CyberSense 8.10 brings new capabilities and enhancements to help CyberSense^® users continue to detect and respond to cyberattacks more effectively. This update introduces industry-first features like raw disk corruption detection, enhanced malware identification with custom YARA rules and signatures, and improved access controls.

What's New

Raw Disk Corruption Detection
In addition to encrypting your files and data, ransomware can corrupt the operating system, preventing access to the file system. CyberSense now detects raw disk corruption on virtual machines, an industry first.

• If the file system within a backup or snapshot becomes unreadable, CyberSense will generate an alert, notifying users that the disk may have been encrypted or erased by ransomware.
• In rare cases, file system corruption can be caused by other types of issues, such as a hardware problem or backup failure. By generating an alert, CyberSense ensures immediate investigation to confirm if ransomware was the cause.

Custom Malware Signatures
While CyberSense already analyzes backups against its own database of 4,000+ malware signatures, users can now supply their own signatures, enabling both forward and backward detection of malware in backups.

• Immediately after adding a new signature, CyberSense will search for the signature within both existing and future backups. If a matching signature is identified, it will trigger a “Malware File Detected” alert.

Custom YARA Rules
In addition to signatures, users can also identify malware based on specific patterns using YARA rules, providing users with flexibility in defining malware detection parameters.

• Once added, CyberSense will add these rules to its analysis. Ruleset matches will trigger a “YARA Ruleset Match” alert.
• CyberSense offers an intuitive workflow to add YARA rules either manually or via third-party sources, such as GitHub.

Enhancements & Improvements

Role-Based Access Control (RBAC)
CyberSense 8.10 supports custom roles with custom permissions for more granular control over who can do what within CyberSense.

Threshold Alerts & Visualization
Users can easily configure alerts for specific conditions or changes with a graded alert system, even without a ransomware attack.

• Alerts are configurable by severity level (Critical, High, Medium, Low) for more nuanced monitoring and prioritization of responses to potential issues.
• The “Hosts” page now includes additional graphs that display specific metrics as both percentages and quantities to make it easier to quickly view how metrics (changed files, deleted files, added files) are trending over time.

Delta Block Analysis (DBA) Visualization
As part of 8.10, users can now see the DBA score produced by CyberSense and visualize on a graph how that score changes over time.

• A powerful existing feature in previous versions, DBA optimizes performance by scanning only changed blocks rather than all files on a virtual machine. It uses highly trained ML/AI to detect suspicious activity and perform additional analysis, if necessary. DBA specifically supports Dell backup products (PowerProtect Data Manager, Avamar, NetWorker).

Workload Support
CyberSense 8.10 now provides support for:

• PowerProtect Data Manager 19.18 & 19.19
• Avamar 19.12, Networker 19.12
• Commvault Backup and Recovery 11.36
• NetBackup 10.5, including NetBackup OST (Open Storage Technology)
• Oracle ASM RMAN

User Interface Improvements
The updated UI offers enhanced navigation and settings management, clearer alert notifications, and improved graph visuals for better data interpretation.

Incremental Hardening
Additional security measures have been implemented to strengthen system integrity and resilience.

CyberSense 8.10 offers innovative features and enhancements that empower users to detect and respond to threats more effectively. With industry-first capabilities like raw disk corruption detection, customizable malware signatures, and customizable YARA rules, CyberSense continues to set the standard for comprehensive cyber defense. The improved role-based access control, enhanced alert visualization, and expanded workload support further solidify CyberSense as versatile solution for the recovery of critical data in the face of a ransomware event. As cyber threats evolve, CyberSense 8.10 ensures that customers are equipped with the tools they need to stay ahead and maintain data integrity.