rvlsoft - Fotolia

Index Engines hones CyberSense for backup data protection

CyberSense uses full content analysis and machine learning to detect a potential ransomware attack. Version 7.5 features better performance and more workload support.

As ransomware and other cyber attacks continue to wreak havoc among organizations big and small, Index Engines is hoping its CyberSense product can serve as a "last line of defense" for backup data.

Updates launched Tuesday in the CyberSense ransomware detection and recovery software include improved throughput, new database support and aggregation to a central cloud repository. 

Index Engines' CyberSense scans backup data to check integrity, monitors files for changes suggestive of cyber attacks, and provides forensic reporting to diagnose and recover from corruption. 

"Organizations are a lot more vulnerable," said Jim McGann, vice president of marketing and business development at Index Engines.

Cybersecurity is a liability with many employees across the world working from home. In addition, in the last couple of years, ransomware infecting backups has trended up.

Scanning backups for ransomware is critical to ensuring that the data is safe, said Christophe Bertrand, senior analyst at Enterprise Strategy Group.

"Every organization should be doing this," Bertrand said.

Screenshot of Index Engines' CyberSenseproduct
CyberSense, the ransomware detection and recovery tool from Index Engines, scans backups for data integrity.

How CyberSense ransomware detection works

The volume and sophistication of attacks enables some to circumvent real-time ransomware protection, thus CyberSense provides that "last line of defense," McGann said.

Index Engines, based in Holmdel, N.J., claims hundreds of customers use CyberSense, which launched in 2018.

CyberSense uses content-based analytics and machine learning to detect an attack. If the product identifies a potential attack, it provides forensic tools to diagnose and recover, including reports on files affected so an organization can replace them with the last known good version. CyberSense gives the attack vector as well as a listing of manipulated files.

Every organization should be doing this.
Christophe BertrandSenior analyst, Enterprise Strategy Group

The full content analysis is a differentiator, Bertrand said. Protection that just reviews metadata can miss some attacks.

"Cybercriminals can be very creative," Bertrand said.

CyberSense scans inside files and databases to detect signs of corruption caused by ransomware. When the product sees a new backup image, it generates statistics from that scan and compares them to previous scans. The product's machine learning then helps determine the data's integrity.

The 7.5 release increased data throughput for backup image analysis, including VM backups. Increased parallelism helps to quickly determine if the product already analyzed a file within the backup.

"A lot of our focus on development is around speed and performance," McGann said.

CyberSense analytics and integrity validation support new database workloads, including SAP HANA and the Microsoft Extensible Storage Engine. The SAP HANA support is a solid addition because it's mission-critical, Bertrand said. 

In addition, the updated CyberSense can aggregate statistics into a central cloud repository. The latest version of the CyberSense machine learning analyzes those statistics.

CyberSense's analysis is tuned to avoid false positives, McGann said.

How Index Engines fits in the market

Index Engines, founded in 2004, provides an indexing platform across primary and backup storage environments.

The vendor's CyberSense targets a range of organizations, from a school system that's using it for 1 TB to customers performing analytics on petabytes of data, McGann said.

CyberSense is integrated with Dell EMC PowerProtect Cyber Recovery. It's also offered by Commvault, Veritas NetBackup and IBM Spectrum Protect. Pricing is based on capacity. 

Bertrand said Index Engines' relationships are already impressive, and they should continue to strengthen them as well as add partners.

"They are in a space that is very prolific in terms of problems people have to solve," Bertrand said. "It's a good time to be in the space, unfortunately."

McGann cited Rubrik as the only other vendor performing content-based analytics like Index Engines. Future updates to CyberSense could include support for more databases and backup formats, as well as improvements in scale, McGann said.

Bertrand said he expects more cyber-resilience products focused on backup to hit the market.

"It's a great way to protect the protector," he said.

Next Steps

Dell draws line between cyber recovery and disaster recovery

 Index Engines' customized alerts aim at detecting bad actors

Dig Deeper on Data backup security

Disaster Recovery