This has allowed us to detect all known ransomware with greater than 99% accuracy.
HOLMDEL, NJ (PRWEB) April 23, 2018
Information management company Index Engines announced its new CyberSense platform, which acts as a last line of defense against cyber-attacks by monitoring for suspicious changes in the backup environment or on specific file servers.
The Index Engines strategy is unique, assuming other software is focused on preventing the attack and that software has failed. CyberSense monitors the mission-critical data, looking for signs of a successful attack.
“Organizations have firewalls to limit access to unknown users, DLP software to prevent information from leaving the corporate network, virus scanners to identify and remove known malware, behavioral analysis tools to detect malware activity,” Index Engines vice president Jim McGann said. “These are all good investments for real-time, reactive prevention, but attacks and bad actors persist.”
Index Engines’ CyberSense platform understands that attacks will occasionally penetrate the data center and while there are an unlimited number of potential attacks that bad actors create, there are a limited number of things that they will do to your data once they get through your defenses.
The CyberSense feature is designed to protect organizations against bad actors that get around firewalls and other detection techniques and analyzes changes in data that could be indicative of a ransomware attack. If an attack is detected, data can be restored within a single backup cycle. Recovering from a cyber-attack becomes no different than recovering from any other disaster – just restore the last backup minus the malware.
“When we surveyed all known newly identified ransomware attacks over a two-year period, each of which implemented new ways of evading detection by traditional security software, none of them had introduced a new pattern of damage to the data itself,” McGann said. “This has allowed us to detect all known ransomware with greater than 99% accuracy.”
CyberSense is based on Index Engines’ enterprise-class data governance solution and is deployed within the data center. It works as follows:
1. An initial index of the data creates a baseline scan where analytics are processed that will uncover unusual behavior, such as corrupt and truncated files. This data can exist on either primary storage, or in backup images.
2. CyberSense processes the analytics and leverages machine learning algorithms, based on known ransomware profiles.
3. Based on this analysis CyberSense makes a deterministic decision on whether or not a ransomware attack has occurred. This decision can occur after the first scan of the data.
4. Index Engines will continue to process data on either primary storage or within backup to determine if any new infections occur.
Learn more about Index Engines’ CyberSense by visiting http://www.indexengines.com/ransomware