Ransomware is notoriously difficult to defend against
Why?
Because ransomware is targetted specifically at your organisation and its signature is unique.
That uniqueness makes it difficult for signature based security solutions such as traditional endpoint security solutions, such as anti-virus, to identify.
MemCrypt is an agent based endpoint solution which identifies ransomware activity, even for new classes of attack.
How?
MemCrypt detects illegitimate/unauthorised encryption activity.
Much of the encryption performed on the endpoint will be legitimate.
MemCrypt distinguishes between known and unknown encryption based on an application allow list.
The allow list can be managed locally or centrally by the organisation, using MemCrypt’s tooling to identify the trustworthiness of the applications installed across your organisation.
Encryption performed by applications which have not been identified as trusted are flagged as potentially suspicious.
Once identified, MemCrypt immediately alerts your security team with recommendations for follow up action.
The suspicious activity can be immediately stopped or managed in accordance with your organisations established protocols.
MemCrypt integrates with a range of SIEM solutions including Splunk and Microsoft Sentinel.
A suspicious activity alert on the MemCypt management console.
Once ransomware activates and is detected, MemCrypt can immediately Stop it and prevent disruption.
