Index Engines CyberSense With Up to 10X Performance Enhancement in Detecting Ransomware Corruption

CyberSense, powered by data integrity software company Index Engines, Inc., announced an update that enables Dell technologies, Inc.’s customers to detect and recover from ransomware corruption with less compute resources thanks to a tighter integration with PowerProtect Cyber Recovery product.

With this release, organizations can verify the integrity of large data volumes of Virtual Backups and File System Block Based Backups (BBB) up to 10x faster than the previous release by reading 10x less data on the initial scan. This minimizes the resources and costs required to check the integrity of data and ensures it is reliable and void of corruption due to ransomware.

“This new version of CyberSense breaks the performance barrier and allows clients to perform full content analytics on large data volumes daily,” said Jim McGann, VP,. “We originally designed the integration for a company’s most sensitive data amounting to hundreds of terabytes, however our customers saw the value of CyberSense analytics and are now securing larger volumes of data for integrity checking so we re-engineered the integration to support larger data environments without compromising our industry leading full-content analytics.”

Ransomware attacks have been trending steeply upwards in recent years, and when one is successful, backup data is often the best and quickest way to recover. It is a challenge to find the last good version of files and databases to restore to return the business to a pre-attack steady state.

Unlike alternatives that rely solely on metadata analytics and entropy calculations, resulting in high false positive rates, CyberSense is a solution to provide full-content analytics and ML, which provides a 99.5% level of confidence in finding signs of corruption due to ransomware, in a single backup cycle, as well as the identification of the last good version of data to accelerate the recovery process and minimize downtime.

It is integrated with the PowerProtect Cyber Recovery vault offering and has become the standard for organizations deploying robust cyber resiliency strategies. Originally meant for an organization’s most mission-critical data, this new integration extends petabyte-class support with new levels of efficiency.

This version incorporates architecture that prioritizes recently modified data for analysis, while spreading unchanged data analysis over time. This allows the most suspect data to be checked for integrity, then scans the balance of data at a lower priority.

In an example where 400TB of virtual backups are replicated to a Cyber Recovery vault, full content analytics would have required the full 400TB of virtual images to be read and analyzed daily, leveraging 6 CyberSense servers. With this new version, the number of servers for the environment can be reduced to 1 server with an estimated 36TB of data read daily, resulting in up to a 10x reduction in data read and analyzed utilizing the change blocks of the client images. Additionally, it reduces Data Domain requirements and resources and provides cost savings for clients deploying Cyber Recovery with CyberSense. The platform also supports clients utilizing Dell Networker, Avamar and PowerProtect Data Manager as their backup products within a Cyber Recovery vault – now available in CyberSense release 7.8 and 7.9.

Click to enlarge

CyberSense software is a data analytics product that validates the integrity inside all files and databases on the initial scan. It detects the most sophisticated corruption that hides inside files, providing 99.5% confidence in alerting that an attack has occurred. This is far more reliable than metadata-only scans or sending sensitive content to the cloud for analysis. CyberSense machine learning analysis compares data as it changes over time to detect suspicious behavior and cyber corruption.

The software, available via Dell Technologies’ PowerProtect Cyber Recovery vault, provides post-attack reports and diagnostic details to assist recovery. In most cases, CyberSense users will reduce their recovery time from weeks and months to hours.