What is RansomGuard™?

RansomGuard™ is a file integrity monitoring (FIM)/data loss prevention (DLP) endpoint tool which allows customers to discover and respond to attacks in different ways than traditional security products (and still helps organizations meet compliance requirements such as PCI DSS).

Why should I choose RansomGuard™ vs other security solutions?

RansomGuard™ is not meant to solve all of your security needs. It is meant to be used in tandem with other security solutions such as Endpoint Detection & Response (EDR) and Anti-virus (AV) solutions to help provide you with the best defense. RansomGuard™ is easy to install and integrates with other products in your security stack (think ELK or Splunk); if you do not possess any central security solution, LegioX offers a basic dashboard where you can view logs from RansomGuard™ across your network.

RansomGuard™ is built with deception in mind, meaning that even in two systems in the same company, it can appear differently. This makes it more difficult for attackers (and users) to discover that it is running on a protected system, and thus more difficult to circumvent. By taking extra steps to discover whether RansomGuard™ is running on a system, the attacker will need to potentially take louder action which will be more noticeable on the system. RansomGuard™ offers flexible response options, ranging from simple passive logging, to killing offending processes, to shutting down the affected system. Last but not least, RansomGuard™ works on Windows and Linux - and internet access is not required for it to run. A MacOS version is in development.

How does RansomGuard™ act as a DLP product?

DLP (Data Loss Prevention) enables businesses to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of sensitive or personally identifiable data (PII). It is also used to help organizations with data security and ensure they comply with regulations like the California Consumer Privacy Act (CCPA), EU General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act (HIPAA).The terms "data loss" and "data leakage prevention" are often used interchangeably, but DLP security enables organizations to defend themselves against both. RansomGuard™ can detect when protected files are accessed - this includes when protected files are uploaded outside of the network via methods such as scp, a browser, or c2 agent. As attackers won’t know which files are protected, when they attempt to exfiltrate files from the network they will trigger an alert and/or response when they hit a protected file. This enables organizations to quickly know if someone is trying to leak or exfiltrate data, and take action accordingly.

How does RansomGuard™ act to prevent Insider Threats?

RansomGuard™ can present itself differently on each machine in a network, and is built with deception in mind. This means that users as well as attackers will not know where RansomGuard™ is, or whether it is present on a system at all. If suspicious activity such as file exfiltration occurs to a protected file, your organization will immediately be aware that the individual is either compromised or engaging in suspect behavior, and can investigate accordingly.

How does pricing work for RansomGuard™?

Currently RansomGuard™ is sold on a per device basis; namely, one annual license is sold per device that is protected.

How do you protect client data?

Outside of basic license information, RansomGuard™ does not send data back to LegioX; the tool is designed so that all data is contained only on customer infrastructure and in customer systems. LegioX will not be aware if RansomGuard™ detects suspicious behavior in your network.

Does RansomGuard™ integrate with other security products?

RansomGuard™ is designed to integrate with major security solutions, such as Splunk and ELK for logging and EDRs such as Crowdstrike, Carbon Black, etc.

Does RansomGuard help satisfy compliance needs?

RansomGuard acts as a DLP and FIM product for compliance purposes, and can satisfy compliance requirements such as those required by:

PCI-DSS — Payment Card Industry Data Security Standard;

HIPAA — Health Insurance Portability and Accountability Act;

SOX — Sarbanes-Oxley Act;

FISMA — Federal Information Security Management Act;

NERC CIP — North American Electric Reliability Corporation critical infrastructure protection; and

NIST — National Institute of Standards and Technology.

GDPR — EU’s General Data Protection Regulation

What if I need help with setup?

LegioX will work with you for installs, and provide documentation on how to install RansomGuard™ so that your IT team will be able to install it independently.

I have other questions.

Please contact us at https://legiox-cyber.com/contact-us and we will be happy to answer any questions you have or schedule a free consultation with you.