Detecting and Preventing the Spread of Ransomware
Ransomware attacks affect more and more computers worldwide every year. Such attacks clearly show that security solutions alone are not enough to ensure the security of IT systems. The only way to truly defend against such attacks includes keeping software up-to-date, taking regular backups, securing your network with an endpoint security solution and auditing your IT environment. Here at Lepide, our focus is on auditing. LepideAuditor provides deep insights into every change in the configuration of Active Directory, Group Policy, Exchange Server, Windows File Systems, NetApp Filers, Office 365 and Dropbox. The instantaneous information, in the form of real-time or threshold alerts, allow you to spot the symptoms of a ransomware attack and take appropriate action.
How We Help in Ransomware Detection
Keep Group Policies Intact
Multiple policies to maintain IT security, such as software restriction and password policies, are configured in almost every organization. Any changes to such policies should be audited properly, with administrators being notified immediately for critical changes. LepideAuditor monitors every change in Group Policy Objects and sends real-time alerts when critical changes are detected. It also lets you restore the entire Group Policy Object with a few clicks to reverse unwanted changes.
Highlight Suspicious Changes
Some ransomware attacks (including the most recent WannaCry attack in May of 2017) encrypt critical files and alter the extension name with a new suffix. Once the extension name of a file is changed, it gets encrypted and hidden. LepideAuditor sends you real-time alerts for such suspicious changes – as emails to your inbox, updates to the Radar Tab, and push-notifications to the LepideAuditor App installed on your Android or Apple device.
Spot Anomalous Change Activity
If a user is making numerous changes over a short space of time, red flags should be raised about the possibility of unauthorized activities. LepideAuditor sends you threshold alerts, as emails or push notifications, that inform you of multiple changes or suspicious user activities taking place over a specified period of time. In-depth audit reports enable you to view all the activities or changes being made by a user account.
Detect Sudden Permission Changes
Often, ransomware attacks attempt to change permissions of a file in File Server or of a user in Active Directory. LepideAuditor audits the permissions of all server components to keep you aware of any sudden change in permissions. This enables you take quicker action to review permissions and correct if necessary.
Reverse Unwanted Changes
When your security solution has neutralized the ransomware attack, the next thing to deal with are the changes made to the configuration of IT environment due to the infection. LepideAuditor continuously captures snapshots of the state of both Active Directory Objects and Group Policy Objects. Use Lepide Object Restore Wizard to restore the state of these objects to a previously dated snapshot. With this method, you can reverse all unwanted changes within minutes.
❝
LepideAuditor is simple to install and setup and is an easy-to-use solution for auditing your IT environment.
Ahmed Nabil
❝
LepideAuditor takes the strain out of change auditing and regulatory compliance with one of the most comprehensive solutions on the market.
IT Security Guru
❝
It’s rare to find a solution which covers a such a wide range of auditing services, but ‘LepideAuditor’ is one of those rare exceptions.
Mahdi Tehrani
Active Directory Lead
❝
LepideAuditor is one of the most simple to use and feature-packed security suite for Microsoft-based environments. If you fear security breach, this is one of the most essential security perimeters.
Erik Blum
❝
LepideAuditor is an excellent audit solution. It gives IT teams complete information about what’s happening in the IT systems, the health of their servers and backup history.
Prajwal Desai
❝
The LepideAuditor is an invaluable toolset for any System Admin to audit Active Directory, Group Policy and Exchange server changes.
Marius Ene
❝
I really enjoyed the way LepideAuditor performs to audit the changes made to Active Directory and Group Policy Objects. I will certainly recommend it to anyone who is looking for an easy-to-use third party auditor.
Roman Nedzelský
❝
LepideAuditor is highly recommended as it not only meets all requirements for Active Directory and Group Policy change auditing but also it is easy and friendly to use.
Roberto Di Lello
❝
LepideAuditor is an excellent auditing solution. Some key features of the solution are compliance reports, health monitoring, alerts/notifications and the backup/restore functionality.
Mayank Dhama
IT Expert
❝
LepideAuditor honored as Gold winner in the 12th Annual 2016 Info Security PG’s Global Excellence Awards® in ‘Auditing’
❝
LepideAuditor is a solid product that will likely do a good job for anyone who wants to know what administrative actions are being taken in their organization.
❝
LepideAuditor received a gold certification in data loss prevention.
❝ LepideAuditor has brilliant search capabilities and was easy to use from the perspective of a non-technical end user – highly recommend it.❞
❝ LepideAuditor provided us with complete visibility over what was happening in our IT environment in a simple, cost-effective and scalable way.❞
❝ We're very pleased with how much more insight LepideAuditor gave us and impressed with the attentive customer service they provided.❞
❝ LepideAuditor takes the strain out of change auditing and regulatory compliance with one of the most comprehensive solutions on the market. ❞
