itb-au logo
Story image

Index Engines enhances ransomware detection and recovery software

Index Engines has announced the latest enhancements to its ransomware detection and recovery software, CyberSense, to help organisations win the war against cyberattacks.

CyberSense provides advanced data analysis software that scans backup data to check integrity, monitors files to identify changes indicative of cyberattack, and provides forensic reporting to diagnose and recover from corruption. 

"Cyberattacks continue to evolve to be more aggressive and more stealth-like than ever before, so we've continued to improve CyberSense to tackle this refinement," says Jim McGann, vice president at Index Engines. 

"By providing upgrades to performance and support for additional workloads, we are able to continue providing organisations with the ability to quickly identify, repair and recover from cybersecurity issues," he says.

"Rather than pay a ransom to recover encrypted data or take months to rebuild systems from the ground up after an attack, organisations can deploy CyberSense to detect attacks and support rapid recovery."

CyberSense uses a combination of full-content-based analytics and machine learning to detect if an attack has occurred. If attack vectors are identified, CyberSense provides forensic tools to diagnose and recover, including reports on files that were impacted so they can be replaced with the last known good version to ensure business operations return to normal with minimal downtime

Among the performance enhancements are increased data throughput, new database workloads and aggregation to a central cloud repository. 

 

  • Increased data throughput for the analysis of backup images, including virtual machine backups. 
    The enhancements include increased parallelism to fully utilise the processing power of the CyberSense server including the ability to quickly determine if file within a backup was already analysed in a previous backup, allowing it to be skipped over for analysis. 

 

  • New database workloads for CyberSense analytics and integrity validation.  
    These include the SAP HANA database and the Microsoft Extensible Storage Engine (ESE), also known as JET Blue which is a core component of core of Microsoft Exchange Server and Active Directory. (DB2, SharePoint, MS-SQL, Oracle, and others also supported) New option that aggregates CyberSense statistics from clients into a central cloud repository. This repository does not contain any client data only anonymous statistics from CyberSense scans. The statistics resulting from the CyberSense scan will be analysed by the latest version of the CyberSense machine learning model for improved results.

"While real-time cyber protection solutions are designed to protect from an attack, protection gaps do occur," says McGann. 

"Metadata-only solutions can miss more sophisticated attack vectors, providing a false sense of confidence. 

"CyberSense is the only data analytics product on the market that validates the integrity inside all files and databases on the initial scan," he says.

"CyberSense will detect even the most sophisticated corruption that hides inside files, providing 99.5% confidence in alerting an attack occurred."

CyberSense begins its attack detection workflow with comprehensive indexing. Every time CyberSense sees a new backup image, statistics are generated from that scan and compared to previous scans. These analytics are input into CyberSense's machine learning model. The results are deterministic regarding the datas integrity and if the data has been corrupted by a ransomware attack.

CyberSense also provides various reports and details that assist in the diagnosis and recovery from the attack. CyberSense provides the attack vector utilised to manipulate the data as well as a complete listing of suspect files that have been manipulated, providing an understanding of the breadth of the attack. 

Additionally, using the event logs analysis tools, CyberSense reports on the user account that was breeched and the executable data that was used to corrupt the data in order to eliminate the threat.