Multi-layer Protection Against Ransomware
Metabase Q's Total Ransomware Defense combines industry-leading intelligence sources with the first pre-execution convolutional neural network trained solely on ransomware. The pre-execution layer leverages several external threat feeds, proprietary data feeds, and machine learning to offer an instant response for known harmful ransomware. Suspicious processes that are not “known bad” are then passed to the additional layers for further analysis.
The entrapment layer focuses on triggering this ruleset via deception techniques in order to prevent detonation. This protection layer enables the endpoint to hide files from encryption, laces the endpoint with artifacts to deceive the ransomware’s internal execution rules, and adds bait files to amplify the ability to detect malicious behavior.
The behavioral layer employs an industry-first micro-model architecture designed on the principle of capsule network-based machine learning that enables broad benefits over previous behavioral analysis methods.
TRD is designed with the idea that layers will fail and is the first solution to incorporate host isolation, to prevent data exfiltration and lateralization. Bolstered by the industry’s first ransomware key and file recovery baked into our engine, Metabase Q’s TRD mitigates the risk from ransomware and ensures quick recovery if all layers fail.