sb-au logo
Story image

Index Engines enhances ransomware detection and recovery software

Index Engines has announced the latest enhancements to its ransomware detection and recovery software, CyberSense, to help organisations win the war against cyberattacks.

CyberSense provides advanced data analysis software that scans backup data to check integrity, monitors files to identify changes indicative of cyberattack, and provides forensic reporting to diagnose and recover from corruption. 

"Cyberattacks continue to evolve to be more aggressive and more stealth-like than ever before, so we've continued to improve CyberSense to tackle this refinement," says Jim McGann, vice president at Index Engines. 

"By providing upgrades to performance and support for additional workloads, we are able to continue providing organisations with the ability to quickly identify, repair and recover from cybersecurity issues," he says.

"Rather than pay a ransom to recover encrypted data or take months to rebuild systems from the ground up after an attack, organisations can deploy CyberSense to detect attacks and support rapid recovery."

CyberSense uses a combination of full-content-based analytics and machine learning to detect if an attack has occurred. If attack vectors are identified, CyberSense provides forensic tools to diagnose and recover, including reports on files that were impacted so they can be replaced with the last known good version to ensure business operations return to normal with minimal downtime

Among the performance enhancements are increased data throughput, new database workloads and aggregation to a central cloud repository. 

 

  • Increased data throughput for the analysis of backup images, including virtual machine backups. 
    The enhancements include increased parallelism to fully utilise the processing power of the CyberSense server including the ability to quickly determine if file within a backup was already analysed in a previous backup, allowing it to be skipped over for analysis. 

 

  • New database workloads for CyberSense analytics and integrity validation.  
    These include the SAP HANA database and the Microsoft Extensible Storage Engine (ESE), also known as JET Blue which is a core component of core of Microsoft Exchange Server and Active Directory. (DB2, SharePoint, MS-SQL, Oracle, and others also supported) New option that aggregates CyberSense statistics from clients into a central cloud repository. This repository does not contain any client data only anonymous statistics from CyberSense scans. The statistics resulting from the CyberSense scan will be analysed by the latest version of the CyberSense machine learning model for improved results.

"While real-time cyber protection solutions are designed to protect from an attack, protection gaps do occur," says McGann. 

"Metadata-only solutions can miss more sophisticated attack vectors, providing a false sense of confidence. 

"CyberSense is the only data analytics product on the market that validates the integrity inside all files and databases on the initial scan," he says.

"CyberSense will detect even the most sophisticated corruption that hides inside files, providing 99.5% confidence in alerting an attack occurred."

CyberSense begins its attack detection workflow with comprehensive indexing. Every time CyberSense sees a new backup image, statistics are generated from that scan and compared to previous scans. These analytics are input into CyberSense's machine learning model. The results are deterministic regarding the datas integrity and if the data has been corrupted by a ransomware attack.

CyberSense also provides various reports and details that assist in the diagnosis and recovery from the attack. CyberSense provides the attack vector utilised to manipulate the data as well as a complete listing of suspect files that have been manipulated, providing an understanding of the breadth of the attack. 

Additionally, using the event logs analysis tools, CyberSense reports on the user account that was breeched and the executable data that was used to corrupt the data in order to eliminate the threat.

Story image
Rate of ransomware attacks in Australia well above global average — report
Over two-thirds (67%) of Australian organisations have suffered a ransomware attack in the last 12 months — 10 percentage points above the global average of 57%.More
Story image
Why 2021 will be the year of catch-up
The transition to remote work and new online contactless business models is not temporary and is affecting the future strategy on how organisations invest in cybersecurity, writes Radware vice president and managing director for EMEA and LATAM, Rob Hartley.More
Story image
Vectra expands NDR capabilities across all network environments
Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks.More
Story image
Is the 'fast follower' mentality holding back anti-money laundering in Australia?
The decade-old rules-based systems cannot keep up with sophisticated cyberattacks and money laundering threats on their own, writes FICO financial crimes leader for APAC Timothy Choon.More
Story image
DevSecOps increasingly important, but APAC organisations lagging behind
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.More
Story image
Cybermerc launches AU cyber threat intelligence platform, AUSHIELD
So far Australian National University, Fortinet, Anomali, Elastic, Vault Cloud, and startups SecureStack and Countersight have joined the project.More