Administration Guides
Rapid Machine to Machine Malware Spreading Attack Defense
Home
Overview
Ransomware Defender can use multiple cluster detections, to elevate the automated response due to the severity of the detection, and number of concurrent security events. Refer to the diagram below:
Rapid Machine to Machine Malware Attack Auto Response Escalation Configuration
This feature is designed to protect against a multi-user scenario where malware affects many machines in a short period of time, and when malware is spreading from machine to machine. The goal in this scenario is to escalate the response automatically based on the number of concurrent events. The example below walks through how warning → major → critical response escalation will occur based on settings.
Best Practice: Set the Warning to Major to a higher number e.g. 5, and Major to Critical to half of the warning e.g. 8.
- Major and Upgrade to Critical events are set to upgrade the severity to this level when a lower severity detection event matches or exceeds the number entered.
- Example (A) if Upgrade to Major (events) is set to 8 this means if 8 separate Warning events are detected the response will be auto-upgraded to Major and timed lockout will be started. (see screenshot below)
- Example (B) if Upgrade to Critical (events) is set to10 this means if 10 separate Major events are detected the response will be auto-upgraded to Critical and immediate lockout will be activated. (See screenshot below)