Christophe Bertrand from theCUBE Research discusses Index Engines' product CyberSense with Rob Mossi. CyberSense detects ransomware behavior, alerts customers, and provides tools for recovery. The solution uses AI and machine learning for analysis, with nearly perfect accuracy. It can handle large amounts of data without impact on production. CyberSense offers alerts, reporting, and a dashboard for data integrity. It has been successful in helping customers recover from ransomware attacks and is recommended for enhancing cyber resiliency.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Index Engines on Cyber Resiliency. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Index Engines on Cyber Resiliency
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Index Engines on Cyber Resiliency.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Index Engines on Cyber Resiliency. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Index Engines on Cyber Resiliency
Please sign in with LinkedIn to continue to Index Engines on Cyber Resiliency. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Rob Mossi, Index Engines
Christophe Bertrand from theCUBE Research discusses Index Engines' product CyberSense with Rob Mossi. CyberSense detects ransomware behavior, alerts customers, and provides tools for recovery. The solution uses AI and machine learning for analysis, with nearly perfect accuracy. It can handle large amounts of data without impact on production. CyberSense offers alerts, reporting, and a dashboard for data integrity. It has been successful in helping customers recover from ransomware attacks and is recommended for enhancing cyber resiliency.
Christophe Bertrand from theCUBE Research discusses Index Engines' product CyberSense with Rob Mossi. CyberSense detects ransomware behavior, alerts customers, and provides tools for recovery. The solution uses AI and machine learning for analysis, with nearly perfect accuracy. It can handle large amounts of data without impact on production. CyberSense offers alerts, reporting, and a dashboard for data integrity. It has been successful in helping customers recover from ransomware attacks and is recommended for enhancing cyber resiliency.
>> Hello everyone, and welcome to a new AnalystANGLE. We're going to be talking about cyber resiliency. My name is Christophe Bertrand, I'm a principal analyst at theCUBE Research. I'm joined today by Rob Mossi from Index Engines. Rob, welcome.
Rob Mossi
>> Hi. Thanks, Christophe. Very happy to be here today.
Christophe Bertrand
>> So Rob, let's talk a little bit about who Index Engines is. What is the company about, what do you guys do?
Rob Mossi
>> Well, bottom line, we're about cyber resiliency and cyber recovery. We have a flagship product, CyberSense, that actually detects ransomware behavior, understands the core function of ransomware, and then gives customers the opportunity to be alerted about ransomware infiltration, and then ultimately being able to recover from a ransomware attack.
Christophe Bertrand
>> Well, this is super interesting. This is exactly what I think most of the market needs right now, because cyber resiliency is really an objective, and not an easy one to achieve, that supports not only the business, but beyond, a lot of the economic functions that we want to work in our world.
Rob Mossi
>> Yeah.
Christophe Bertrand
>> So by having the ability to essentially get to the root cause of the problem without impacting production, you're essentially solving a lot of the disruptions that could happen. So can you walk me through some of the things that you do in terms of the feature set? And I know it starts with observation, there's a lot of analysis that happens, you look at hundreds of statistics.
Rob Mossi
>> Yeah.
Christophe Bertrand
>> Can you walk us through quickly what the solution actually does? And then, we'll double click on some of these features, because I think they're very essential to delivering cyber resiliency.
Rob Mossi
>> Yeah, absolutely. So one of the key things that is driving CyberSense is an AI engine. This AI engine has an extensive machine learning background that goes into the training of the AI, and we leverage millions of datasets, some of these datasets even given to us by our customers, genuine customer data. And then, plus, we actually try and test against tens of thousands of actual files, so looking for things, we'll physically change some of those files, and some of those changes are indicative of just general user behavior. Other times, we are actually launching physical ransomware against some of these files and datasets, actually detonating it and creating chaos, if you will, in our own laboratories to get a better understanding of how ransomware works, how it infiltrates particular files, what the behavior is behind some of the different types of ransomware, whether it be polymorphic, that is actually changing files, or even just general slow encryption versus fast encryption of particular files. We're looking for all those particular indicators that are essentially infiltrating datasets, whether it be live on files or within backup sets of data, to get a better understanding of how ransomware really works, how it proliferates, and then ultimately, how to identify it.
