By signing up you accept the Terms of Service and Privacy Policy

Zero Ransom Initiative

Below is an article originally written by Chris Finan and published on March 30, 2021, in ActZeroAI's blog. Go to ActZeroAI's company page on PowerToFly to see their open positions and learn more.

Our goal as a company is to get our customers to zero... zero breaches, zero threats, zero vulnerabilities, zero inadequate cybersecurity controls. We've committed to achieve this by continually investing to outpace the adversary across our technology, people and processes. Today, I'm excited to share insights about one of our highest priority investments: advanced ransomware protection.

The Ongoing Threat of Ransomware

You don't need to look far for evidence of this problem; ransomware (and the business disruption associated with it) is a top concern for IT leaders. My colleagues have spoken previously about the evolution of both the technology and tactics surrounding ransomware as well as measures you can take to combat this growing threat. In this post, I will describe the project, including the measures our threat hunters, data scientists, and security engineers are taking in order to solve this problem. I'll elaborate on the reasons we are 'betting big' on this solution. And, I'll share how we're leveraging these investments to help our customers drive their ransomware risks toward zero.

Priority Initiatives

We're making exciting investments across many facets of our service, including these three we believe will deliver the most impact for our customers in the coming months:

  1. Expanded Coverage for Cloud and Network Attack Vectors

    We've long touted the necessity of gathering telemetry across the entire environment. This wealth of data has enabled new detections and response capabilities for network and cloud detections specifically. We have also created new anomaly detection models that improve the precision and efficiency of our threat hunting; while this is important for us as a service provider, it's even more important for our customers, who benefit from faster detections and response, especially for unknown threats. This is how most ransomware attacks start: through account takeover, phishing and misconfiguration exploits; so expanding our detection coverage to address these vectors drives down ransomware risk.
  2. Self-Service Security Maturity

    We're constantly looking for new opportunities to help our customers stay ahead of increasingly sophisticated attacks that we're seeing target SMB organizations. To that end, we're also continuing to expand our maturity model functionality, which we now deliver through an interactive web portal. The maturity model helps our customers shift into a more proactive security posture while automating tedious compliance tasks. The portal, which serves as a vehicle for our detailed and prescriptive reporting, as well as self-directed evidence repository for customers, helps our customers reduce their attack surface further by removing and remediating vulnerabilities. Exceptional hygiene still plays a role in preventing ransomware - CSO magazine notes that 60 percent of breaches in 2019 involved vulnerabilities for which a patch was available but not applied. Following recovery of key systems after a ransomware attack, many organizations begin hardening their systems with these types of controls. You shouldn't wait until after an attack before you begin hardening your defenses. Our portal makes it easier for our customers to proactively drive down their risks.
  3. A New Prevention Standard

    Unfortunately, proactive hardening isn't always sufficient to stop advanced attacks, so we're complementing that with our newest investment initiative: Creating a new standard for ransomware and data extortion attack prevention. We're training our machine learning models on ransomware specifically, to yield detections that extend beyond what our security engineers could think to look for, and do so faster than our threat hunters could achieve without AI-augmentation. As our Threat Research division ramps up, and as more organizations engage us to help them with ransomware, we gain more data about attacks that enables us to continually raise our own prevention standard.

Collectively, we call these initiatives our Zero Ransomware Initiative because our goal is for customers to lose zero minutes of sleep over the thought of the paralyzing disruption of a ransomware attack. We aim to eliminate cybersecurity anxiety with an application of purpose-built technology and focused human analysis.

How We Will Get There

Our approach delivers an unprecedented detection and response capability for ransomware to SMB and Mid-Market organizations. And we're deploying new capabilities to ensure we deliver, including anomaly-detection based ransomware detections that adapt with dynamic attack techniques to remain effective, as described above. Beyond the aforementioned cloud and network detections, the endpoint remains a critical part of our pursuits. We'll be announcing an exciting new partnership in the coming weeks that will complement our endpoint capabilities with additional visibility, prevention and response capabilities.

Why Ransomware? Why Now?

