news 
How Flow Data Can Help In The Fight Against Ransomware
In the ongoing battle against ransomware attacks, securing multicloud networks is crucial. As a Forbes Technology Council member, I’m here to share my expertise on how flow data can play a vital role in this fight.
Recent statistics show that nearly 90% of organizations now have a multicloud environment, and managing cloud spend remains a top challenge. Meanwhile, security still lags behind as the biggest obstacle. With cyberattacks reaching unprecedented levels, it’s essential to bridge the gap between cloud security and cost control.
While focused tools like application security, cloud security posture management (CSPM), cloud-native application protection platforms (CNAPPs) and cloud workload protection platforms (CWPPs) are available, they don’t provide the visibility needed to detect anomalies in real-time. Instead of choosing between different cloud security solutions, we must adapt existing security practices for multicloud environments.
The key lies within flow data, which is ubiquitous in modern networks but often overlooked. By leveraging this data, you can gain full visibility into network traffic and identify potential threats before they become major issues. This includes the ability to detect anomalous activity, tag devices and applications, and set up operational trust boundaries for interactions between them.
In practice, flow data can be used to prevent ransomware attacks in multiple stages:
1. Reconnaissance: Flow data can alert you to unauthorized network scanning that shouldn’t occur, as ransomware searches for new hosts to infect. This includes unusual access attempts to restricted areas and irregular communication patterns, such as potential botnet communications.
2. Staging: By monitoring flow data, you can detect data exfiltration to internal collection points and related trust boundary violations caused by malware moving data from sensitive areas like finance or HR.
3. Execution: Flow data can also be used to identify unusual data transfers happening at egress points during unusual times of day or through non-standard protocols and TOR networks.
4. Threat Hunting: Finally, flow data is invaluable for retrospective analysis. By examining historical network traffic, you can identify the attacker’s movement across your hybrid multicloud environment, enabling rapid remediation and containment.
While flow data offers tremendous benefits in combating ransomware attacks, its utilization comes with some challenges. Firstly, there are no cloud flow log standards, making it essential to include CloudOps team members with vendor-specific expertise during the normalization process. Secondly, SecOps teams often rely on deep packet inspection (DPI) and require training in creating flow data detection rules or relying on vendor-provided options.
However, by understanding how to harness insights from existing data and utilizing cross-cloud capabilities, security leaders can effectively manage cloud spend while maintaining robust defenses. In this era of heightened cyber threats, it’s time for a more comprehensive approach that doesn’t compromise the integrity of our networks or the sensitive information they contain.
As technology executives, we must recognize the limitations of existing solutions and focus on deriving value from flow data to create a unified defense strategy. By doing so, we can ensure that security and cost control go hand-in-hand, rather than being mutually exclusive goals.
Source: https://www.forbes.com/councils/forbestechcouncil/2025/03/26/how-flow-data-can-help-in-the-fight-against-ransomware/
