CyberSense for Dell EMC Cyber Recovery
Given that real time protection solutions are not 100% effective, data that is protected in the Cyber Recovery vault may have already been attacked. Adding CyberSense analytics to the Dell EMC Cyber Recovery vault allows for the discovery of these corrupt files so they can be replaced with the last know good version.
CyberSense is fully integrated with the Dell EMC’s Cyber Recovery solution for ransomware protection. Dell EMC leverages the backup workflow to copy and secure critical business records in an isolated vault using backup software such as Networker and Avamar.
Once data is replicated to the vault CyberSense scans the backup image and generates analytics, without the need for the original backup software in the vault. Analytics look inside the files and databases to uncover unusual behavior that is indicative of a cyber-attack. This includes file corruption, encryption of files or pages in a database, or deletions and creations.
The statistics are then analyzed using machine learning algorithms that have been trained on the latest ransomware threats to make a deterministic decision on whether the data has been attacked. If an attack has occurred and data corrupted, CyberSense delivers forensic tools to find the corrupt files, report on the user account that caused the corruption, so this account can be locked, and also will report on the application that made the changes to the file. With these forensic tools you can recover and diagnose a ransomware attack and replace corrupted files with the last good copy.
Together these solutions provide a secure and powerful solution against ransomware attacks. If an attack does get past the real time defenses, and corrupts files or databases, CyberSense can detect it quickly and within a backup cycle the last good copy of the data can be retrieved.
This enables business operations to continue without any interruption and cyberattacks to be thwarted quickly and painlessly.
Key Features and Benefits
CyberSense delivers a unique approach by looking inside data to determine if it has been attacked. Key advantages include: