Cortex XDR - Ransomware Simulators
4248
Created On 04/03/23 07:35 AM - Last Modified 04/22/24 06:09 AM
Question
Why testing ransomware activity using ransomware simulators not always being detected/prevented by Cortex XDR?
Environment
- Cortex XDR agent
Answer
When testing ransomware activity using ransomware simulators, it’s important to understand the limitations of each tool to assess the meaning of successful or unsuccessful detection. As shown in this blog post , most ransomware simulators have shortcomings, and none of them provide a full simulation of a real ransomware attack.
While it’s possible for security vendors to update their products’ defenses to detect the IOCs and techniques used by today’s ransomware simulators, we believe this strategy doesn’t demonstrate true security efficacy and may instead provide organizations with a false sense of security. The only accurate way to validate ransomware protection is by executing actual ransomware in an isolated environment like the recent ransomwares and wipers used in Russia-Ukraine cyber attacks , as well as the latest variants of REvil , Conti , Ryuk , and other real world ransomware.