Netskope claims industry first with ransomware detection and recovery system

18 October 2016

The vendor’s Active Platform now has the ability to scan sanctioned cloud services for unauthorised encryption.

The vendor’s Active Platform now has the ability to scan sanctioned cloud services for unauthorised encryption.

Netskope has added ransomware detection and recovery capabilities to its threat protection system. 

It says the Netskope Active Platform now has the ability to scan sanctioned cloud services for unauthorised encryption due to a ransomware infection, and quickly remediate the effects of a ransomware attack without paying a ransom.

The company claims this proprietary method of ransomware detection is an industry first.

Netskope Threat Protection leverages the versioning capabilities that leading enterprise cloud storage services have integrated into to facilitate collaboration and protect data. 

It uses these capabilities in its recovery system by incorporating an integrated workflow to recover files to earlier versions unaffected by ransomware.

Netskope says Threat Protection examines files that are stored in (or have been synchronised with) sanctioned cloud services, such as Office 365, Box or Dropbox

It then utilises proprietary machine learning to monitor file operations and advanced data transformation algorithms to detect unauthorised file encryption across more than 70 dimensions. 

As a result, it’s claimed the  system can quickly detect new ransomware outbreaks that spread into sanctioned cloud services.

Netskope says it provides “deep” cloud context to help identify the source of the ransomware infection and, through integrations with endpoint detection and response solutions, can trigger the isolation and remediation of affected endpoints. 

After the active ransomware infection is contained, the firm says Threat Protection quickly restores encrypted files to earlier, unaffected versions, which are subsequently synchronised with any other affected endpoints.

Netskope says that with cyber criminals collecting $209 million in the first three months of 2016, ransomware is on track to become a $1 billion crime this year. 

In its recent Cloud Report, the company said 43.7 per cent of detected types of malware are common delivery methods for ransomware, including Javascript exploits and droppers and Microsoft Office macros.