Christophe Bertrand
>> This is very interesting, because yes, you're leveraging essentially snapshots and backups, so you're not in production, you're not slowing anything down. Obviously, you can handle petabytes of data here, and you've trained the model over time and across a lot of scenarios. So what it does, based on what I've seen in some of the reports that have been published about your solution, is you're close to 100% detection, 99.99%, and I think that's very impressive.
Rob Mossi
>> Yeah, we can't claim that 100% yet.
Christophe Bertrand
>> I understand. And I think, unfortunately, things keep evolving all the time, so it's probably hard to get there, but 99.99%, I'll take any day-
Rob Mossi
>> Right....
Christophe Bertrand
>> as .
Rob Mossi
>> Absolutely. And part of the magic behind that is really because we're looking down to the binary levels of each files, we're indexing at the byte level of every single file that we are examining. We basically crunch each file, we're looking for those changes, again, that are indicative more so of ransomware and less so of just somebody doing something every day, whether that be renaming a file or just general user behavior. But when something happens physically to the file, that's when we become alerted, that's when we start to raise hairs and create alerts for our customers. And one of the really special things about that four nines of accuracy is our minimal amount of false positives and false negatives. So we're not sending people on wild goose chases, looking for something that is minor, we're able to determine whether or not the alerts are real, so when an alert is triggered, somebody knows that there is action that actually has to take place.
Christophe Bertrand
>> Right. And I want to talk about that, because you can literally estimate a blast radius, which I think is very key, and therefore, by having the ability to do all that work, detect the problem, understand the blast radius, understand essentially, you're doing all of that, but it's not happening in production. And you can then feed that back to the security ops teams, or other teams, to really go fix the issue in production, or find a good copy of a backup that can restore the environment.
Rob Mossi
>> Right.
Christophe Bertrand
>> I think you also look at configuration files and you look at a lot of infrastructure components, not just Word documents and PowerPoints, right?
Rob Mossi
>> Yeah, absolutely. So let me try and dissect that question a little bit, there was a lot there to unpack, and feel free to steer me back if I'm missing any key points. The way we look at cyber resiliency and cyber recovery, it's absolutely a team sport. So to understand the blast radius is critical, so we have forensic reporting that will actually identify how deep, where the attack occurred, where it may have originated, how extensive the attack has gone, what may still be lying in wait within a particular, whether it be a backup or a snapshot or even on production storage. So we have that capability to immediately isolate where the damage has been extended to, and then, really, that gives our customers the ability to start working on the solution.
Christophe Bertrand
>> So Rob, let's talk about the alerting, which you have automated in the solution, and how you can report back on what's going on, and maybe give us a couple of customer examples of what happened, what you've observed.
Rob Mossi
>> Absolutely. So what it really boils down to, and I'm a little remiss I didn't mention this earlier, CyberSense really focuses on data integrity, and in part of our alerting structure, we have something that's called the data integrity dashboard. And within this dashboard, it gives a great picture of what's happening on a daily basis, and it also is a home base for any type of alerts or anything that may have been triggered within a customer account. If you see that, then we know that things need to go into action, whether a resiliency plan needs to take place, we give them the forensic detail of the attack, as I outlined a little bit earlier, giving them the blast radius, where the attack has been, and then we start to outline where they can go to find data with integrity, so trusted data at that point.
Christophe Bertrand
>> Right.
Rob Mossi
>> So... Yeah, go ahead.
Christophe Bertrand
>> Yeah, I was going to say, that's actually very, very key, because what you're doing is actually you're serving multiple masters here, but in a good way.
Rob Mossi
>> Right.
Christophe Bertrand
>> Number one, what I'm hearing is that obviously you've understood at that point what's happened.
Rob Mossi
>> Correct.
Christophe Bertrand
>> So we understand the nature of the problem, the surface of attack, the blast radius, et cetera. And that's also another important point from a compliance standpoint, in some cases, when an attack happens, or has happened, you have to report back to authorities, and certainly you have some level of compliance or governance inside your own organization, so the dimension here of compliance has to be noted. And then, the other point that's important is one that has to do with recoverability. It's not disaster recovery, this is a very different animal, or it's a special form of disaster recovery.
