Imperva Detects and Protects Against Ransomware with the Introduction of SecureSphere v12

Real-time, deception-based approach protects against ransomware before valuable data is encrypted

Imperva announced the release of Imperva SecureSphere File Firewall v12 with real-time deception technology designed to detect ransomware and to prevent it from encrypting enterprise data. The Imperva deception technology adds decoy files to network file shares, luring hackers to strike there first so they can be neutralized before encrypting critical data.

According to the FBI, ransomware is a growing problem, with hackers expected to take in nearly $1 billion from ransomware payments in 2016. Even if victims have backup files or are willing to pay the ransom, the costs associated with productivity downtime add up quickly. Additionally, the availability of ransomware-as-a-service combined with high profits for the attackers means ransomware attacks are likely to escalate in 2017.

Imperva SecureSphere File Firewall uses real-time monitoring to constantly watch file access activity and provides an audit trail showing who, what, when, where and how data was accessed. The solution also incorporates deception-based technology to identify and quarantine users infected with ransomware. This is designed to isolate the ransomware, preventing it from accessing other network file servers while also allowing users who are not infected to continue to access the file share.

Once ransomware behavior is detected, SecureSphere policies quarantine the infected system and block it from accessing enterprise file servers. It also alerts administrators so that infected systems can be remediated.