Index Engines announced the latest enhancements to its ransomware detection and recovery software, CyberSense, to help organizations win the war against cyberattacks.
CyberSense provides advanced data analysis software that scans backup data to check integrity, monitors files to identify changes indicative of cyberattack, and provides forensic reporting to diagnose and recover from corruption.
“Cyberattacks continue to evolve to be more aggressive and more stealth-like than ever before, so we’ve continued to improve CyberSense to tackle this refinement,” said Jim McGann, Vice President at Index Engines.
“By providing upgrades to performance and support for additional workloads, we are able to continue providing organizations with the ability to quickly identify, repair and recover from cybersecurity issues. Rather than pay a ransom to recover encrypted data or take months to rebuild systems from the ground up after an attack, organizations can deploy CyberSense to detect attacks and support rapid recovery.”
CyberSense uses a combination of full-content-based analytics and machine learning to detect if an attack has occurred. If attack vectors are identified, CyberSense provides forensic tools to diagnose and recover, including reports on files that were impacted so they can be replaced with the last known good version to ensure business operations return to normal with minimal downtime.
Among the performance enhancements are increased data throughput, new database workloads and aggregation to a central cloud repository.
- Increased data throughput for the analysis of backup images, including virtual machine backups. The enhancements include increased parallelism to fully utilize the processing power of the CyberSense server including the ability to quickly determine if file within a backup was already analyzed in a previous backup, allowing it to be skipped over for analysis.
- New database workloads for CyberSense analytics and integrity validation. These include the SAP HANA database and the Microsoft Extensible Storage Engine (ESE), also known as JET Blue which is a core component of core of Microsoft Exchange Server and Active Directory. (DB2, SharePoint, MS-SQL, Oracle, and others also supported).
- New option that aggregates CyberSense statistics from clients into a central cloud repository. This repository does not contain any client data only anonymous statistics from CyberSense scans. The statistics resulting from the CyberSense scan will be analyzed by the latest version of the CyberSense machine learning model for improved results.
“Data integrity and system security are of ever-increasing concern to organizations as digital information has become the lifeblood of their businesses,” said Christophe Bertrand, Senior Analyst, Enterprise Strategy Group (ESG).
“Recent ESG research shows that the threat of data not being available due to criminal activities related to cyberattacks and ransomware instances can leave businesses vulnerable like never before.
“A solution like CyberSense that not only monitors changes to a system but provides the means to recovery from malicious changes is one that should be seriously considered by IT professionals.”
While real-time cyber protection solutions are designed to protect from an attack, protection gaps do occur. Metadata-only solutions can miss more sophisticated attack vectors, providing a false sense of confidence.
CyberSense is the only data analytics product on the market that validates the integrity inside all files and databases on the initial scan. CyberSense will detect even the most sophisticated corruption that hides inside files, providing 99.5 percent confidence in alerting an attack occurred.
CyberSense begins its attack detection workflow with comprehensive indexing. Every time CyberSense sees a new backup image, statistics are generated from that scan and compared to previous scans. These analytics are input into CyberSense’s machine learning model. The results are deterministic regarding the data’s integrity and if the data has been corrupted by a ransomware attack.
CyberSense also provides various reports and details that assist in the diagnosis and recovery from the attack. CyberSense provides the attack vector utilized to manipulate the data as well as a complete listing of suspect files that have been manipulated, providing an understanding of the breadth of the attack.
Additionally, using the event logs analysis tools, CyberSense reports on the user account that was breeched and the executable data that was used to corrupt the data in order to eliminate the threat.
And because CyberSense is continually looking at how data has changed, it can provide the intelligence needed to assist in the restore of the last known good copy of the file.
CyberSense is integrated with the Dell EMC Cyber Recovery solution and resold by IBM Resiliency Services and Global System Integrators who offer hardware, software, and professional services. CyberSense pricing is based on the capacity of data processed.