Giving the reasons for the win, panel judge Brian Madden said, “You could literally put the product in, push GO, and get the benefits instantaneously.”
We were honored by the recognition and thrilled that the judging panel interviewed some of customers and heard firsthand how they were using the ExtraHop ransomware detection solution.
This year’s Best of Show award has implications beyond ExtraHop, however. It is significant that a security-focused solution won Best of Show the same year that the “Application, Data, and Network Security” category was introduced.
People are realizing that the old, perimeter-focused security model is broken, and needs to be augmented or replaced by a defense-in-depth approach. Moreover, the general interest in security coincides with growing awareness that security is everyone’s job.
In particular, ransomware has served as a call to arms for IT. Everyone is a target and the stakes are quickly ratcheting up.
Ransomware Is Hitting Critical Mass
According to Kaspersky Lab, ransomware infections doubled in 2015 and the trend looks sure to continue for as long as criminals find it a profitable business. An astounding 93 percent of phishing emails contained ransomware in Q1 of 2016, according to security company PhishMe. That’s nearly eight times the amount of ransomware detected in Q4 of 2015.
Part of the problem is that traditional approaches to security cannot keep up with the bad guys. Typical security products depend on signatures to identify and block malicious activity, but malware authors have automated tools to defeat signature-based detection. IT professionals are right to be nervous about ransomware—they know how much they could lose if even one attack gets past their firewall.
ExtraHop’s solution won Citrix Synergy’s Best of Show award because it takes a behavior-based approach to detecting ransomware, which is faster and more effective than a signature-based system. The extension of the ExtraHop platform focuses on CIFS storage traffic, specifically looking at the real-time WRITE activity and file extensions observed on the network.
After applying the ransomware bundle, ExtraHop customers can answer questions such as:
- Is there ransomware activity in my environment right now?
- Which clients do I need to take offline?
- Which files have been overwritten on which shares?
- Where is the malware coming from? Which IP addresses should I block?
- Who was “patient zero” and what was the initial attack vector?
Watch the video below to see what Brian Madden had to say about the ransomware detection solution during the award ceremonies.