To protect our customers against the threat of ransomware, we are announcing a new enhancement to Box Shield Pro Ransomware Activity Detection. This new feature will provide admins the option of automatically terminating user sessions that are flagged as ransomware events, instead of requiring a manual process. This automation will significantly accelerate the mitigation of ransomware events spreading from compromised endpoint devices and reduce the amount of content that needs to be recovered.
A consistent concern when handling threat alerts is the accelerating “breakout time”, or how long before a breach leads to damage. With ransomware especially, the longer an incident remains unresolved the worse the impact will be, and timelines are getting shorter. By giving admins the option to automatically terminate potentially compromised sessions, rather than requiring action from within the alert, organizations most concerned with ransomware are able to instantly shut down any incident as soon as it begins spreading from a compromised device, no human action required. This will also be a toggle, so admins more concerned about erroneous triggers can keep the process manual.
When the feature is enabled, the automated termination will be shown within the ransomware detection alert, and if desired the admin is still able to terminate the user session again as needed. This feature will not impact the Content Recovery integration, and admins will still be able to initiate the recovery process at the click of a button from within the alert.
This feature will be rolling out to all Box Shield Pro customers over the coming weeks. To learn more about Ransomware Activity Detection and Box Shield Pro, look here.
Are you a Box customer that wants to join the conversation on Shield Pro, and all things Box Security and Governance? Join us at our Security and Governance user group here.