Introduction. At Gate 15, our team focuses on risk management and organizational security and resilience, with unique expertise in threat analysis, operations and preparedness (planning, training, exercise and continuity) support. Recognizing that clients and partners require additional technology, services and capabilities to effectively manage their complete risk profile, our team partners with organizations that can enhance our competencies and which offer additional risk management resources that complement our capabilities. On the “About Us” page of this website, you’ll see some of our outstanding partners. In a five-part series, we’ll be posting
updates with interviews with these partners to share more about what they do and how they can help organizations reduce their risk and enhance preparedness, security and resilience.
Hipara: Interview with Founder and Technical Lead, Brett Cunningham
Ransomware is (or should be!) a huge concern for organizations. It has affected organizations across the critical infrastructure community, government organizations and non-profits. Nonetheless, I get the feeling that a lot of folks still do not understand what is happening when ransomware malware hits their system. Can you briefly explain what ransomware is and what it does when it infects a device or network? Ransomware is aptly named for its behavior: it holds data hostage until the ransom is paid. Most often, ransomware is delivered via email. An unsuspecting user receives an email that downloads malware onto their system. Depending upon the company’s regulatory requirements and the data that is on users’ computer, it may require a breach notification. If the computer does not contain sensitive information, a breach notification may not be required. However, ransomware does not stop there! Ransomware will seek out network drives (a.k.a., mapped or shared drives) and encrypt those files as well. As an example of the disruptin, this has led to multiple hospitals having to resort to a paper-based system until the systems can be brought back online!
Obviously, the ideal situation would be that no one does anything to allow the malware onto their network but increasingly we’re seeing that is unlikely, as people continue to make mistakes allowing infection and a recent report highlighted how anti-virus completely fails against ransomware detection. Can you explain how Hipara prevents ransomware from disrupting a system or network? Hipara monitors the endpoint using math algorithms typically applied to physics. Measuring the randomness of data, our software can tell when a process is attempting to encrypt a file. If the process is untrusted (unsigned, not allowed by the organization, etc.), we block the process from encrypting and notify the organization’s security team.
We’re focused on helping organizations reduce risk. On our end, we emphasize understanding the threats, assessing the risk and conducting preparedness to properly mitigate those greatest risks. We certainly assess ransomware as a serious risk that all organizations need to plan for because the potential operational disrup
tion and downtime can be devastating. We emphasize developing preparedness but Hipara offers a product solution to completely frustrate ransomware. How will Hipara be able to keep up with the ever-evolving variations of malware and if I were to deploy your solution, how confident can I be that I’m really protected? Hipara specializes in ransomware. We keep current with the latest actor adaptations. In the past few months, we have seen ransomware actors using full disk encryption and/or stealing the data before encryption. As the actors adapt, so do we. Hipara was created out of the frustration my co-founder and I had in our past roles. Creating signatures or creating the most simple of behavioral heuristics is not sufficient. Companies should not settle for these or other sub-optimal solutions. Ransomware is a one-billion-dollar cybercriminal operation. Part of effectively reducing risk is by cybersecurity vendors significantly raising the cost attackers must take to conduct their criminal business. Cost can be a powerful barrier to reducing attacker motivation. They will typically go after the easiest, least protected, least costly targets. Just as with physical security, hardening one’s cyber defenses helps to deter attacks.
Is Hipara a solution intended for individual users or is it more focused on enterprise networks? Hipara is focused on fighting ransomware for enterprises. We have observed ransomware taking hospitals, financial institutions and others offline. As we see in other threat areas, we can assume with great confidence that attackers will continue to shift their targeting to other communities and in increased number. Imagine the impacts and downtime disruptions for retailers or the gaming and hospitality communities, utilities or transportation. The potential impacts are broad and can be considerable operational and financial disruptions. The cost for the business is higher, and the attackers seek a higher ransom. To raise the cost to attackers, we must take away their ability to demand high ransoms from companies.
Can you explain how an organization deploys Hipara? Hipara is extremely easy to deploy. There are two components: the Hipara Server and the Hipara Client. The Hipara Server is installed with a single command on a Linux-based operating system (Ubuntu and Debian). Installation takes less than 10 minutes. The Hipara Client comes packaged as a MSI. This is the easiest deployment package for system administrators to deploy. System administrators can use deployment platforms like Active Directory’s GPO or a third-party content-delivery tool like Tanium.
If someone reading this post is curious for more information about your products and services, what’s the best way to get more information? We’d be happy to discuss Hipara further! We can best be reached at contact@hipara.org or call 913.526.7284.
Thank you, Brett! The idea of preventing ransomware before it can infect and disrupt a system is awesome. We’re very excited about this solution and hope organizations will employ it as part of their cyber risk management!
