The solution automatically detects and remedies attacks
Statistica recently confirmed something we all already knew.
In 2020, when covid-19 first emerged, ransomware attacks increased significantly.
They’d been pretty much stable for three years up until that point. But, for some people, the pandemic was apparently an opportunity. In a single calendar year, worldwide ransomware attacks increased by 62%.
The increase is alarming, of course. And what surely makes it more alarming is the characteristics of certain attacks. In 2020, we know criminals used things like ‘vaccine information’ and promises of financial assistance to trick victims – who were of course mostly working remotely, which KPMG suggests increases risk.
It’s clear the threat landscape is changing rapidly alongside social changes. Ransomware remains a major security threat and becomes more and more efficient and successful with each iteration. Cyber criminals are extremely agile and adapt very quickly to new market situations, becoming increasingly sophisticated in getting through security barriers.
And that’s precisely why (or at least one of the reasons!) I’m so excited about a new direct integration between Rubrik and Palo Alto Networks. Because the integration gives companies the ability to detect and remedy ransomware automatically.
‘Automation at its finest’
The solution relies on technology from Rubrik. But it also relies on technology from Palo Alto. In fact, it combines the two to build something that’s definitely more powerful than the two technologies summed.
From Rubrik, you get the ability to monitor files, classify files and detect anomalous file changes (which is of course an indicator of a ransomware attack).
Next, technology from Palo Alto Networks gives you the power to take action automatically. For a long time our industry has discussed the power of automation. If you ask me, this is automation at its finest.
The alliance makes detecting threats simple, as we’ve already discussed. It also generates rich incident analyses – which can be automated. Crucially, it allows teams to recover from ransomware attacks (by reverting to automatically saved backup files) extremely quickly. In fact, just one mouse click is all it really takes.
From what I’ve seen of the technology, this all takes place remarkably quickly. A threat is detected. It’s analysed. Automated processes can halt the potential attack.
The potential attack can then be checked by a human. And, should our human confirm the potential attack is in fact ransomware, automated processes can execute an automatic recovery.
Several security problems solved
For me, what makes the new solution so exciting is it solves so many of the issues that plague security teams today. Alert fatigue, for example: Security teams forever face an increasing barrage of noise, and the louder this becomes, the more difficult responding to alerts is.
Especially when a response is manual – and involves multiple, siloed security solutions.
The Rubrik and Palo Alto Networks partnership seems to tackle all the above problems simultaneously. It’s like a single bowling ball knocking down multiple skittles at once.
An extraordinary advance
From my perspective, it seems quite hard to overstate the benefits of the new solution. If you imagine a ransomware attack without the solution – with the chaos that would inevitably ensue, the lost productivity and the drawn-out post mortem – the advance is truly extraordinary.
Files are classified and monitored automatically. Following a potential incident, you get to see which files were affected, when and how. You can recover in a single mouse click. Threat detection speeds are minimal. Recovery speeds skyrocket.
I’m not going to say the new solution renders ransomware threats redundant, because it doesn’t. But it does reduce the need to worry about a threat that occupies so much mental bandwidth; a threat that’s constantly evolving and a threat that, unfortunately, remains lucrative to cyber criminals.
We all know automation needs to become a security priority. We’ve known that for a long time.
The Rubrik and Palo Alto integration unleashes automation at its finest.
Both channel partners and end users should definitely take note!
This post was written by Denis Ferand, VP of Vendor Alliances. Those interested in Rubrik’s direct integration with Palo Alto Networks’ Cortex XSOAR can contact us for training, case study references, and lead-gen campaigns and ideas.