Ransomware Protection That Stops the Blast Radius — Before It Spreads
In this demo clip from LightBeam’s Summer Release Product Update Webinar, see how LightBeam reduces ransomware impact.
Ransomware Protection That Stops the Blast Radius — Before It Spreads
Ransomware doesn’t fail because of encryption.
It succeeds because of excessive access, stale permissions, and invisible data paths.
In this demo clip from LightBeam’s Summer Release Product Update Webinar, see how LightBeam reduces ransomware impact by:
✔️ Identifying high-risk access paths to sensitive data
✔️ Detecting abnormal behavior tied to real identities
✔️ Automatically limiting blast radius with least-privilege controls
✔️ Exposing shadow data that attackers love to exploit
✔️ Turning ransomware response from reactive to preventative
LightBeam doesn’t just detect ransomware.
It removes the conditions that let it spread.
▶️ Watch the full Summer Release Product Update Webinar: https://www.lightbeam.ai/summer-release-2025-webinar/
#RansomwareProtection #DataSecurity #IdentitySecurity
Transcript
for Azure shares rather.
It's a data source is an SMB data type.
And in this case, consider a scenario where a user, Tiffany,
who has her account compromised detector logs in
after hours, encrypts files,
and then possibly leaves a ransom note.
Here's what we would see and what we would,
we would do along the way.
So we've got nine incidents,
two different users click on the incidents.
The most recent incident being Tiffany,
you can see it's actually happened twice.
She's trigger two separate alerts today,
so we can click here and open her user.
But first I wanna see what's happening inside
of this specific incident.
So in here, 18 objects were encrypted with WannaCry.
So that's a pretty clear sign
that this isn't an insider threat scenario.
This is ransomware and we know that.
So we want to get in here and look at Tiffany's user.
You can see that, oh, there's, there's lots
and lots of files over time.
Got, uh, encrypted, not necessarily with this one event,
but multiple events over time.
We want to ensure that this doesn't happen anymore
and that's why we added the rule set to go ahead
and automatically revoke access for the user account.
When that happens, we can go
back and I share that in a second.
So it's very clear. We need to work with Tiffany.
We need to get her account reset.
We need to do some remedial training on security protocols,
likely some phishing training and go from there.
But for now, we need to go back to the review
and suspend the user
because right now her account is out of control
and we want to go ahead and suspend that.
Let's go back here, go into the rule set.
Very similar rule set as as Yuba.
Uh, so if the encrypted file count is more than 10
for one minute, send the alert on the file shares,
alert the data source owners, anybody else in here,
and then fire off in automation.
So once again, if the pattern continues
for three consecutive minutes,
the user will automatically be suspended.
So in the, in the case of our example here,
that user clearly would've already been su suspended if this
weren't a demo environment.
So we wouldn't have con worried about continued events
occurring.
