Reading Time: 3 minutes

On April 16th, CTERA announced the enhancement of its award-winning ransomware protection engine, CTERA Ransom Protect, with active protection against data exfiltration using honeypot decoy techniques.

CTERA Ransom Protect is an AI-powered cyber defense engine integrated into the CTERA global file system, providing zero-day protection against widespread ransomware attacks.

Now enhanced with honeypot capabilities, Ransom Protect utilizes the strategic deployment of decoy files within the organization’s file system and enables CTERA to identify and stop unauthorized access or attempts at data theft, effectively neutralizing threats before significant damage can occur.

But what is a honeypot? Malware honeypots are a decoy designed to intentionally attract malicious software. Of course it depends by the type of service, for CTERA a honeyport decoy is a “fake” file (or folder) mixed with other production files to check if somebody try to modify it.

The idea is interesting not only to identify possible malware attacks, but also other type of attacks, like trying to copy data (but this function is not yet enabled).

Key features of CTERA Ransom Protect include:

  • One-click deployment: single-click feature activation on CTERA Edge Filers with latest version release
  • Real-time AI-based detection: advanced machine learning algorithms identify in real-time behavioral anomalies suggesting fraudulent file activity, and block threads within seconds (by blocking the user)
  • Data exfiltration prevention: decoy files enable real-time detection and blocking of data exfiltration attacks
  • Zero-day protection: does not rely on traditional signature update services but on the user behavior
  • Security incident management: administrator dashboard enabling real-time attack monitoring, comprehensive incident evidence logging and post-attack forensics
  • Instant recovery: near-instant recovery of any affected files from snapshots that are securely stored in an air-gapped, immutable cloud object storage effectively thwarting any manipulation attempts by malicious actors

With an incident management dashboard, administrators can monitor attacks in real time. CTERA’s ransomware protection stores extensive incident evidence and logs, aiding in post-attack forensics. Ransom Protect is integrated into CTERA Edge Filer, and is easily activated with a single click for streamlined deployment.