8011 - Index Engines 和 IBM：通过经过验证的不可变存储恢复实现高级网络弹性.pdf

1、Fireside Chat:CyberSense for IBM Storage Defender Sentinelpresented by2025Jim McGannChief Marketing OfficerIndex EnginesJoe SpellmeyerStrategic PartnershipsIndex EnginesRansomware has been around for years.Why arent snapshots and backups enough anymore?WHAT IS THE PROBLEM?WHAT IS THE SOLUTION?Overco

2、nfidence in Snapshot StrategyFalse Sense of ProtectionExposed Blind SpotsAcknowledge Legacy WeaknessesIdentify Gaps in Snapshot Strategies(e.g.,data integrity)Establish Shared ResponsibilityPurpose-Built to Detect Evolving ThreatsByte-level inspection+training on real ransomware means CyberSense det

3、ects the most evasive threatsVariantDescriptionCommon AnalysisCyberSense AnalysisAlphaLockerMaintains original metadata Metadata will FAILAnalysis of content will detect corruptionWhiteRoseSlow corruption 1 file/sec.to evade thresholdsThresholds will FAILMalicious changes in small number of files wi

4、ll detect corruptionXoristXOR encryption with no changes to entropy or compression Detection of encryptionusing compression rates will FAILChaosBase64 encoding to minimize entropy or compression200+analytics with analysis of content will detect corruptionLockFile,BianLianPartial/Intermittent encrypt

5、ionThis approach is 60%of current attacksIs paying the ransom a viable recovery strategy?What does the data show?WHAT IS THE PROBLEM?WHAT IS THE SOLUTION?54%of Attacked Organizations PaidOnly 8%Got Their Data Back AfterMost Got 51 75%of Data BackEliminate Payments from PlaybookReliable Recovery Capa

6、bilitiesBottom line?Days or Weeks to Fully RecoverEven with clean copies,why does recovery still take so long?WHAT IS THE PROBLEM?WHAT IS THE SOLUTION?Hidden or Subtle CorruptionDormant Malware in SnapshotsManual,Investigative Recovery StepsFaster ID of Clean Recovery PointsValidated Data Integrity