Index Engines has announced a new version of its CyberSense product. It is now faster and capable of handling much higher levels of throughput. This, the company claims, allows CyberSense to detect, diagnose and recover from sophisticated cyberattacks faster
The new version also has support for more database workloads and the ability to aggregate statistics to a new central cloud repository. CyberSense uses this to improve its machine learning algorithms which feeds back into product performance.
Jim McGann, Vice President at Index Engines, said: “Cyberattacks continue to evolve to be more aggressive and more stealth-like than ever before, so we’ve continued to improve CyberSense to tackle this refinement.
“By providing upgrades to performance and support for additional workloads, we are able to continue providing organizations with the ability to quickly identify, repair and recover from cybersecurity issues. Rather than pay a ransom to recover encrypted data or take months to rebuild systems from the ground up after an attack, organizations can deploy CyberSense to detect attacks and support rapid recovery.”
Three new features:
Index Engines has announced three key improvements in this new version of CyberSense:
- Increased data throughput for the analysis of backup images, including virtual machine backups: The enhancements include increased parallelism to fully utilize the processing power of the CyberSense server including the ability to quickly determine if a file within a backup was already analyzed in a previous backup, allowing it to be skipped over for analysis.
- New database workloads for CyberSense analytics and integrity validation: These include the SAP HANA database and the Microsoft Extensible Storage Engine (ESE), also known as JET Blue which is a core component of Microsoft Exchange Server and Active Directory (DB2, SharePoint, MS-SQL, Oracle, and others also supported).
- A new option that aggregates CyberSense statistics from clients into a central cloud repository: This repository does not contain any client data only anonymous statistics from CyberSense scans. The statistics resulting from the CyberSense scan will be analyzed by the latest version of the CyberSense machine learning model for improved results.
What does CyberSense do?
Attackers, especially those using ransomware, are changing how they work. Instead of just infecting and locking systems, they sit inside their victim’s networks for longer periods before locking up data. In doing so, they seek to prevent victims from simply restoring from a backup and recovering from the attack.
CyberSense counters this by indexing files and data that are being backed up and creating a set of statistics. It then analyses those statistics and feeds the results to its machine learning model. That model then compares the data to see if there are any indicators of compromise.
If an attack is detected, the software then looks for the attack vector. The attack vector could be malware hidden inside an email or an attack launched through a drive-by attack. It also looks to see which user account was compromised to get the ransomware onto the system.
Once the attack vector is known, CyberSense looks at existing and potential damage from the attack. This includes which files are likely to be encrypted and what departments are affected or at risk. It allows in-house security teams to disconnect infected systems and reduce the spread of the attack. The company claims that it can detect corruption with up to 99.5% accuracy.
Using the index files and statistics, the software then identifies the last trusted backup. It allows customers to begin restoring their systems quickly and confidently.
Enterprise Times: What does this mean?
Anything that mitigates the impact of ransomware is to be welcomed. It is an attack-type that is growing and causes significant damage to its victims. The response from the authorities in many countries is to try and outlaw payments to get systems unlocked. Unfortunately, that doesn’t protect the victims or their customers. The only way to mitigate is through better cyber hygiene and having clean backups ready to restore.
Index Engines have done a good job with CyberSense. The enhancements in this latest version will offer more protection to their customers.