Nebulon, Inc. announced TripLine, a new threat
detection service designed to alert customers when a cryptographic
ransomware attack has been detected, as well as the precise location and
point-in-time the attack occurred. The company also announced
smartDefense, a cybersecurity solution that narrows threat vectors,
detects ransomware attacks, and accelerates recovery.
Despite the growing awareness about the dangers of ransomware-nearly
two-thirds (63%) of the codebases in production have unpatched
vulnerabilities rated "High" or "Critical" according to the March 2023
Unit 42 Cloud Threat Report. The same report also cites an
average response time of approximately six days to a security alert,
whereas it only takes a few hours for threat actors to start exploiting a
newly disclosed vulnerability.
Nebulon TripLine is the first combined server-storage threat detection
solution for cryptographic ransomware. The new smartInfrastructure
service can identify attacks on application data as well as the
operating system and application software. TripLine is enabled within
two parts of the Nebulon solution: (1) the Nebulon Secure Enclave, an
isolated infrastructure domain that includes all server lights-out
management, data services, boot and data volumes, and attached SSDs, and
(2) the Nebulon ON cloud control plane.
Machine learning (ML) runs in the Secure Enclave and identifies
encrypted versus unencrypted blocks in real time. Every 30 seconds,
these results are sent to the Nebulon ON cloud, which uses a combination
of ML and statistical models to compare that data to the historical
average of encrypted blocks for a given volume. A spike in encrypted
blocks will generate an alert within a few minutes of the first
suspicious result.
"As a provider of Electronic Medical Records and Practice Management
solutions, HIPAA compliance is a top priority for our organization and
our clients," said Hamid Amjadi, CTO of Prime Clinical Systems.
"Nebulon's new ransomware detection service, combined with their
existing recovery features, helps us better protect patient privacy and
should be a checklist item for any healthcare provider looking to
bolster HIPAA compliance."
Hyper-converged infrastructure (HCI), which provides no isolation
between infrastructure services and application services, is
particularly vulnerable to cyber-attacks. When the HCI operating system
(OS) becomes infected, data services become unavailable and the disks
that store snapshots protecting application data become compromised,
making fast recovery impossible. This leaves enterprises with no choice
but to re-install and reconfigure operating systems and clustering
software, then recover application data from backup servers which also
likely have been compromised-a process that can take days or even weeks.
Unlike HCI, Nebulon TripLine enables performant ransomware detection and
recovery of the entire physical infrastructure without resorting to
re-installation or backups. Combined with Nebulon ON, enterprises can
benefit from push-button, API-accessible recovery of all affected
volumes using TimeJump, Nebulon's 4-minute ransomware recovery service.
Nebulon also announced smartDefense, a new smartInfrastructure solution
for narrowing threat vectors, detecting ransomware breaches, and
accelerating recovery. smartDefense is intended to complement what
organizations have in place for their cybersecurity framework, adding a
solution for the deep server-storage application infrastructure.
smartDefense protection relies on Nebulon ImmutableBoot, which maintains
a known good version of the operating system and application stack
within the Secure Enclave of every server. With every reboot, the server
reverts to this trusted software instance, eliminating errant firmware
updates or dormant malware in the process.
smartDefense detection and recovery capabilities leverage Nebulon
TripLine and Nebulon TimeJump. TimeJump can rapidly recover operating
systems, application configurations, and data, reducing recovery time
from days to less than 4 minutes for multiple clusters simultaneously.
With the addition of TripLine to the smartDefense solution, customers
can precisely identify the point of attack within their infrastructure
and revert to a secure state using TimeJump, resulting in a significant
reduction in overall threat response and recovery time.
"The focus is shifting from perimeter-level protection to comprehensive
solutions that cover the entirety of an organization's infrastructure,
and there are woefully few options to protect the server-storage
infrastructure," said Siamak Nazari, Nebulon CEO. "Since powerful
detection and recovery services are architecturally built-in, not
bolt-on, CISOs and CIOs should demand such capabilities be an inherent
part of any modern infrastructure deployment."