Superna Eyeglass® Ransomware Defender

Feature Summary

  1. Ransomware Defender is a highly scalable real-time event processing solution, it provides User Behavior Analytics to detect and halt a Ransomware attack on business critical data stored on Dell EMC Isilon storage arrays. Read the Dell EMC Solution Brief.

  2. Dell and Superna offer this solution to many industry verticals including Healthcare to solve compliance requirements.   Read the White paper that covers how Dell Powerscale and Superna suite of products can address data security requirements. Click here to read about the Dell Healthcare Solution with Superna

  3. Ransomware Defender for Dell ECS enables the only S3 object real time security product.   Single pane of glass to monitor and protect File and object data. 

 

This add-on for Superna Eyeglass DR edition offers a last line of defense to critical data with real-time monitoring of user file access behaviors to detect Ransomware events. Active defenses enable lockout of users per SMB share (or NFS) or S3 Object data across all managed clusters, providing a rapid response to protect data.

  1. Object Data Protection for Dell ECS - Ransomware Defender for Object brings the first file and object protection platform for unstructured data

    1. Real-time protection for Dell ECS and Isilon/PowerScale provides a single pane of glass to detect, alert, lockout and protect data regardless of where it is stored.

    2. No other solution offers file and object  protection in a single product

    3. File data moved to object format still requires protection​

    4. Protect GeoDrive user data

  2. Now Available - The only integrated AirGap 2.0 solution for Intelligent 3rd Copy Data Protection automation with Virtual AirGap and Inside Vault product option. 

  3. Inside the Vault automation with new licensed solution that offers increased security and automation.

Overview

Ransomware Defender integrates AirGap Cyber Vault capabilities with the ability to suspend data copy operations automatically when the source data is under threat.    This offers the industries fastest Rapid recover mode eliminates days and weeks of restoring data from the vault devices that would be experienced by typical backup solutions.    Superna's  Rapid Recovery allows the off line data to be usable in < 2 hours regardless of the size of the data set protected.  The repaid recovery also restores SMB and NFS share definitions

  1. Automates the AirGap open close automatically​
  2. Smart AirGap only copies data when it's safe to do so based on monitoring suspicious user activity

  3. Manages the offline cluster in-band eliminating the need for insecure management networks, proxy alarms ensures the AirGap vault cluster's vitals are monitored and any hardware alerts are proxied forwarded to ensure the vault device is healthy at all times.

  4. Automates Reporting on AirGapped data with daily summary of all copied data, monitoring your AirGap copy process automatically

  1. File and object protection

  2. Fully automated with Learning mode - customizes settings based on monitoring user IO patterns

  3. Stops Ransomware real-time across all managed clusters

  4. User behavior based detection

  5. Honeypot file solution offers protection from any type Ransomware regardless of how it attacks data

  6. Integrated AirGap Data replication management, monitoring and repaid data recovery.

  7. Monitor Isilon audit logs for file activity related to Ransomware attacks

  8. Security Guard Feature - Simulated Ransomware attack validates response actions to an attack are functioning as expected with alerts sent to administrators to ensure all security components are ready and tested daily.

  9. Detects user path, file and share, IP address where the attack originated, captures last hour of user activity before the attack. To assist with recovery.

  10. Customizable rules engine to tune false positives including self learning mode allowing administrators to flag as false positive to train the detection engine.

  11. Administrator alerts, logging on suspicious activity

  12. Active Defense:

    1. Lockout users from shares real-time or delayed 

    2. Timed Auto lockout rules if administrator not available to review a security incident

    3. Automatic Escalated response if multiple infections detected in parallel (massive attack on multiple user infection) 

  13. Whitelist support file system path, user account or source ip address ranges

  14. Distributed processing and centralized rules and decision actions with Agents colocated with cluster and centralized Superna Eyeglass® appliance for actions

  15. Active, Active, Active 3 node cluster highly available security event processing

  16. Multi cluster aware monitoring -- detect on one cluster lockout on all clusters globally

airgap 2.0 ransomware defender.jpg
Ransomoware Defender NIST .png

What does Real-time Reponse Mean? 

Its important to understand what Real-time response means and how Ransomware Defender stands out from legacy file audit platforms.

Ransomware Defender Sets the Bar for Real-time Event processing

  1. Availability: 3 nodes with survival of a process or complete node failure and continue to process incoming events

  2. Load Sharing: Support incoming events and ensure each node is actively processing incoming events

  3. Rebalancing: Under heavy load or failure conditions ensure events are redistributed between surviving nodes

  4. Active Cluster: Each node is capable of independent event processing and analytics

  5. Scalability: For large enterprise environments, scaling all Real-time functions is required. Ransomware Defender is built on big data technologies that operate at scale using the compute and storage node concept. For example HADOOP clusters

  6. Eliminate Ingestion: Multi stage ingestion platforms with store, process, transform and relate data architectures are not able to perform these functions at the same time. These legacy platforms serialize these steps which eliminates real-time processing and analytics potential. Ransomware Defender eliminates the ingestion phase and operates analytics at memory and CPU speeds using a parallel architecture throughout.

planning-and-design-img0001.png