In an era where ransomware threats continue to evolve and challenge organizations worldwide, innovative solutions are crucial for robust data protection.
In this exclusive VMblog Q&A, Rob Mossi, Senior Director of Product Marketing at Index Engines, discusses the latest developments in CyberSense, an AI-powered data analytics engine designed to detect ransomware-induced data corruption in backups and snapshots. With the recent release of CyberSense 8.7, Mossi delves into the enhanced data integrity capabilities, the power of AI in cybersecurity, and how organizations can leverage these advancements for smarter, more efficient recovery in the face of cyber threats. As CyberSense continues to scan over 5 exabytes of data globally for more than 1,500 customers, Mossi's insights offer a glimpse into the future of data protection and integrity in an increasingly complex digital landscape.
VMblog: I know CyberSense just released
a big update, but first can you remind our readers what CyberSense is?
Rob Mossi: Sure thing. CyberSense is an
AI-powered data analytics engine designed to detect data corruption caused by
ransomware in backups and snapshots. CyberSense detects this corruption
with 99.99% accuracy, minimizing data loss and downtime, to facilitate a safer,
smarter recovery.
For CyberSense, it's all about
data integrity. It scans core infrastructure, production databases, and
critical documents looking for patterns of corruption indicative of ransomware.
CyberSense offers peace of mind that data is clean from malicious corruption.
Think of it as kind of a smoke
alarm for critical data. If it goes off, something is wrong.
CyberSense is currently
scanning over 5 EB of data globally for over 1,500 customers
VMblog: The latest CyberSense release
is around data integrity -how do customers leverage the data integrity
capabilities of CyberSense in the new 8.7 release?
Mossi: I have to say that the "wow"
feature of the 8.7 release is the data integrity homepage. Now critical data
integrity insights on analyzed data are displayed via an easy-to-consume visual
experience.
So each customer gets a view
into the results of their scan, providing confidence that data is clean and
available for restoration. It's easy to get a picture of your data's integrity
at any time, 24/7.
VMblog: What else is new in 8.7?
Mossi: CyberSense 8.7 is packed with
some great compatibility and feature enhancements that will benefit both
customers and prospective customers as well. The first thing current customers
will notice is, the UI has incredibly fast response times so you can drill down
into petabytes of data quickly. This release also expands CyberSense's
compatibility to updated platforms like SUSE15 and Oracle Tablespace
encryption. It also makes it easier for organizations to limit access control
via security roles. On the integrity front, we also added corruption
alerts for databases that identify non-ransomware related corruption. As
you can see, 8.7 is a solid release.
VMblog: You mention your AI a lot -
what differentiates your AI?
Mossi: One of the tough parts about AI
is that it's only as good as the machine learning that trains it. CyberSense is
continually trained using real ransomware. We currently have over 7,000
variants in our lab which automates pulling actual ransomware from academia,
social media, websites including virustotal.com and more.
Then we have tens of millions
of data sets our machine learning uses to observe how data changes over time,
both naturally and by ransomware corruption. When CyberSense inspects data, it
uses over 200 content-based analytics indicative of ransomware behavior to see
how data is changing. In other words, our AI is trained to look for patterns of
behavior, vs actual ransomware. At the end of the day, this methodology enables
CyberSense to identify patterns resulting from ransomware and generate alerts
with 99.99% accuracy when corruption is detected.
In the event of an alert or
attack, CyberSense delivers detailed forensic reports to provide our customers
with the how, what, when and the extent of an attack. This enables
organizations to recover quicker and smarter with minimal data loss and financial
impact.
VMblog: I heard you put an SLA on that
99.99% number - can you take us through what that means?
Mossi: Great question...I think the
storage industry thinks of an SLA a bit differently than we do - they probably
think of it more in terms of uptime and availability.
For us at Index Engines, it's a
commitment to our customers that we can detect patterns of ransomware
corruption to 4-9's of accuracy and we had our detection process validated by
ESG -Enterprise Strategy Group. They looked at how we train our AI, test it and
validate its accuracy. When we completed our validation with them, out of
94,100 infected samples, CyberSense found 94,097 of them. You can read
more about it on our website. (link)
Organizations have the
assurance that the data they will recover is free of ransomware and malware
corruption, thus shortening down time and reducing the high costs associated
with an attack, which we mentioned earlier.
This standard is maintained
prior to each release and is our commitment to our customers to uphold the
highest standard of detection.
VMblog: If a customer gets attacked and
CyberSense detects it, how do they recover smarter?
Mossi: Once again it comes down to data
integrity. Smart recovery begins with data integrity. CyberSense gives
customers the confidence to determine the difference between good data and
compromised data.
CyberSense's AI continually
compares protected data over time to identify behavioral patterns that are
indicative of ransomware corruption with 99.99% confidence. CyberSense inspects
data's integrity and determines if corruption has occurred and provides
reporting on the point-in-time of the malicious activity.
In one intuitive dashboard,
admins understand the type of attack, the blast radius, the hosts/files
affected and a view of clean and suspect backups. Without this level of
accuracy, organizations will remain vulnerable to reinfecting their systems,
excessive data loss and will face elongated downtime and high remediation
costs.
With CyberSense, organizations
will know sooner when an attack occurs, understand the details of the attack
and have a clear path to recovery. The addition of CyberSense can even help
prevent future attacks by feeding telemetry data into SIEM and SOAR solutions
to look for similar patterns.
##