Using Anti Data Exfiltration (ADX) to Stop Ransomware and Other Threats to Data
Dr. EDWARD AMOROSO, FOUNDER & CEO, TAG
This series of blogs developed by TAG Infosphere highlights a powerful new cybersecurity solution known as Anti Data Exfiltration (ADX) which provides on-device data security and threat protection. Commercial vendor BlackFog pioneered ADX which is shown to effectively stop cyberattacks such as ransomware, spyware, malware, and phishing.
How ADX is Implemented by BlackFog
It is key for enterprise security teams to understand how ADX differs from traditional data loss prevention (DLP) because most security groups have tended to rely on this method for their data security. Most DLP solutions exhibit many cost, functional, and security-related drawbacks that often prevent successful implementations.
How does BlackFog Enterprise Work?
The BlackFog Enterprise product is a comprehensive solution designed to implement ADX for enterprise buyers. At the heart of BlackFog Enterprise is its on-device agent, which goes beyond traditional antivirus and Endpoint Detection and Response (EDR) solutions. As explained above, ADX focuses on preventing unauthorized data from leaving devices, a critical aspect in modern cybersecurity.
This commercial solution works by monitoring data exfiltration from any network to ensure data security and regulatory compliance. The product offers a proactive approach to cybersecurity, using AI based algorithms to identify unusual behavior and the unauthorized removal of data from devices and networks.
The product emphasizes on-device data privacy and security. It protects endpoint devices by investigating outgoing data on endpoint devices, providing a more streamlined and less intrusive approach than traditional methods like firewalls or Data Loss Prevention (DLP). This makes it effective even for mobile devices and remote work environments, securing data directly on the devices without relying solely on network-based protections.
How is ADX Implemented on the Device?
BlackFog’s ADX works by focusing specifically on outbound data packets at level 3 of the OSI stack. As such, the solution works at the packet level to obtain information about the source and destination of the datagrams. Using AI across dozens of parameters, the BlackFog product determines the legitimacy of the packets and therefore whether or not they are permitted to leave the device.
For example, if a packet originates from some system process that does NOT have networking capability, then it has a high confidence level that the process is hijacked and should be stopped. In addition, if a packet is exfiltrating data to the dark web, then it’s probably doing something unacceptable. Similarly, the product can geofence data and determine when data is traveling to unauthorized destinations such as Russia or China, telltale signs of many ransomware attacks.
How is ADX Different Than Traditional DLP?
These rules are applied on every packet using an AI-based algorithms, such as behavioral analysis to stop data exfiltration. It is important to point out here that this is quite different from the way traditional data loss prevention (DLP) works. Recall that most DLP solutions work at the edge of the enterprise network much like a firewall and typically involve a hardware device that must be capable of processing large volumes of data.
As a result, DLP platforms can be expensive. In addition, all packets must flow through the checkpoint, which means that DLP is only useful behind a corporate firewall and not very useful in today’s hybrid workforce environment where everyone works from home, or on the road. Second, many DLP solutions are designed to inspect packets, decrypt them (since most traffic is effectively SSL), which can breach the end-to-end trust of a certificate.
Finally, DLP operates on the principle of data classification. That is, once the packet has been decrypted, it looks inside to see if there are tagged documents or elements. Addressing such an issue requires, of course, the ability to constantly tag documents internally. This can be virtually impossible from a resource perspective for most organizations with their high volume of documents and other types of files created on a daily basis.
What is the BlackFog Approach?
BlackFog has taken the view that the traditional approach to DLP is just not feasible for most enterprise teams and designed ADX as a practical solution to all these problems. It uses real time network and process-based AI detection and analysis to provide anti data exfiltration with no human intervention.
Click here for more information on the specifics and technical details of how BlackFog helps enterprise teams implement and enforce security policies using ADX.
About BlackFog
BlackFog is the leader in on-device data privacy, data security and ransomware prevention. Its behavioral analysis and anti data exfiltration (ADX) technology stops hackers before they even get started. The company’s cyberthreat prevention software prevents ransomware, spyware, malware, phishing, unauthorized data collection and profiling and mitigates the risks associated with data breaches and insider threats. BlackFog blocks threats across mobile and desktop endpoints, protecting organizations data and privacy, and strengthening regulatory compliance.
About TAG
TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to provide on demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science.
Copyright © 2024 TAG Infosphere, Inc. This report may not be reproduced, distributed, or shared without TAG Infosphere’s written permission. The material in this report is comprised of the opinions of the TAG Infosphere analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.
Related Posts
The Johnson Controls Ransomware Attack – Impact and Key Insights Review
In September 2023, Johnson Controls International suffered a ransomware attack linked to the Dark Angels group, resulting in the theft of 27TB of sensitive data. The breach caused $27 million in losses and disrupted operations, highlighting the critical need for robust cybersecurity defenses.
The 2024 Vulnerability Crisis – Managing Cybersecurity Threats
Learn how organizations can meet the onslaught of cybersecurity vulnerabilities, along with five of the most common vulnerabilities and successful management strategies. Find out why there’s a new vulnerability every 17 minutes.
What is Data Loss Prevention? | A Complete Guide to DLP Security
Data is the most valuable asset today's businesses possess - and volumes are growing all the time. In this article we look at what data loss prevention means heading into 2025 and what should firms be doing to improve their capabilities?
BlackFog: Personal Liability Concerns Impact 70% of Cybersecurity Leaders
70% of cybersecurity leaders face personal liability concerns. Discover how it impacts governance, accountability, and cybersecurity practices.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
BlackCat Ransomware: What It Is and How to Defend Against It
Learn how to protect your business from BlackCat ransomware with essential insights, ransomware prevention tips, and actionable defense strategies to mitigate risk.