BullWall.

BullWall is a Danish cybersecurity solution provider with a dedicated focus on protecting critical IT infrastructure from ransomware. They provide rapid containment of active attacks, and safeguard servers by preventing unauthorised intrusion.

Even the most well-protected organizations can fall victim to ransomware.  This is when you need a ransomware containment solution.

Ransomware Containment is an active defence solution designed to detect, isolate, and halt active ransomware attacks. It protects critical IT infrastructure with real-time data monitoring, detection & self-activated isolation and automated compliance reporting. Seen by many as a last line of defence, BullWall’s innovative ransomware containment solution detects and stops active ransomware on file shares and servers, both on-premises and in the cloud, by isolating compromised users and devices.

This laser-focused ransomware containment solution secures critical data, designed to keep hackers from propagating malicious encryption and exfiltration.

What does BullWall Ransomware Containment do?

1. Monitors and Detects
BullWall Ransomware Containment monitors data activity in real time on SAN/NAS file shares, VMs, domain controllers, database servers and application servers, on-prem and in the cloud. The system leverages 28 detection sensors and machine-learning capabilities, instantly detecting illegitimate encryption and exfiltration.

2. Isolates & Quarantines
Once encryption begins, BullWall RC immediately and automatically activates a containment protocol for the compromised user(s) and device(s). This process deploys built-in scripts to stop file encryption and data exfiltration in seconds. Alerts are then sent to the relevant IT personnel through the built-in dashboard, email, SMS or mobile app.  Alternatively, notifications can be made to SIEM, NAC, EDR and other security solutions via RESTful API.

3. Recovers & Reports
Once the attack has been thwarted, the system quickly identifies any encrypted files to restore from a backup. Fully automated compliance incident reporting is available with an advanced history log that captures all attack details, suitable for internal leadership and external government agencies.

BullWall Server Intrusion Protection – Safeguard Servers From Ransomware

Fuelled by the surge in remote and hybrid work environments, RDP has become a leading point of entry for cyberattacks.  A 2020 survey by Unit 42 (Palo Alto’s response team) noted that RDP featured in 50% of ransomware deployments, a figure that undoubtedly grown since then.

Multi-Factor Authentication (MFA) can substantially mitigate the threat of unauthorized access stemming from compromised credentials, as attackers are required to bypass multiple security layers for successful entry. BulllWall Server Intrusion Protection will detect unauthorized RDP sessions, alert you and block the compromised clients and servers.

Impeding reconnaissance and lateral movement reduces the potential for compromise in other network areas.  By preventing unauthorized access, a containment strategy is implemented which prevents ransomware deployment and data encryption / exfiltration.  BullWall ensures compliance with cyber insurance policies requiring MFA on all servers.