Why invest so much of our time and money into ransomware protection? Quite simply, it is the category of attack that results in the highest material impact to those in the market we want to serve, small and medium sized enterprises. These organizations face the same threats as larger enterprises, but often without the people, processes and technology to defend against sophisticated attackers. And these types of attacks are growing in both sophistication and reach. According to Gartner, twenty-seven percent of all malware incidents experienced in 2020 can be attributed to ransomware. That's an especially concerning proportion when you consider the average ransom payment in just the second quarter of 2020 was $178,254 according to Coveware.

Now that we've begun deploying our new Zero Ransomware Initiative advanced ransomware capabilities to improve protection for our customers, we'll continue looking for new ways to improve their security posture. Our quest for zero breaches is never done, but we're taking another big leap forward with this initiative. For more on the problem of ransomware, check out The Rise of RaaS white paper.


How These Companies Are Celebrating Asian American and Pacific Islander Heritage Month

According to a recent study, anti-Asian hate crimes have risen 150% since the pandemic started. But these acts of violence are not new — they are part of a much larger history of anti-Asian racism and violence in the U.S.

That makes celebrating Asian American and Pacific Islander Heritage Month (which was named a month-long celebration in May by Congress in 1992 "to coincide with two important milestones in Asian/Pacific American history: the arrival in the United States of the first Japanese immigrants on May 7, 1843 and contributions of Chinese workers to the building of the transcontinental railroad, completed May 10, 1869") this year all the more important.


How Relativity’s Monika Wąż Conquered Fear to Find Her Dream Career

There's a phrase in her native Polish that Monika Wąż reminds herself of each day: "If you don't learn, you're just going backward."

The Associate Product Manager at legal and compliance technology company Relativity says she would believe in a growth-centered approach to work even if she wasn't in the tech field, but that it's especially important because she is.

Autodesk, Inc.

How Embracing What She Doesn’t Know Led Autodesk’s Arezoo Riahi to a Fulfilling Career in DEI

Arezoo Riahi isn't a big fan of the "fake it till you make it" approach. She'd rather ask for the help she needs and learn from it.

Autodesk's Director of Diversity and Belonging joined the design software company from the nonprofit world after a long career in connecting people from different cultures. While her work had been deeply rooted in DEI values, there were certain parts of the strategy-building aspects to her new role that she wasn't sure about.

"If you know it, show up like you know it. If you don't know it, you shouldn't fake it. And Autodesk didn't shame me for not knowing everything. They helped me, and the entire team, by providing the resources that we needed, bringing in outside expertise to help teach us when we were in new territory," says Arezoo, who has been at Autodesk for three years now, during which she's been promoted twice into her current role.

We sat down with Arezoo to hear more about her path into DEI work, what she thinks the future of that work must include, and what advice she has for women looking to build fulfilling careers, from knowing what you don't know and beyond.


Behind-the-Scenes: Sales Interview Process at LogMeIn

Get an inside look at the interview process for sales roles at LogMeIn, one of the largest SaaS companies providing remote work technology, from Michael Gagnon, Senior Manager of Corporate Account Executive Sales.

Procore Technologies Inc

How Being an Open Member of the LGBTQIA+ Community Has Helped Procore’s Alex Zinik Overcome Imposter Syndrome at Work

Alex Zinik wasn't surprised that she started her career in education—she decided she would become a teacher when she was just in third grade.

She was surprised while working as a paraeducator in the school system and preparing to become a special education teacher, she discovered that it didn't feel quite right. "I didn't know if that's what I really wanted to do," she recalls.

So a friend suggested she take a job during her off summers at construction software company Procore. She thought this would be the perfect opportunity to try out this new challenge, and if she needed to, she could go back to the school district once the summer was over.

"Five summers later, I'm still here!" she says, smiling. "And I see myself here for many more years. I just fell in love with the company, the culture, and with the career growth opportunities I was presented with."

As part of our Pride month celebrations, Alex, currently the Senior Executive Assistant to the CEO at Procore, sat down with us to share how a common fear—the fear of being found out—underlay the imposter syndrome she felt when pivoting to an industry in which she lacked experience, and the anxiety she often felt before coming out to her friends and family about her sexuality.

Read on for her insight on overcoming negative thought patterns, being yourself, and paying it forward.

© Rebelmouse 2020