Rob Mossi
>> Right.
Christophe Bertrand
>> What you're allowing people to do, if I hear you correctly, is to be empowered to identify the good data that they can recover-
Rob Mossi
>> Correct....
Christophe Bertrand
>> back to, or recover from, depending on what the processes that they use. And I think that's very, very powerful, because it really covers a wide variety of not only use cases, but also potential issues. Maybe you could give us, if you have a quick example of a customer that's used this solution.
Rob Mossi
>> Just to expand on that concept just a bit, in terms of backups, everybody's looking for that last known good, that one little click the button and let it roll, and you're hoping that everything comes back in and of itself. Unfortunately, ransomware doesn't really enable that easy of a procedure. It can live with inside the backups, backups are being increasingly targeted, snapshots are being increasingly targeted. We've heard some customer examples of where entire backups have been corrupted with ransomware and ultimately deleted. So the flip side to that is we have customers working with CyberSense, there's a customer in Spain that was able to leverage the alert, they were able to tell us that... This was prior to the dashboard feature being launched, but they were able to get these emails, the all-is-good emails, and then there was a trigger, and they were able to go in, identify the extent of the ransomware attack, and then also understand what data was corrupted within recent backups, and then they were able to go back even further to previous snapshots that were not corrupted, so that you could pull back that particular granular data, A, quickly, and B, you have this trusted dataset that enables you to recover not only quickly, but also with confidence that you are bringing back data that is good, that is not corrupted.
Christophe Bertrand
>> What I really like about it, being the old product guy that I am-
Rob Mossi
>> Yeah....
Christophe Bertrand
>> is the fact that it has a ton of metrics, so you can measure all of this.
Rob Mossi
>> Right.
Christophe Bertrand
>> It gives you a lot of ability to also test your recoverability, so you get precision, there's no question about that. You get essentially a solution that has been tested in a real world with, I think you cover 7,000 or 8,000 variants of ransomware, I'm sure-
Rob Mossi
>> Correct....
Christophe Bertrand
>> that number is only growing. And I think the AI piece, to me, the way you've used it is very important, very key. I think there's a lot of talk about AI in cybersecurity, mostly on the attack side. On the defense side, I think not everybody's born equal. It feels like your use of both ML and AI is really changing the ability for the end user to control what used to be very hard to control, which is an unexpected type of attack. So if you think about the number of customers you've talked to, what you've seen in the field, what recommendation would you have to people who are now considering a solution to reinforce their cyber resiliency, maybe considering Index Engines, what are the things they should ask vendors to do?
Rob Mossi
>> Well, I think it's part of an overall security strategy. We like to consider cyber recovery as part of a team sport, and that would be cybersecurity. Our recommendation to customers is to really understand what you're doing at the perimeter to keep things out, and then really understand what you have as far as a plan that is in place in case somebody gets in. And I think that's really one of the important factors I hear with CyberSense is that I think some organizations are not looking at what happens if there is a cyber attack, if it gets within your walls. And the ability to recover quickly with precision, as you mentioned, I really do love using that descriptor for CyberSense, being able to use that with the precision that is necessary to understand, A, what has happened, B, give yourself a plan to recover rapidly and much smarter than someone who's just looking through backups, looking for potentially a last known good, identifying where some of those problems might be within a particular snapshot, or rebuilding from old snapshots. So it does get a little bit complicated, but Cybersense really simplifies it. It gives you that point, it gives you the confidence that, A, you're protecting your critical data, B, it's giving you the precision that you need and the accuracy in detecting the data, and then C, it's giving you the ability to have a smart recovery, where you know that what you're bringing back is valid.
Christophe Bertrand
>> Well, Rob, thank you so much for spending time with us today, we've covered a lot of ground, so thank you very much.
Rob Mossi
>> Yeah, this was great. Thanks, Christophe.
Christophe Bertrand
>> And to our viewers, thank you very much for taking the time. My name is Christophe Bertrand, I'm a principal analyst here at theCUBE Research, and cyber resiliency matters, so check out Index Engines when you get a chance. Thank you very much everyone.
