Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

New Endpoint Protection Platform by Cigent Blocks Ransomware at the Data Level

The two primary components to the solution are to encrypt company data at all times, and to decrypt only when the file is required for use.

A new endpoint data protection platform from Cigent Technology refocuses ransomware prevention onto protecting customer data from both encryption and exfiltration. With no loss of data, criminal extortion is prevented.

The common approach today is to use endpoint detection and response (EDR) to detect an intrusion, such as ransomware, and allow defenders to respond. Empirically, we know this isn’t working (see the list of related news at the end of this article – all were published between May 10, 2024, and May 17, 2024). One primary problem is the speed with which ransomware operates, leaving little time for response after detection but before encryption.

Cigent tackles this problem from the other end. Its basic approach is to protect the data to prevent encryption. Before any ransomware compromise occurs, the data is already safe. A major consideration in doing this is to impose as little overhead on the user as possible. Friction, which cannot be completely eliminated, is minimized to an acceptable level, the company claims.

“The detect and respond approach is insufficient with today’s threats,” said Cigent CEO and co-founder John Benkert. “Cigent Platform is an entirely new failsafe that delivers endpoint protection for the modern workforce. It protects endpoint data from threats, remote or physical, allows users to continue to operate even if a device has been compromised, and with a user-empathy design that mitigates user impact, preventing the burdening of IT and security staff.”

The two primary components to the solution are to encrypt company data at all times, and to decrypt only when the file is required for use. Decryption is automatic when the user needs access, but this access can only be invoked with zero-trust style MFA authentication. Without access to the file, its data can neither be exfiltrated nor encrypted by the attacker.

To minimize operational disruption, the customer has flexibility in specifying which files are to be encrypted, and what MFA will be used. The system can be set to protect individual files, to protect by extension (for example, all Word or PDF files), by folder (for well-organized users), or by ‘hidden’ drives. This allows the user to set defense in accordance with risk.

The MFA flexibly integrates with all major authentication providers, such as Windows Hello and Okta. Chief Growth Officer Brett Hansen told SecurityWeek that he personally uses a PIN that allows him to have a maximum of 10 files open at any time (the number is user-specified). “If I have ransomware on my endpoint, the maximum number of my protected files it could encrypt would be ten,” he explained. (He has a colleague that uses facial recognition for his MFA.)

“We understand that endpoints already have a lot of overhead and management aligned with their security. So, this is a set and forget solution. I don’t have to continually look out to check for a new threat vector or a new concern. I pushed this out – I set policy and I don’t have to worry about it going forward.” The principle is ‘preserve the data first, detect and eliminate the attacker second’.

Advertisement. Scroll to continue reading.

The platform also integrates with existing EDR products. This could detect the presence of an intruder prior to any attempt to open and steal or encrypt the data — but the data would remain safe regardless. The platform also includes its own AI-based behavioral anomaly detection capabilities. So, for example, if a remote worker is physically compromised and hands over his or her MFA token, the platform will detect and respond to any sudden change in the number of files that user commonly attempts to open.

Hansen believes that the system excels for the remote worker. “Our roots are in the military,” he continued. (Benkert spent 20 years in USAF Intelligence and seven in the NSA, where he received the National Scientific Achievement Award for technological innovations in data security.)

“We started with the drives. We started building highly secure drives with embedded firmware protection,” he continued. The image is of military personnel carrying remote ruggedized devices. “That may not be necessary for everyone, but the concept is increasingly important to a larger portion of the population.” This desire to provide maximum security, he said, spread outward to provide the same level of data protection against ransomware for everyone. “So, our genesis almost came from the world of remote.”

There’s one further point worth mentioning. We are in dangerous times. Critical industries have more to worry about than ransomware – the potentially more problematic danger of the wiper variant. What we’ve discussed is the protection of data from theft or encryption; but what about critical industry’s system files? SecurityWeek asked this question.

“Yes, we can protect them,” was the reply. “Our data defense can be configured so that system files could be protected at the first sign of danger. It would impact the user’s ability to continue to use the device but would keep the system files safe.” 

For now, Cigent’s defense is limited to Windows devices. Mac and Linux (servers) are being developed. This is Cigent’s approach in a nutshell: first prevent the damage, then deal with the attacker. 

Related: Microsoft Quick Assist Tool Abused for Ransomware Delivery

Related: Personal Information Stolen in City of Wichita Ransomware Attack

Related: Black Basta Ransomware Hit Over 500 Organizations

Related: 500,000 Impacted by Ohio Lottery Ransomware Attack

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights