Getty Images

Index Engines' customized alerts aim at detecting bad actors

Index Engines' latest CyberSense observability software update features a new cloud console and user-controlled alerts to combat ransomware infections and cybercriminals.

The latest update to Index Engines' CyberSense enables IT admins to determine just how taut their digital tripwires should be before sounding the alarm.

CyberSense 8.6, now available, introduces anomalous detection thresholds through its CyberSensitivity Index (CSI), a machine learning capability used to detect rogue behavior or data. In the Advanced Threshold Alerts feature, users can customize what level of behavior dictates an alert or admin flag, enabling higher sensitivity for important versus less critical data sets.

The 8.6 update surfaces the CSI in a new console interface, which is available as an integration through partner offerings. This console includes Advanced Threshold Alerts, enabling customers to track changes to individual files and create digital traps or decoys for potential ransomware infections.

The decoys, commonly called honeypots, are a useful tool to help pick up on malware infections within backups and even within active storage data, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group.

The signatures and patterns of modern ransomware attacks are malleable, so capturing a sample of what IT security teams could be up against is a useful preparation tactic, he said.

[Cybersecurity is] a constant cycle of scanning everything, building intelligence [and] determining what's happening with the data.
Christophe BertrandAnalyst, Enterprise Strategy Group

"[Cybersecurity] has so many dimensions, so it's an interesting component to have in your cyber toolkit," Bertrand said. "It's a constant cycle of scanning everything, building intelligence [and] determining what's happening with the data."

CSI: Data center edition

Index Engines sees this latest update bolstering observability and detection capabilities exclusively, without other features such as backup or data management diluting focus, said Jim McGann, vice president of strategic partnerships at Index Engines.

Data backup platforms leaning into security such as Veeam, Rubrik and Cohesity are taking the wrong approach, McGann said. One platform cannot fully prevent attacks and guarantee recovery. Instead, individual components for specific needs can better serve those customers, he added.

"A company could be spending billions of dollars on prevention, but [hackers are] going to get in," McGann said. "The bad actors are getting smart. They're getting good at hiding their footprints."

Index Engines alerts admins to abnormal usage patterns or behavior of data against the past 30 days, but with the 8.6 update, IT admins can now set the alert threshold higher or lower for certain data sets without needing to contact support. Previously, the alerts were set to trigger an alert when about 50% of the data changed or when higher than usual activity levels were detected in that 30-day time frame.

Admins creating honeypots can also set traps of decoy data to have specific characteristics that might be alluring to malware or bad internal actors. The new dashboard, meanwhile, enables customers to review what data the CyberSense platform is currently observing and the metrics it's tracking, such as levels of infection and last backup times.

CyberSense is sold either as a bundled service or as a white-label offering through partners including Dell Technologies, IBM and Infinidat. The company has about 1,400 customers, according to McGann.

Network syndication

Honeypots have become a popular cybersecurity tool, especially among backup vendors, as ransomware remains top of mind for the enterprise, according to Krista Macomber, an analyst at Futurum Group.

Commvault's ThreatWise detection software, added after the company acquired TrapX in 2022, offers a similar feature, and AWS provides its own honeypot capability in hundreds of services, she said.

"I am seeing honeypots be most effective when integrated into the broader data or infrastructure security tool set," Macomber said.

Unlike other detection vendor technologies, the CyberSense platform provides a confidence rate in detecting anomalous behavior, she said. It also offers tools to inspect the contents of the files for changes, which is uncommon in the space. Most vendors focus on metadata analysis only, she noted.

Although the vendor limits sales through partners, both Macomber and Bertrand said that since its start in 2003, Index Engines has been an established player in the data backup space. The company's products need to evolve to keep attracting more partners, Bertrand said.

"They've built this solution to play a strong role in cyber resilience," he said. "The next stage for them will be in execution if they can do more with more [technology]."

Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.

Dig Deeper on Data backup security

Disaster Recovery