Post-Attack Incident Response
Faster Recovery. Less downtime. More Peace of Mind. Index Engines' CyberSense directly scans data in backup images to report on corruption due to a ransomware attack. This provides incident response vendors with a solution that eliminates the clean room/restore process and finds the last good data efficiently so it can be restored, getting businesses back up and running in days, not months.
These solutions are best implemented by a service provider. Contact Us to find one or become a partner.
Index Engines' CyberSense scans files and databases in backup images, allowing for point-in-time observations of the data so you can find the last good version of files and databases to restore in order to minimize business interruption.
All analysis with Index Engines is performed on the backup image without the need to restore the data, saving significant time and resources.
Many attacks happen over time. Some slow, some fast. However, at some point in time a backup exists that contains clean, pre-attack data. This “good” data would be typically spread across multiple backup sets that occur over a series of days, even weeks. The challenge is how to find the good backups quickly and with confidence.
A common practice to recover from an attack is to create a clean room environment. This clean room would consist of a large storage environment, where backups would be restored and isolated. Once the data is restored, which could easily amount to hundreds of TBs or even PBs, it must be audited for integrity. Using tools to check if data has been corrupted, encrypted or modified in any way due to malware, each file must be reviewed. Once this time consuming and expensive process if complete, the data that was determined to be “good” can be restored into production.
This process requires significant resources.
CyberSense is based on unique technology that directly indexes data in backup images without the need for the original software. CyberSense supports disk-based and tape-based backup images created using Dell EMC Networker/Avamar, Veritas NetBackup, IBM Spectrum Protect/TSM, and Commvault and others coming soon. As backups are scanned, CyberSense checks the integrity of the files, databases, and even critical rebuild materials (AD, DNS, LDAP, etc.).
Using the recent backup images CyberSense can go back in time and create a view into how the data has changed. Using analytics, the data can be scanned to find corruption, encryption and deletion due to a cyberattack. Once CyberSense determines the data is “good” within a specific backup set, this data can be restored in the production environment in order to avoid business interruption.