The News: Cisco announced in early August that it had enhanced its Extended Detection and Response (XDR) solution to include ransomware recovery capabilities to its response process. Utilizing a new integration with infrastructure and enterprise data backup and recovery vendor Cohesity, security operations center (SOC) teams can automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak, often before it has had a chance to move laterally through the network to reach high-value assets.
See the Press Release containing additional details on the solution on Cisco’s website.
Cisco Enhances Its Extended Detection and Response (XDR) Ransomware Solution
Analyst Take: Through a partnership with Cohesity, Cisco announced it has enhanced its XDR solution to include ransomware recovery capabilities to accelerate data protection and automated recovery from potential attacks as soon as an intrusion is detected. Cohesity’s DataProtect and DataHawk solutions are now integrated with XDR, and enable customers to preserve potentially-infected virtual machines (VMs) for future forensic investigation, while simultaneously protecting data and workloads in the rest of the environment.
Cohesity DataProtect is a secure backup and recovery solution that provides policy-based protection for cloud-native, SaaS, and traditional data sources. Meanwhile, Cohesity DataHawk leverages AI and machine learning (ML) to detect user and data anomalies that could indicate an emerging attack, utilizes threat intelligence to ensure recovery data is malware-free, and, with data classification, enables organizations to determine the exposure of sensitive and private information when a ransomware attack occurs.
DataHawk also provides an additional layer of security for recovery by permitting data to be isolated from the network quickly. The solution can also be integrated with security operations and existing incident response and remediation processes.
The use of AI and ML to detect user and data anomalies are key tools to quickly identifying potential attacks, and then ensuring that sensitive company and customer data is quickly locked down and secured. Should the ransomware attack occur, the cybercriminals’ leverage will be significantly diminished.
Ransomware Attacks Remain a Threat to All Types of Organizations
According to statistics from Cyberint, there were 1,386 ransomware cases in Q2 2023, an increase of 67% over Q2 2023 statistics, and an increase of 97% compared with the same period a year ago. The country most targeted for ransomware attacks is the United States, with 574 victims, followed by the United Kingdom (60 victims), and Canada (57 victims).
From an industry perspective, the business services sector (255 victims) was the most frequently targeted, followed by retail (168 victims), manufacturing (156 victims), and finance (132 victims), according to Cyberint.
These statistics highlight the need for enterprises to deploy solutions to quickly identify intrusions, lock down key applications and data, and quickly preserve infected machines so that a full forensic investigation can be undertaken to help prevent future ransomware attacks.
Hybrid Work Practices Create Opportunities for Ransomware Attacks
Ransomware works by infiltrating an organization’s systems, and ransomware attacks generally utilize a few points of entry which have been exacerbated by hybrid work practices. For enterprises with a bring-your-own-device (BYOD) policy, there is a greater use of introducing ransomware via a phishing email. For example, a worker may receive training on how to avoid phishing attacks, but if other family members have access to a device with access to corporate software and they fall for the phish, then the ransomware could be downloaded and executed on their computer, which may have stored usernames and passwords to various corporate software or resources.
In addition, many organizations do not maintain strict security on remote devices, particularly smartphones or tablets. This is often because users will complain about the added friction that strong security measures generate, and to acquiesce to their demands, security administrators may not demand or closely monitor the devices to ensure they are properly secured.
For remote or hybrid workforces, this creates a potential weak link that could be exploited via a ransomware attack. For example, a stolen smartphone that can access corporate apps that is not able to be immediately remotely wiped could allow hackers to infiltrate company applications. In this example, a cybercriminal could access a collaboration workspace app on the phone using a trusted workers’ account and upload malware into the application with a message that looks legitimate, thereby enticing other team members to unwittingly download a ransomware file to the system.
Cisco’s Open Approach to Deploying XDR Ensures a Comprehensive Approach to Security
Most enterprises use a wide range of business applications, solutions, and devices. By using an open approach to XDR, Cisco notes that any ransomware recovery actions can be taken across all integrated solutions, across multiple security vectors, and third-party vendors. This is especially important for organizations with remote or distributed workforces, and organizations that utilize a hybrid on-premises/cloud enterprise application deployment framework.
Employee-Focused Ransomware Attack Education Should Be Ongoing and Consistent
As my colleague Dave Raffo noted in his research note detailing a survey on cybersecurity, chief information security officers (CISOs) need help – both externally and internally – to secure their organizations. That means workers, from the C-suite on down, should receive regular and consistent training on how to remain vigilant against cyberattacks and phishing attempts, best practices for properly accessing, sharing, and sending data, and solid initiatives to secure physical devices, such as laptops, smartphones, or tablets.
Ultimately, as enterprise organizations continue to embrace cloud-based, SaaS applications, and mobile applications, the potential to attract unwanted attention from cyberhackers who wish to exploit security vulnerabilities will remain. A combination of strong security applications and robust security procedures will be the best defense against successful ransomware attacks.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Cisco Live 2023: Cisco Launches AI-Powered Security Cloud to Empower Enterprise Security Teams
Cisco Eyes Perfect Network Assurance Vision with Accedian and SamKnows Acquisitions
Author Information
Keith has over 25 years of experience in research, marketing, and consulting-based fields.
He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.
In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.
He is a member of the Association of Independent Information Professionals (AIIP).
Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.
