Aiming to help reduce the risk of cloud-deployed ransomware, security firm Netskope on Oct. 17 announced new capabilities for finding and remediating ransomware attacks. Ransomware protection is a new capability in the Netskope Active Threat Protection platform, a malware detection and remediation technology.
Understanding how cloud applications work is a core capability of Netskope, said Sanjay Beri, founder and CEO of Netskope.
"Our focus has always been how to help people to govern the cloud and set security policies," he told eWEEK. "With this announcement, we're focused on preventing ransomware threats for end users and companies because these threats are very easily propagated in the cloud."
Beri founded Netskope in 2012, after spending eight years in different management capacities at Juniper Networks. A core promise behind Beri's drive to start Netskope was about enabling organizations to use the cloud safely with proper enterprise-grade governance and security.
Ransomware isn't a desktop-only phenomenon; it has a very direct connection to the cloud and can be used to spread malware and ransomware because there are a large number of ungoverned cloud applications, Beri said.
"We understand how cloud applications work so we can tell you what folks will be doing with applications that could put them at risk," Beri said.
There are approximately 70 different variables that Netskope tracks about cloud application behaviors, he said. For example, if files are suddenly being encrypted or if multiple file permissions are changed on a cloud storage service, those actions could be indicators of a ransomware attack.
One particular risk with cloud-based file sharing services and ransomware is that files are often synchronized across multiple devices and users. As such, one infection in a cloud-based file can propagate widely infecting multiple users. Additionally, users are increasingly relying on the cloud to save data, making the cloud a lucrative target for ransomware writers that are specifically going after data.
"The cloud is a great way to spread ransomware," Beri said.
Netskope's new ransomware capability is an effort to help restrict the ability of ransomware to use the cloud to spread out and infect groups of users.
"What we have developed is an algorithm that detects indicators of compromise within cloud applications," Beri said.
The second part of the Netskope ransomware protection technology is the remediation piece. Once Netskope discovers a potential ransomware compromise of a cloud application, that platform can revert the user back to a clean copy of the file, Beri said.
"So without a user doing anything, we remove the ransomware-encrypted file and revert back to a known good version," Beri said.
From a corporate perspective, Netskope is sometimes grouped into a category that analysts refer to as the Cloud Access Security Broker (CASB) space, though Beri noted his company isn't a traditional CASB.
"Our viewpoint is we want to do everything that's needed to protect a cloud application, and it doesn't matter if you call it CASB or not," Beri said. "The goal is to secure cloud applications."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.