or suspicious activity that may indicate ransomware with pre-existing detection signatures through the analysis of anomalies in user behavior. The system attempts to avoid false positives by flagging incidents as ransomware only when the combined risk score of multiple suspicious activities reaches a certain threshold.

Exabeam’s tool doesn’t have ransomware blocking capabilities of its own – it’s a monitoring tool only, available as an add-on to its larger security analytics platform. However, numerous other security tools can integrate with the product, allowing IT managers to create administrative scripts that can isolate an infected computer from the rest of the network as soon as an anomaly is detected.

Photo Credit: noticiasseguridad via Compfight cc