Ransomware Defense. PHOTO: Cybercrime Magazine.

Ransomware Defense: The Value Of Visibility

Cimcor’s CimTrak Integrity Suite shrinks data breach response times from months to seconds

David Braue

Melbourne, Australia – Nov. 26, 2021

In a year where damage from ransomware has escalated so much that it’s driving the agenda in boardrooms and at international conferences, security professionals have naturally flocked to anything that can help them fight back.

And while data backup tools have won over many companies with their ability to restore data to its unencrypted state, change-monitoring firm Cimcor has taken a different approach by building a platform that can not only restore modified data, but also keeps a detailed log of exactly when and how it was changed — and by whom.

That has made it an invaluable tool for analyzing and rolling back ransomware strikes — yet ransomware wasn’t even on the horizon back in 1997, when the founders of file-monitoring tool company Cimcor began realizing that the manufacturing systems they were automating were sitting ducks.

“When we were automating those facilities, we had these knots in our stomach,” Robert Johnson, III, CEO of Cimcor, told Cybercrime Magazine. “We had this feeling that it would only take a person with a laptop and a USB stick to bring these critical processes down.”

That realization was a driving force behind the efforts of a development team that spent five years designing and refining its CimTrack Integrity Suite — a change-monitoring utility that can monitor a broad range of networked computers and devices for even the slightest change.

Using a straightforward interface, users can choose the resources they want to monitor and the degree of monitoring they want — enabling continuous monitoring of key resources that raise alarms any time certain changes are detected, such as the mass encryption of files due to a ransomware infection.

With ransomware now considered to be a form of cyberwarfare that dominates government and corporate agendas, companies know they’re likely to be hit — with often-devastating effects for small businesses and annual damages expected to exceed $265 billion a decade from now.

Continuously monitoring and recording changes not only enables quick recovery from ransomware damage but, as Johnson demonstrated, the platform’s highly-granular change tracking capability supports other options — including the ability to roll back files to their state at any given time, or to enforce a specified baseline state that ensures critical services keep running as they are intended to.

The system can even block administrator accounts from making changes that they would normally be allowed to — a boon for the many companies suffering privileged account compromise when cybercriminals obtain control over legitimate network accounts.

“Because we have the content behind it all, we can tell you not only that something has changed, but we can also go a step beyond and say exactly what has changed,” Johnson explained.

“There’s a tremendous amount of additional insight that you gain from a tool like CimTrak,” he continued, “when you combine more than just digital hashes with a view of what’s actually happening in the system and what was going on from a content perspective.”

The value of visibility

Being able to monitor key systems for changes is more than an academic curiosity for network security administrators, for whom the sheer number of simultaneous resources makes it near-impossible to even detect — much less remedy — cybersecurity breaches with anything resembling speed.

This year’s IBM-Ponemon Institute Cost of a Data Breach report, for one, found that it took 250 days, on average, to detect breaches caused by compromised credentials — far more than the 212-day average overall.

Containing a breach takes an additional 75 days, on average — meaning that the average company won’t even know that it has suffered a cyberattack until 287 days, or more than 9 months, after the attack happened.

“We think that’s an absolutely unacceptable statistic,” Johnson said, “and everything that CimTrak does is focused on bringing that down to just seconds.”

Immediate visibility of the changes caused by cyberattacks is not only valuable in helping security teams more rapidly launch countermeasures or file restoration, but also provides a forensic trail by creating a detailed record of exactly where each change came from.

With companies facing an ever more-dizzying array of governance, regulatory and compliance (GRC) obligations, Cimcor has aligned its monitoring to a range of common standards including PCI, HIPAA, and Sarbanes-Oxley.

The platform’s built-in ticketing system helps manage escalation of detected events, while digestion of STIX and TAXII threat-intelligence feeds means that the platform can continuously watch for blacklisted files that are indicators of compromise.

Based on its analysis of the current state of critical systems, Johnson said, “you can get a handle on where you stand for any of those compliances” and use its reports to drive robust high-level conversations such as how a company can reduce its risk, how it can keep producing revenue if it is hit with a cyberattack, and how it can ensure its reputation isn’t damaged by compromise.

“It provides you with that general insight to what’s happening in your organization just based on pure change control,” Johnson said, adding that customers “get it and realize that there’s something different that has to be done securing IT infrastructure — and it starts with understanding what’s happening in that infrastructure.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

Data Security Archives

Sponsored by Cimcor

Founded in 1997, Cimcor is an industry leader in developing innovative security, integrity and compliance software solutions. The firm is on the front lines of global corporate, government and military initiatives to protect critical IT infrastructure and has consistently brought IT integrity innovations to market.

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time. Built around leading-edge file integrity monitoring capabilities, CimTrak gives organizations deep situational awareness including who is making changes, what is being changed, when changes are occurring, and how changes are being made. This, coupled with the ability to take instant action upon detection of change, gives organizations assurance that their IT assets are always in a secure and compliant state. 

Cimcor is headquartered right outside of the Chicago, IL market with business operations worldwide.