GFI Forums: Kerio Control Feedback » Ransomware protection

Home » Product Feedback » Kerio Control Feedback » Ransomware protection (Block out of the ordinary uploads)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Ransomware protection [message #153737]

Mon, 06 February 2023 18:51

tverweij
Messages: 72
Registered: March 2010
Location: Curacao

In most cases, before a system is encrypted, the data of the machine is uploaded to be held hostage.
When we can detect these uploads with Kerio, we can block these uploads.

To do this, Kerio should monitor the normal traffic that is initiated from a host to all specific IP addresses.
It can then calculate the medians uploaded per hour per IP address (only initiated from the machione itself).
A whitelist should be available to exclude specific addresses from this detection.

If a host connects itself to a new IP address it did not previously connect to (and that IP is not whitelisted), and the median upload per hour is exceeded - a warning should be issued and / or the upload stream should be blocked (as specified in the rules), to prevent the data from being stolen.

Report message to a moderator

Re: Ransomware protection [message #153758 is a reply to message #153737]

Fri, 10 February 2023 16:33

chrisc
Messages: 136
Registered: January 2022

Hi tverweij, thank you for your feedback! I have submitted it to our Product Team under GFIPEF-215 for further review.

Chris Contorinis
Customer Care Specialist
GFI Software

Report message to a moderator

Previous Topic:	Managed to convert my Kerio Control 9.4 install to UEFI, but new kernel not new enough for Hyper-V
Next Topic:	Feature Request Process for KerioControl

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Mar 24 17:27:35 CET 2023

Total time taken to generate the page: 0.01664 seconds