Index Engines: API-Based Developer’s Kit for CyberSense Analytics and Reporting Software

Index Engines, Inc. released an API-based developer’s kit to support the integration of its CyberSense software’s analytics and reporting into third-party backup and storage platforms.

Cybersense process

CyberSense delivers API’s that support full-content indexing of data, alerts if suspect corruption is detected, reporting to diagnose attacks and support recovery and more.

API’s are available to initiate indexing jobs for data in both primary and backup storage environments via NFS/CIFS or NDMP protocols. CyberSense can directly index files in backup images, including Dell EMC NetWorker/Avamar, Veritas NetBackup, IBM Spectrum Protect, and Commvault without the need to rehydrate the data.

CyberSense indexes at the content level, collecting over 100 statistics indicative of data corruption, and uses ML to check the integrity of files and databases as well as compares how content changes between file observations to determine if there has been corruption due to a cyberattack. Using content-based analytics and ML, CyberSense uncovers signs of encryption and corruption to determine if suspect behavior occurred.

CyberSense also provides post-attack forensic reporting that allows rapid diagnosis and recovery from an attack. These reports provide information that include the attack vector utilized, the files that have signs of corruption, the location and owner of these files, and the last good version of the files contained in previous backups. These reports provide the level of intelligence needed to streamline the recovery process.

CyberSense has the ability to deliver full content-based analytics at scale on data in backup formats as well as primary storage. Content-based analytics provide a 99.5% level of confidence that suspect corruption is detected, far superior to other solutions that are only able to deliver metadata-level analysis.

“Ransomware continues to be a concern for organizations large and small,” said Johna Tll Johnson, CEO and founder, Nemertes Research. “Many organizations think backups can protect them, but attackers have gotten smart: They’ll infect backup data sets from months or years earlier. It makes sense to engage both the cybersecurity and backup teams to ensure third-party backup is secure and unsullied.“

Metadata-based solutions can only detect a small portion of attacks that occur. And as cyber criminals get more sophisticated, they will hide their tracks and corrupt data in more advanced ways that could avoid changes in metadata or stay under the radar of today’s real time protection software. CyberSense’s content-based analytics deliver a high level of confidence that even the most sophisticated attacks are detected and false positives and negatives are minimized.

API’s available for CyberSense include following highlights:

• Administration

  • • Initiate an indexing job, targeting specific file locations/servers.

    • Support for indexing of file shares via NFS/CIFS/NDMP.

    • Support for direct indexing of backup images including Dell EMC NetWorker/Avamar, Veritas NetBackup, IBM Spectrum Protect, and Commvault as well as virtual backups.

• Alerting

  • • Ability to query for an alert when suspect signs of corruption are detected.

    • Detailed analytics including the suspect attack vector.

• Reporting

  • • Detailed listing of suspect corrupted files, including full filename and path.

    • Report on the last good version of the files and databases.

    • Reports on the specific backup sets containing pre-attack files needed for recovery.

API’s for CyberSense are available to partners who would like to integrate analytics, ML, reports and diagnosis capabilities with their storage and backup platforms.