Superna Eyeglass® Ransomware Defender

Feature Summary

Ransomware Defender is a highly scalable real-time event processing solution, it provides User Behavior Analytics to detect and halt a Ransomware attack on business critical data stored on Dell EMC Isilon storage arrays. Read the Dell EMC Solution Brief.

This add-on for Superna Eyeglass DR edition offers a last line of defense to critical data with real-time monitoring of user file access behaviors to detect Ransomware events. Active defenses enable lockout of users per SMB share across all managed clusters, providing a rapid response to protect data.

Coming Soon AirGap 2.0 for Intelligent 3rd Copy Data Protection automation with Virtual AirGap or Physical AirGap 

  1. Stops Ransomware real-time across all managed clusters

  2. User behavior based detection 

  3. Monitor Isilon audit logs for file activity related to Ransomware attacks

  4. Security Guard Feature - Simulated Ransomware attack validates response actions to an attack are functioning as expected with alerts to administrators to ensure all security components are ready and tested daily.

  5. Detects user path, file and share, IP address where the attack originated, captures last hour of user activity before the attack. To assist with recovery.

  6. Customizable rules engine to tune false positives

  7. Integrated with automated DR Failover for Recovery

  8. Administrator alerts, logging on suspicious activity

  9. Active Defense:

    1. Lockout users from shares real-time or delayed 

    2. Timed Auto lockout rules if administrator not available to review a security incident

    3. Automatic Escalated response if multiple infections detected in parallel (massive attack on multiple user infection) 

  10. Whitelist support file system path, user account or source ip address ranges

  11. Distributed processing and centralized rules and decision actions with Agents colocated with cluster and centralized Superna Eyeglass® appliance for actions

  12. Active, Active, Active 3 node cluster highly available security event processing

  13. Multi cluster aware monitoring -- detect on one cluster lockout on all clusters globally

What does Real-time Reponse Mean? 

Its important to understand what Real-time response means and how Ransomware Defender stands out from legacy file audit platforms.

Ransomware Defender Sets the Bar for Real-time Event processing

  1. Availability: 3 nodes with survival of a process or complete node failure and continue to process incoming events

  2. Load Sharing: Support incoming events and ensure each node is actively processing incoming events

  3. Rebalancing: Under heavy load or failure conditions ensure events are redistributed between surviving nodes

  4. Active Cluster: Each node is capable of independent event processing and analytics

  5. Scalability: For large enterprise environments, scaling all Real-time functions is required. Ransomware Defender is built on big data technologies that operate at scale using the compute and storage node concept. For example HADOOP clusters

  6. Eliminate Ingestion: Multi stage ingestion platforms with store, process, transform and relate data architectures are not able to perform these functions at the same time. These legacy platforms serialize these steps which eliminates real-time processing and analytics potential. Ransomware Defender eliminates the ingestion phase and operates analytics at memory and CPU speeds using a parallel architecture throughout.