So-called ransomware, which is malicious software designed to block access to a computer system until a sum of money is paid, is reaching epidemic proportions. To counter the threat, security vendors haven been attempting to respond with new network monitoring tools designed to mitigate the problem.

One such vendor is Netwrix Corp., which has just released an update to its Netwrix Auditor tool with new capabilities allowing organizations to respond immediately to ransomware and prevent it from locking down their most critical data.

Netwrix Auditor is a behavior analysis and risk mitigation platform that allows companies full control over changes, configurations and access to their hybrid cloud environments, no matter where they reside. The idea is that it monitors network traffic to detect anomalies in user behavior and investigate threat patterns before a data breach occurs.

With the update, Netwrix Auditor 9.0’s new secret sauce is something called “threshold-based alerting,” which monitors file servers for activity that could indicate the presence of ransomware. This new feature also allows companies to monitor other suspicious behavior patterns in their networks, be it on-premises or in the cloud. It’s flexible too, allowing users to specify behavioral patterns they consider to be risky, or otherwise choose from a list of predefined alerts.

Because of this high-level monitoring, Netwrix Auditor allows users to respond as soon as threats are identified by blocking access to the network or granularly restricting access to certain data.

“Unfortunately, it is extremely hard to distinguish [ransomware] from typical user activities until the culprits inflict serious harm,” said Michael Fimin, co-founder and chief executive of Netwrix. “Deep visibility into user activity and alerts on threat patterns empower organizations to detect anomalous behavior and mitigate cyberrisks, while role-based access control enables them to provide the right people with appropriate and timely access to security intelligence.”

Netwrix Auditor 9.0 also comes with a new add-on for Cisco that allows for “pervasive” visibility into the activity of network devices. Such activity is normally minimal, the company said, so the add-on allows users to easily spot outliers and prevent malicious actors from gaining control of their network traffic. The software also produces reports aligned with the GDPR, CJIS, GLBA, FERPA and NERC CIP compliance standards, helping companies to reduce preparation time for security audits.

Image: Bykst/pixabay