Index Engines - IT Press Tour #56 June 2024

Transcript

1. Recover Smarter Harness AI to Recover from Ransomware With 99.99%

   Accuracy

2. Introduction to Index Engines Power Over Information™ Jim McGann VP,

   Strategic Partnerships [email protected]

3. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

   a registered trademark of Index Engines Inc. Index Engines Power Over Information™ Enterprise Software Data integrity software to fortify data resiliency and enable intelligent recovery against ransomware threats. Decades of Experience Unique AI-based machine learning technology providing unparalleled insights into enterprise data. People Development teams in New Jersey, Colorado, California and Pune India. Customers Global leader in providing cyber solutions across diverse industries with 1400+ installations worldwide.

4. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

   a registered trademark of Index Engines Inc. Index Engines’ Technology • User Files • Production Databases • Core Infrastructure • 200+ Content-Based Analytics • Detects Corruption Patterns Due to Ransomware • Primary Storage – Snapshots (VMFS) • Secondary Storage – Backups (File System, Virtual, dBase) • Highly Scalable • Powerful Performance • Up to 11 TBs/hour multi-stream Purpose Built Indexing Engine Observation s of Data Over Time Content Based Indexing AI-Based Machine Learning Model

5. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

   a registered trademark of Index Engines Inc. 1,400+ Global install base sold through partners Healthcare, Government, Finance, Education, Manufacturing, Utilities, etc. Ranges from 1TB to 40+PB of data scanned 5+ EB’s Scanned Daily with CyberSense

6. Understanding the Ransomware Challenge

7. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

   a registered trademark of Index Engines Inc. VULNERABILITIES IN SYSTEMS AND SOFTWARE PHISHING AND SOCIAL ENGINEERING WEAK AUTHENTICATION AND ACCESS CONTROLS LACK OF SECURITY AWARENESS TRAINING INSUFFICIENT ENDPOINT SECURITY COMPLEXITY OF IT INFRASTRUCTURE LACK OF DATA BACKUP AND RECOVERY PLANS Why Ransomware Attacks Persist

8. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

   a registered trademark of Index Engines Inc. Ransomware Impact The Results Can Be Devastating Reputation Time Costs Closure The British Library • October 2023 attack • 6 mo. for infrastructure • Followed by data restore Clorox • August 2023 attack • 20% decline in sales • CISO fired KNP Logistics • June 2023 attack • UK logistics firm • 700 ex-employees MGM Resorts • September 2023 attack • Global news • $110M costs

9. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

   a registered trademark of Index Engines Inc. Ransomware Recovery The Complexities of Restoring Operations Attack Detected Call Insurance Company Recovery Specialists Arrive Setup Clean Room Pay Ransom for Decryption Key Restore Recent Backups After Approved by Insurance Check the Integrity of Data: • If Corrupted, Repeat with Older Backup • Repeated Until Clean Data is Found Scan for Malware Restore Clean Data to Production Determine Data Loss Resume Operations IBM research shows the average cost of a ransomware breach is $5.13 million, with companies down for an average of 22 days after an attack, per Pentest. https://www.ibm.com/reports/data-breach; https://www.pentestpeople.com/blog-posts/ransomware-2022-f acts-and-statistics

10. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Is Backup Enough? Backups Unusual changes to • Metadata • Thresholds • Compression Backup Vendor s Snapshot •Cause of unusual activity? •Prone to false positives/negatives •Easy for bad actors to circumvent •Lack details of what happened Burden belongs to the customer Snapshot Snapshot Snapshot

11. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Beyond Backup --> Recover Smarter AI-Based Forensic Analysis of Data • Detailed insight for smart recovery • Not easily circumvented • Minimizes false positives/negatives • Forensic data leveraged by SIEM/SOAR 99.99% confidence in detecting corruption Backup Vendor s Backups Snapshot Snapshot Snapshot Snapshot

12. The Importance of Data Integrity in Ransomware

13. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Backup Vendor Offering? Cyber Resilienc y Ability to Recover Data Integrity Knowledge that Data is Reliable Managing Cyber Liability Needs to Be Priority Recover Smarter Recover Faster While Minimizing Data Loss

14. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Efficient Detection •Direct scanning of backups/snapshots, no rehydration. •Saves time and compute resources without allowing malware to spread. Faster Recovery •Identifies last-known good copy of data, immediate recovery. •Eliminates the need for mass data restores and reduces recovery time. Minimizing Data Loss •Detailed listing of corrupted files for curated recovery. •Avoid mass restores that overwrites clean data. Mitigating Future Risk •Detailed forensic analysis of blast radius. •Telemetry data points to proactively stop attacks in the future. The Importance of Data Integrity

15. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Data Integrity Requires Content Analysis ✔ Inspect content of files and databases ✔ Look for corruption patterns indicative of ransomware ✔ Utilizes hundreds of data points and AI-based MLM

16. 99.99% SLA for Detection Accuracy Not for Publication Until June

    18th at 9 am EST

17. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Validated: CyberSense’s AI-driven machine learning models determines data corruption with 99.99% accuracy and enables intelligent recovery from ransomware attacks to support Cyber Storage resiliency. Recover Smarter 99.99% SLA for Accurate Detection “ESG was guided through the comprehensive machine learning process that feeds the CyberSense AI-engine, which leverages thousands of actual ransomware variants, sophisticated intermittent encryption variants, tens of millions of data sets along with backup data sets to test the AI. Ultimately, the results were greater than 99.99% in confidently detecting signs of corruption.” Alex Arcilla, Senior Analyst, Validation Services, Enterprise Strategy Group. Not for Publication Until June 18th at 9 am EST

18. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Identify Purpose-Built Indexing Recover Smarter 99.99% SLA for Detection Accuracy • Comprehensive inspection over time • Extend resiliency to backup and snapshots • Scales to meet enterprise performance requirements • Continuously validate data • Persistent observation and comparison of data change rates Not for Publication Until June 18th at 9 am EST

19. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Identify Purpose-Built Indexing Recover Smarter 99.99% SLA for Detection Accuracy Detect AI-Driven Analysis • Comprehensive inspection over time • Extend resiliency to backup and snapshots • Scales to meet enterprise performance requirements • Continuously validate data • Persistent observation and comparison of data change rates • Proven 99.99% SLA for data accuracy • Minimize false positives and negatives • Leverage honeypots, sentinel files and alerts to detect unusual threshold internal and external changes Not for Publication Until June 18th at 9 am EST

20. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Identify Purpose-Built Indexing Recover Smarter 99.99% SLA for Detection Accuracy Detect AI-Driven Analysis Recover Smarter: Recovery Insights • Comprehensive inspection over time • Extend resiliency to backup and snapshots • Scales to meet enterprise performance requirements • Continuously validate data • Persistent observation and comparison of data change rates • Proven 99.99% SLA for data accuracy • Minimize false positives and negatives • Leverage honeypots, sentinel files and alerts to detect unusual threshold internal and external changes • Accurately identify the scope, time, servers and files of attacks with detailed forensic intelligence • Prevent malware from reentering production- confidence that your last known backup is "good” • Continuous machine learning prevents future attacks Not for Publication Until June 18th at 9 am EST

21. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Ransomware Behavior • Determined to be a core set of behaviors • Based on research and detonation of thousands of variants Behavioral Classification Approach • Broad categories that define typical approaches • Classified into 5 categories Data Collection and Analysis • Collection of common data types for testing • Collection of new ransomware variants Backup Generation • Creation of backup images and snapshots • Corruption of backups using actual ransomware CyberSense Analysis • Analysis of data ML Model Training • Trained using iterative training pipeline • MLM compared with customer data 99.99% Confidence: AI/MLM Testing and Validation Automated Process 99.99 % Not for Publication Until June 18th at 9 am EST

22. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Behind the numbers CyberSense Research Lab results: • 125,000 data samples for validation • 94,100 data samples infected with ransomware • CyberSense successfully detected 94,097 infected samples with 3 false negatives • Detection rate of 99.99% 94,097 / (94,097 + 3) • One false positive out of 30,895 predictions Not for Publication Until June 18th at 9 am EST ✔ Tested against real-world scenarios with live ransomware ✔ Ransomware trained AI performs deep content inspection ✔ Achieve unprecedented accuracy in detecting data corruption

23. CyberSense Overview

24. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Ransomware Variants Variant Description Common Analysis CyberSense Analysis AlphaLocker Maintains original metadata Metadata will FAIL Analysis of content will detect corruption WhiteRose Slow corruption <1 file/sec. to evade thresholds Thresholds will FAIL Malicious changes in small number of files will detect corruption Xorist XOR encryption with no changes to entropy or compression Detection of encryption using compression rates will FAIL Chaos Base64 encoding to minimize entropy or compression 200+ analytics with analysis of content will detect corruption LockFile, BianLian Partial/Intermittent encryption This approach is 60% of current attacks

25. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. AI-Powered Data Analysis Unmatched Insight into Enterprise Data Observations over time Deep inspection of files Metadata-based analytics Deep inspection of core infrastructure Deep inspection of databases Hundreds of content-based analytics Trained on thousands of variants Tested against millions of datasets Continual feedback from customer data 99.99% confidence

26. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. AI-Powered Data Analysis Unmatched Insight into Enterprise Data Subscription Services i.e. VirusTotal Academia Global Research Dark Web Anonymized Customer Data AI Powered Machine Learning Machine Learning Training Millions Analytics Input Detect with 99.99% Confidence Metadata File or Database Header Content

27. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. CyberSense: AI-Powered Analytics Engine 200+ Metadata & Content Analytics Indicative of Ransomware Corruption Compare How Data Changes Over Time Millions of Analytics Data Points Generated Input to AI Based Machine Learning Trained on Thousands of Variants Alerts Generated with 99.99% Confidence Metadata Databases Metadata Files Header Content

28. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. AlphaLocker: Content Based Analytics Required Strong Encryption Maintaining Original File Name Pre-Attack Version Last good version 01 Post-Attack Version Corrupted file 02 Metadata Intact File Name/Ext File Size Content Changed File Header Entropy/Encryption

29. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. CyberSense Analytics for Databases Metadata: Types the file and validates the extension SAP Hana, Oracle, SQL, DB2, Epic, Iris, etc. Integrity: Validates structure based on the type of database Validates page signatures in the allocation map; validates header; and more Content: Validates page headers. Identifies pages found corrupted/encrypted Compares page entropy, similarity and signatures vs previous version

30. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Database Attack Profile Detected: • Database Page Corruption • Validation of content, not just the file! • Post Infection: Random encryption/corruption at various offsets in dbase • Header intact and able to type the dbase • Page header validation fails on number of pages • Alerts generated at the file level without ML

31. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. CyberSense Workflow Analytics, Machine Learning and Forensic Tools to Detect & Recover from Cyber Attacks

32. Copyright 2023. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Post Attack Dashboard Intuitive Post Attack Workflow Alerts organized by severity New details on suspect corruption Customizable, dynamic charts to drill down into details of the attack List of corrupted files that can be downloaded

33. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Smarter Recovery Detect Corruption CyberSense Alert Partner Dashboard CR Dashboard Email Alert Syslog (CEF) SIEM / SOAR (ie. Splunk) Integrate with security workflow Detect corruption within a backup cycle

34. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Smarter Recovery Investigate The who, what, where & when of the attack

35. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Smarter Recovery Recover Report on last good backups to quickly recover

36. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. V8.6 Update Released 2Q24 • Updated Alerts Page • Includes all infection-found and new threshold alerts • Intuitive dashboard to analyze current and previous alerts

37. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. V8.6 Update • NEW Hosts page allows users to view status of selected hosts and indicates daily activity with intuitive graphs • New Threshold Feature • Proactively monitor changed files, file types, deleted files, and entropy • Detect unusual modifications from bad actors or insider threats • CyberSensitivity Index – indicator of malicious activity • Thresholds based on metadata AND content changes

38. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. V8.6 Update • NEW Backups page displays all jobs for each host analyzed by a CyberSense server • Easily view the status of any backup analyzed by CyberSense • Simple workflow, just click the alert to drill down into any reported issues

39. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. V8.6 Update New Advanced Thresholds • Define targeted thresholds and alert if exceeded during analysis • Alert on changes in entropy, additions/deletions, changed files, changed type, and more • Example Use Cases: • Honeypots or Decoys: create folder (ie. Passwords or Payroll) and alert when files are modified • Sentinel Files: Monitor key folders (ie. custom applications) and detect when changes (ie. encryption of a file) occurs

40. CyberSense Demo

41. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. CyberSense 8.7: Smarter, Faster Recovery Data Integrity reporting • Shows organizations the amount of data scanned and what is normal for their environment. • Provide confidence that data is free from corruption Simplified Signature Search • Search for an MD5 signature from the modern CyberSense UI, streamlining recovery • Supports scanning of 10,000 signatures Modernized Post-Attack Workflow • Post attack analysis/troubleshooting via CyberSense UI Faster UI • Supports larger data environments Expanded support: • Including Oracle Tablespace Encryption (TSE), SUSE 15 in AWS Roadmap: Not for Publication, Subject to Change.

42. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Releasing native orchestration engine - powered by a new pluggable framework. • Empowers quicker onboarding of partners, system integrators and independent projects outside of OEM relationships. o user-friendly GUI interface with a “Wizard” workflow o REST API for programmatic operation and automation. • CyberSense custom plug-in modules library o Interacts with various primary and secondary storage products o Initiate replication and export snapshots Partner Orchestration Plugin Not for Publication Subject to Change

43. Operational Impact of CyberSense

44. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Operational Impact: Faster Recovery • 80% reduction in hours spent on recovery • 75% reduction in downtime

45. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Details Entropy Databases Content Analysis of backup compression rates is not enough, must support detection of low impact encryption. Databases are targets of ransomware and must be analyzed to validate their integrity. Thorough and comprehensive content inspection of data is essential for uncovering hidden corruption. Access to detailed insights into the specific corrupted content is crucial to facilitate a curated restoration processes and minimize data loss. Operational Impact: Deep Forensic Assessment

46. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Operational Impact: Curated Recovery to Minimize Data Loss Alert on Recent Backup Infection Found List of Corrupted Files for Curated Recovery

47. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Operational Impact: Telemetry Data for Security Utilize behavioral analytics tools to proactively stop similar malicious activity Analyze network traffic prior to corruption Import to SIEM/SOAR for analysis Export CyberSense Telemetry data. Time/day of corruption, file location/IP/Server , etc.

48. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. Customer Success Dodge County Government University of Miami Gilbert Arizona Government Centre Leon Berard "The CyberSense reports are checked daily. I look for green and red; if no red, we are good to go. The ability to check for anomalies without having to inflate the backups was huge!" "This complete solution supports our university’s mission and goals for a safe, simplified and more cyber-resilient environment.” "CyberSense provides us that single point of reference to truly understand the current state of our data and know that we’re protected. It definitely enables us to get a good night’s sleep!" "Thanks to operational air gaps, golden copies and CyberSense analytics, the Centre is equipped to rapidly respond to cyberattacks and recover compromised data with ease"

49. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. "CyberSense is a pivotal tool for enhancing cybersecurity resilience, offering advanced ransomware detection and smart recovery solutions. Its innovative approach anticipates the complexities of cyber threats and offers a streamlined, intelligent recovery process. - Darrel Kent, GigaOm CTO. Analyst Validation "With comprehensive file monitoring, trained models that learn to sense malware and user activity, and robust integrations that allow for all of this at scale, CyberSense has proven to be an asset in the fight to maintain data integrity.” - Matt Bromiley, SANS Institute. "Knowing whether data has been tampered with, what data has been corrupted, and when that corruption happened are integral to rapid, curated recovery from cyberattacks." - Phil Goodwin, IDC. While most ransomware analytics tools in use in data protection environments focus on inspecting file metadata, CyberSense goes a step further, inspecting the content of files. This is a differentiator because ransomware variants are evolving to only encrypt part of the file in order to avoid detection. Intermittent and partial encryption falls behind the threshold analysis that is used by most tools to indicate potentially malicious activity. - Krista Macomber, Futurum Group

50. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. CyberSense Partner Deployments (June 2024) Data Domain Storage With Supported Backups from Networker/Avamar/PPDM/Commvault/ NetBackup/Spectrum Protect IBM Safeguarded Flash Storage With Storage Defender (Copy Data Manager Recovery and CyberSense) InfiniBox & InfiniBox SSA With InfiniSafe Cyber Detection (Immutable Snapshots, Logical/Remote Air Gap, Fenced Forensics (CyberSense), Near Instant Restore) Data Center Backup Workloads Cyber Recovery Vault Automated Air Gap Monitoring & Reporting Data Center Production Data Safeguarded Snapshots 09:00 12:00 15:00 18:00 ✅ Monitoring & Reporting Recovery Data Center Production Data InfiniSafe Snapshots 09:00 12:00 15:00 18:00 ✅ Monitoring & Reporting

51. Copyright 2024. All rights reserved. Index Engines Inc. CyberSense is

    a registered trademark of Index Engines Inc. 100% Partner-Lead Sales • Various pricing models • Priced per TB of data analyzed. • Sold in 1,3 and,5-year terms. CyberSense Pricing

52. CyberSense: Recover Smarter The only AI powered analytics engine capable

    of detecting data corruption with 99.99% accuracy