Solution addresses malware infections on managed and unmanaged devices to identify compromised users, devices, and applications
Austin, TX – January 25, 2023 /Business Wire/ – SpyCloud, the leader in operationalizing Cybercrime Analytics (C2A), today announced the launch of Compass, a transformative solution to help enterprises detect and respond to the initial precursors to ransomware attacks. Compass provides definitive evidence that data siphoned by malware infections is in cybercriminals’ hands and provides a comprehensive approach to incident response for malware infected devices, known as Post-Infection Remediation™. Application credentials and stolen cookies from infected employee and contractor devices are often used by ransomware operators and Initial Access Brokers (IABs) to identify targets and infiltrate corporate networks undetected.
As remote workers and contractors increasingly blur the lines between managed and unmanaged device usage, malware infections on employee-owned systems enable cybercriminals to sidestep traditional ransomware protection solutions, including endpoint protection. Every time an employee logs into work on an infected device, bad actors have an easy path to workforce applications used for single-sign on (SSO) authentication, remote access portals, virtual private networks, code repositories, accounting applications, and other critical business systems.
In the 2022 SpyCloud Ransomware Defense Report, 87% of organizations surveyed showed concern about infostealer malware on unmonitored devices creating entry points for ransomware. Even with this concern, most businesses allow employees to access corporate applications on unmanaged, personal devices, and rely on vendors and contractors with BYOD policies or lax controls on managed devices, extending the attack surface for adversaries to capitalize on.
Security Operations Center (SOC) teams can use SpyCloud Compass to identify when devices, applications, and users are compromised by malware, even if the infected device or business application falls outside of corporate oversight. Incident responders can visualize the scope of each threat at-a-glance, seeing all the necessary details needed to quickly remediate. This reduces the legwork of investigating the potential impact of a compromised device, enabling them to move quickly from detection to response.
With Post-Infection RemediationTM, a comprehensive malware infection remediation approach, security professionals now have a series of steps they can include in their traditional incident response playbooks to properly mitigate opportunities for ransomware and other cyberattacks by resetting the application credentials and invalidating session cookies siphoned by infostealer malware.
“Once a piece of data is compromised by malware, that data doesn’t just go away – but many companies fail to fully realize the long-term significance to their ransomware risk,” said Ted Ross, CEO & Co-Founder of SpyCloud.
“Compass was designed to solve this problem. It reduces the enterprise’s exposure by arming the security team with knowledge of the infected devices accessing critical workforce applications. Without addressing these exposures, the door is open for attackers to access, steal, encrypt, and even wipe corporate data.”
– Ted Ross, CEO & Co-Founder of SpyCloud
- Reduce their risk of ransomware by identifying hard-to-detect malware infections that provide bad actors with entry points
- Identify threats outside of corporate control, such as employees’ and vendors’ malware-infected personal devices that have been used to access workforce applications
- Shorten incident response times when investigating the potential impact of an infected device
- Mitigate long-term malware risks by taking incident response beyond standard device remediation
- Illuminate previously unseen compromised assets including credentials and cookies for third-party applications like SSO, VPN, CRM, etc.
- Focus on high-priority threats based on definitive indicators of malware-infected devices and exposed applications on corporate networks
SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Its products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, protect their business from consumer fraud losses, and investigate cybercrime incidents. Its unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies around the world. Headquartered in Austin, TX, SpyCloud is home to nearly 200 cybersecurity experts whose mission is to make the internet a safer place.
To learn more and see insights on your company’s exposed data, visit spycloud.com.