Security News > 2021 > September > Tooling Network Detection & Response for Ransomware

Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.

To track where the ransomware is looking for business-critical data, organizations often use a network detection and response solution.

While the idea of lateral movement is straightforward, one of the most important reasons for tracking network connections for for it is that it significantly reduces the dwell time for ransomware infections.

Understanding how malicious software is connecting throughout your network requires having an NDR system capable of collecting network flow data and analyzing it.

If organizations can ingest high-fidelity flow data into their NDR system, they will have valuable details relating to the network traffic that will further reduce the amount of time that ransomware is left on the network.

Most network hardware would suffer significant performance degradation if packet capture were happening on the network directly.

News URL

https://threatpost.com/network-detection-response-ransomware/169290/