Superna Eyeglass® Ransomware Defender Feature list

​Release 2.5.7 Ransomware Defender 

  1. AirGap 2.0 - A complete solution to protect your data with protractive behavior monitoring of the source data access combined with Smart AirGap technology to manage SyncIQ policy replication to a 3rd AirGap Isilon.

  2. Smart AirGap is unique solution to Ransomware Defender that suspends copy operations when an active threat to your data is detected.  Unlike other solutions that will copy encrypted data to the offline copy.

  3. Ransomeware Defender manages the AirGapped Isilon in-band  over the replication network ensuring your isolated Isilon is never exposed on your network.

  4. Automated AirGap Management ensures the AirGap is open and closed automatically before and after SyncIQ block level incremental copies complete.  Fastest AirGap solution allows your 3rd copy to be an hour behind production.  Not days like other solutions.  

  5. Virtual AirGap manages the network to ensure your data is offline and not accessible over the network when no data sync's are in progress.

  6. New Behavior detections expands behavior analysis combined with honeypot and managed banned list of 2500+ extensions provides the highest level of data protection.

  7. Support for Authenticated User SMB Share permissions will now lock on shares that grant access to users using this well known AD group.

  8. Major Feature Updates

    1. Learning Mode.  Automates the process of monitoring user behavior and apply settings needed to adjust settings needed.  This will manage user behaviors and extension based detections from the banned list of files.​

    2. Monitor mode by user, path or IP address.  Removes the need to whitelist and allows monitor mode applied to a path, IP address or an AD user name.  This retains detection, and snapshots without any lockout.   This provides new method that will replace whitelisting in most cases.

    3. Updated threat detector settings for user behavior detection - new detection vector

    4. Banned file list versioning 

      1. Multiple file versions allows transitioning to a new file version with latest extensions or roll back to a previous version​

    5. Banned file hosted in a new location compatible with phone home URL's​

      1. Eyeglass deployments that use phone home will now be able to leverage phone home url to retrieve the banned list to simplify firewall and url white listing.​

    6. Allowed File Extension List Redesigned to File Filter Feature

      1. The Banned file list is now managed get by Eyeglass and not the ECA.  This means proxy and phone home will allow retrieving the updated dated file list from the Internet.​

      2. Now all banned files are displayed with a searchable interface.  Each file can be enabled, disabled or monitor mode status.

      3. Ability to add custom file extensions is supported.

      4. CLI command to convert whitelist entries to new monitor mode settings.

    7. Dual Vector Warning detection - A new behavioral detection option looks for different behaviors within the Warning severity.  This new option will add one additional pattern of suspicious user activity that is designed to ignore spikes in user detection signals and provides a new analysis vector on user IO behavior to generate warnings.

Key Features previous releases:

  1. No HDFS needed!!!! We have redesigned Ransomware Defender to no longer needed HDFS. Easier to install with fewer dependancies

  2. New GUI for flag as false positive to view users that have been flagged and reset the a user to factor default detection settings

  3. Allow file list add UI for whitelisting files on the dynamic extension list

  4. SIEM Integration - audit data real-time syslog forwarding