In today's ever-evolving cybersecurity landscape, organizations are grappling with the relentless threat of ransomware attacks. With bad actors continually outsmarting preventative security tools, the need for a robust post-attack recovery strategy has become paramount. Enter Index Engines, a company at the forefront of data protection and ransomware recovery solutions. In this exclusive VMblog Q&A, we sit down with Jim McGann, VP of Strategic Partnerships at Index Engines, to discuss the company's latest offering, CyberSense 8.6.
CyberSense, Index Engines' flagship product, is a game-changer in the realm of ransomware recovery. With its comprehensive content-based analytics, CyberSense continuously monitors enterprise data, including production databases, and validates its integrity with an impressive 99.5% confidence level. This unique approach empowers organizations worldwide to recover from ransomware attacks quickly and easily, without data loss or the need to pay a ransom.
The recent release of CyberSense 8.6 raises the bar even higher, offering an improved user experience, proactive detection of suspicious activity, and a smarter recovery process. With features like customizable content-based threshold alerts, expanded platform and workload support, and the introduction of the CyberSensitivity Index (CSI), Index Engines continues to push the boundaries of ransomware recovery, providing organizations with unparalleled confidence in their data integrity.
VMblog: Index Engines has announced a new release of its CyberSense software. Could you give us a quick recap of the value proposition of it?
Jim McGann: Organizations continue to struggle with preventing ransomware attacks. This is a battle that is nearly impossible to win as the bad actors continue to outsmart preventative security tools. This is why organizations need to shift their focus to post attack recovery, to ensure they can return to normal business operations when an attack occurs.
This is where CyberSense steps in. CyberSense continually monitors enterprise data through analysis of backups and snapshots, including production databases, and validates its integrity. As the only product on the market that provides comprehensive content-based analytics that detects hidden corruption with 99.5% confidence, CyberSense provides confidence that data is reliable for restoration. With CyberSense organizations worldwide are recovering from ransomware attacks quickly and easily without data loss or the need to pay a ransom.
VMblog: CyberSense 8.6 has some great updates. Can you tell us the goal of this release?
McGann: CyberSense 8.6 raises the bar with proactive detection of suspicious activity and a smarter recovery from ransomware. The biggest things you'll notice are:
- An improved user experience providing intuitive information to help recover data when a ransomware attack occurs. CyberSense enables organizations to understand potential data corruption, assess affected data, and view both clean and suspect backups/snapshots to minimize data loss and reduce downtime.
- A more proactive approach to detecting unusual activity from insider threats and external bad actors with a variety of customizable content-based threshold alerts. These alerts can be used to monitor data against typical activity and uncover potential malicious behavior. Some typical use cases would be the monitoring of honeypots or decoy files, or critical files like custom applications to detect if exe's or dll's have been tampered with and more.
- Expanded platform and workload support for RHEL 9.2 (LTS) operating system and VMFS file systems.
Also, not new to the product, but new to users in in 8.6, is the CyberSensitivity Index (CSI). The CSI is the AI-powered brain behind CyberSense and now it's displayed in the UI so organizations can understand the depth of the scanning and, optionally, adjust the sensitivity by host.
VMblog: You mentioned the expanded user interface, can you take us through changes there?
McGann: Overall, CyberSense 8.6's improved user experience provides intuitive information to help recover data when a ransomware attack occurs. The new user interface takes users on a path from why an alert was sent, to understanding what hosts were affected, the files corrupted, and the clean and suspect backups or snapshots associated with the alert. This dashboard provides all the information needed to support an intelligent recovery of clean data quickly and efficiently.
Backup vendors have added alerting capabilities to their products that will notify of a suspicious backup. They will then recommend restoring the previous backup without detailed forensic knowledge of what data was corrupted. With the improved CyberSense dashboard customers have detailed insight into what exactly happened and what needs to be recovered. This allows for a curated recovery of data that was corrupted and not a full restore of the backup or snapshot which would replace updated files that were not impacted resulting in data loss.
VMblog: What was the vision behind the new alerts and the advantage they provide?
McGann: CyberSense 8.6 provides two sets of customizable threshold alerts that may detect malicious activity from bad actors.
The first are user-configurable threshold alerts. These detect abnormal behavior and signs of data corruption by setting custom alerts by host based on detailed analysis of the data. Customizable alerts can be created based on changed files, changed file type, added/deleted files, or changes in entropy or encryption across the host.
The advanced threshold alerts provide a more granular and preemptive approach. The advanced threshold alerts enable administrators to create a targeted alert based on a server, folder or specific file. Examples of use cases can include the creation of decoy files that would only be changed or modified by bad actors, the monitoring of sentinel files that should never be modified.
VMblog: This release also includes the CyberSensitivity Index (CSI), which you describe as the brain behind CyberSense, can you expand on it?
McGann: The CSI helps end users understand the scrutiny data goes through to make sure it's clean of ransomware corruption. The CSI is the AI-powered brain behind CyberSense, measuring normal activity vs probable data corruption from ransomware and has been trained on thousands of variants and hundreds of millions of datasets to detect signs of data corruption caused by ransomware with 99.5% accuracy. We're really pleased that the CSI is now available for users to monitor and, optionally, adjust based on the needs of individual hosts.
VMblog: Now that CyberSense 8.6 is released, what's next?
McGann: It's an exciting time at Index Engines - first, we're growing exponentially so anyone with a passion for cyber storage and innovation should check out our careers page. We're going to be at Dell Technologies World in May and attending cyber security events worldwide throughout the year.
From an engineering standpoint, our developers are concentrating on our next release where we're going to continue to innovate, expand support, focusing on strategic partnerships and helping organizations recover smarter.
Our AI engine and full-content capabilities are unique in the industry and as more storage platforms opt to provide confident recovery from ransomware, you'll likely see our partnerships expand, as well.
##