Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Find cyber threats that have evaded your defenses.
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Brands of the world trust ReliaQuest to achieve their security goals.
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
The latest threat research report from ReliaQuest Threat Research research team.
The latest white papers focused on security operations strategy, technology & insight.
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
If there is one lesson we can take away from 2020 is that we all need to be prepared for the worst. Resilience has emerged as the top skill that people and businesses need to possess not only to survive but also to thrive in a changing and challenging world.
Rapid changes require businesses to make rapid but well-informed decisions on how to respond and adapt. Informed decision making should be based on intelligence and feedback from past experiences to be able to foresee what is probable to happen in the future and prepare accordingly. This is the key takeaway of the Verizon 2021 Data Breach Investigations Report (DBIR).
What else can we learn from the DBIR 2021?
Although phishing attacks continue to be one of the top attack methods in data breaches, what was different during 2020 was that ransomware attacks doubled since 2019. This increase is not related to the remote working environments, rather with the shift in tactics of the ransomware gangs. Unfortunately, this trend seems to continue well into 2021, as the recent attack against Colonial Pipeline demonstrated.
These actors will first exfiltrate the data they encrypt so that they can threaten to reveal it publicly if the victim does not pay the ransom. This modus operandi targets two sensitive attributes: brand reputation and data availability. Even if the PR departments do their best to downgrade the impact of a ransomware attack, criminals issue their own “press releases” on the Dark Web where they make sure to name their victims – the reputation damage is certain.
Focusing on data availability, this can be analyzed into obscuration and loss. Obscuration is the result of data encryption because of the ransomware installation, while loss occurs because businesses no longer have access to the obscured data. Either way, the violation of data availability results in serious operations disruption, affecting the victim for many days or weeks after the initial infection.
The positive outcome of the DBIR 2021 report regarding ransomware attacks is that 90% of victims did not experience any financial loss. This should be attributed to the fact that many businesses have now implemented simple security controls – such as data backups – to help them respond to these kinds of attacks. However, and this should become a strong motivation for everyone, the remaining 10% of the victims experienced losses ranging from $70 up to $1.2 million. Although the Department of Justice managed to claw back the ransom paid by Colonial Pipeline, that will not always be the case.
Of course, direct losses are not the sole cost one encounters due to a breach. Apart from the damage done by the attacker, there remains the expense of Digital Forensics and Incident Response (DFIR) and legal counsel. When forensics costs were present, 95% fell into the range of $2,400 to $336,500, while the legal costs fell between $800 and $54,000. Furthermore, breaches can impact the stock price of the affected businesses. According to an analysis, downward trends in stock price may be witnessed even two years after the incident.
Mitigating the threat posed by ransomware attacks is of crucial importance for all organizations, no matter their sector. With criminals targeting across sectors, from schools and hospitals to critical infrastructures, it is essential to deploy solutions that can help organizations detect and prevent these attacks. So, the question is which solution to select? There are so many security vendors that provide EDR solutions and promise to block all ransomware variants that it’s hard to choose.
And, EDR alone may not provide organizations with the visibility needed to identify the root cause of the malware infection so that it doesn’t happen again, nor can the EDR tool provide the full impact of the incident. To get full visibility into ransomware incidents, organizations need to gather data from multiple sources often across multiple environments including Cloud, not just from an EDR tool alone. Ransomware investigations will involve data from the SIEM, Firewalls, VPNs, cloud environments, SaaS applications and others in order to identify the point of intrusion and whether data was compromised.
ReliaQuest’s GreyMatter Open XDR-as-a-Service platform provides this visibility as well as automated response capabilities to quickly remediate the threat, while also providing a full picture of the attack across the kill chain. An analyst may see ransomware blocked in the environment without digging further into the details of how the malware got into the environment in the first place, which is a recipe for a repeat occurrence. With the ReliaQuests GreyMatter platform, organizations can identify the root cause to prevent it from happening again as well as communicate to the business the impact. Learning how the ransomware attack unfolded and blocking are both essential to the business as well as a post-mortem to improve mitigation and detection capabilities for the next attack.
Businesses need to be aware that for ransomware gangs there is a low risk of getting caught but with a high reward of getting paid. Ransomware is a proving to be a highly profitable “business,” so things will only get worse. Organizations need to take the ransomware threat seriously and deploy appropriate preventative and response controls to properly mitigate the threat that goes beyond the perimeter.
ReliaQuest has provided our customers with a threat advisory report regarding ransomware which included an outline of key behaviors to monitor for ransomware. As ransomware is increasingly customized for specific organizations, and the infrastructure constantly changes, relying on Indicators of Compromise (IoCs) alone can be a challenge, so multiple, layered preventative and response controls should be deployed.
ReliaQuest’s Threat Management Team continues to monitor the threat posed by ransomware families and continuously updates our Intel and Detect capabilities within the GreyMatter platform, ensuring our customers have the most up-to-date coverage.