Superna Eyeglass® Ransomware Defender

Feature Summary

Ransomware Defender is a highly scalable real-time event processing solution, it provides User Behavior Analytics to detect and halt a Ransomware attack on business critical data stored on Dell EMC Isilon storage arrays. Read the Dell EMC Solution Brief.

This add-on for Superna Eyeglass DR edition offers a last line of defense to critical data with real-time monitoring of user file access behaviors to detect Ransomware events. Active defenses enable lockout of users per SMB share (or NFS) across all managed clusters, providing a rapid response to protect data.

Now Available - The only integrated AirGap 2.0 solution for Intelligent 3rd Copy Data Protection automation with Virtual AirGap or Physical AirGap. 


Ransomware Defender integrates AirGap Cyber Vault capabilities with the ability to suspend data copy operations automatically when the source data is under threat.    This offers the industries fastest Rapid recover mode eliminates days and weeks of restoring data from the vault devices that would be experienced by typical backup solutions.    Superna's  Rapid Recovery allows the off line data to be usable in < 2 hours regardless of the size of the data set protected.  The repaid recovery also restores SMB and NFS share definitions

  1. Automates the AirGap open close automatically​
  2. Smart AirGap only copies data when it's safe to do so based on monitoring suspicious user activity

  3. Manages the offline cluster in-band eliminating the need for insecure management networks, proxy alarms ensures the AirGap vault cluster's vitals are monitored and any hardware alerts are proxied forwarded to ensure the vault device is healthy at all times.

  4. Automates Reporting on AirGapped data with daily summary of all copied data, monitoring your AirGap copy process automatically

  1. Stops Ransomware real-time across all managed clusters

  2. User behavior based detection

  3. Honeypot file solution offers protection from any type Ransomware regardless of how it attacks data

  4. Integrated AirGap Data replication management, monitoring and repaid data recovery.

  5. Monitor Isilon audit logs for file activity related to Ransomware attacks

  6. Security Guard Feature - Simulated Ransomware attack validates response actions to an attack are functioning as expected with alerts to administrators to ensure all security components are ready and tested daily.

  7. Detects user path, file and share, IP address where the attack originated, captures last hour of user activity before the attack. To assist with recovery.

  8. Customizable rules engine to tune false positives including self learning mode allowing administrators to flag as false positive to train the detection engine.

  9. Integrated with automated DR Failover for Recovery

  10. Administrator alerts, logging on suspicious activity

  11. Active Defense:

    1. Lockout users from shares real-time or delayed 

    2. Timed Auto lockout rules if administrator not available to review a security incident

    3. Automatic Escalated response if multiple infections detected in parallel (massive attack on multiple user infection) 

  12. Whitelist support file system path, user account or source ip address ranges

  13. Distributed processing and centralized rules and decision actions with Agents colocated with cluster and centralized Superna Eyeglass® appliance for actions

  14. Active, Active, Active 3 node cluster highly available security event processing

  15. Multi cluster aware monitoring -- detect on one cluster lockout on all clusters globally

What does Real-time Reponse Mean? 

Its important to understand what Real-time response means and how Ransomware Defender stands out from legacy file audit platforms.

Ransomware Defender Sets the Bar for Real-time Event processing

  1. Availability: 3 nodes with survival of a process or complete node failure and continue to process incoming events

  2. Load Sharing: Support incoming events and ensure each node is actively processing incoming events

  3. Rebalancing: Under heavy load or failure conditions ensure events are redistributed between surviving nodes

  4. Active Cluster: Each node is capable of independent event processing and analytics

  5. Scalability: For large enterprise environments, scaling all Real-time functions is required. Ransomware Defender is built on big data technologies that operate at scale using the compute and storage node concept. For example HADOOP clusters

  6. Eliminate Ingestion: Multi stage ingestion platforms with store, process, transform and relate data architectures are not able to perform these functions at the same time. These legacy platforms serialize these steps which eliminates real-time processing and analytics potential. Ransomware Defender eliminates the ingestion phase and operates analytics at memory and CPU speeds using a parallel architecture throughout.