Portnox debuts anti-ransomware technology

The new system is designed to bring heavy automation to ransomware reconnaissance and remediation.
By Bill Siwicki
10:35 AM

Cybersecurity firm Portnox has launched Rapid Ransomware Response and Control, a new product that is part of the vendor’s on-premise and cloud-based Network Access Control Solutions, dubbed Portnox CORE and CLEAR.

The announcement comes as many hospitals are getting pinged daily with attempts by cybercriminals to get ransomware inside their secure networks. And big attacks like WannaCry and Petya can do a lot of damage, with more such attacks sure to come.

[Also: Researchers find Petya ransomware vaccine, but no kill switch]

Rapid Ransomware Response and Control allows for quick recovery by automatically disconnecting infected devices, as well as those devices that are prone to infection or missing necessary patches, to prevent the lateral spread of ransomware throughout a network, Portnox explained. By providing full visibility into all network devices, Rapid Ransomware Response and Control enables organizations to identify unpatched devices and those lacking anti-virus updates, and automatically install updates across the network, the vendor added.

The new cybersecurity product also identifies unmanaged devices, which cannot be patched and pose significant risk – a major factor in the EternalBlue exploit attacks – automatically removing them to a firewalled or segmented network with limited network access, Portnox said.

[Also: Despite overtime and weekends, cybersecurity professionals are happy]

Remediation capabilities include disconnecting or quarantining managed network devices that have been infected or are likely to be infected; activating a script for patching those machines, pushing a specific patch to update a machine, and segmenting or isolating infected devices into a separate part of the network with limited Internet connection and restricted access to sensitive organization information, Portnox explained.

In addition, Rapid Ransomware Response and Control remotely disconnects ports on all network devices to control the lateral spread of an attack throughout the organization and to minimize the IT resource burden of manually disconnecting network devices, the company added.

[Also: Expert tips on bracing for future WannaCry attacks]

There are other anti-ransomware products on the market. For example, Cisco markets its product called Cisco Ransomware Defense. Cisco said the system protects an organization from the DNS layer to e-mail to end-points, and that it’s backed by Talos threat research.

Another company with an anti-ransomware offering is Crowdstrike with its CrowdStrike Falcon. CrowdStrike Falcon’s end-point protection, the company said, offers next-generation anti-virus protection that incorporates machine learning augmented with behavioral analysis that looks for indicators of an attack, with the goal of detecting suspicious behavior before an attack occurs.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.