1 / 21

CryptoSpike

CryptoSpike. Ransomware- and Malware protection & File-System auditing. „Data is the new oil “. 1001110110101110100111111001. protect. manage. analyse. Transparency on File-System-Access and Auditing. Who created , changed , copied , deleted …. data when , where ,….

mdarnell
Download Presentation

CryptoSpike

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CryptoSpike Ransomware- and Malware protection & File-System auditing

  2. „Data isthenewoil“ 1001110110101110100111111001 protect manage analyse

  3. Transparency on File-System-Access and Auditing Who created, changed, copied, deleted…. datawhen, where,…

  4. File-System-Access at a glance

  5. Malware and Ransomware threats WannaCry Petya CryptoLocker

  6. 2.000 User 10.000 files being manipulated Vol. 1 50 Mio. Files Vol. 1 The only option: Restoring the whole volumeto Tuesday’s Snapshot Ransomware attack • Ransomware attack: • Filename & filetypehave not changed! • Last-access-dates have not changed! • All files seem to be the same as before! • How can GOOD files be separated from BAD files? Data SnapShots Tu Mo Th Fr We 3 days loss of data!!!

  7. 2.000 User 10.000 files being manipulated Vol. 1 50 Mio. Files Vol. 1 The Restore: ONLY the changed (damaged) files will be restored! • Active Blocking! • Anomaly detection and White- / Blacklists • Affected files are identified • Transactions are being logged • Detail overview of all users • Onlyaffectedcontentsbeingrestored! single file restore Data Tu Mo Th SnapShots Fr We All other users continue to work WITHOUT data loss!

  8. CryptoSpike Manager Collect Blacklist form different Community Projects and Websites • License Mgmt • Add new Customers • Blacklist Updates CryptoSpike load *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx manageBlacklist Blacklist Pattern Learner Pull fromserver .pdf .xls .doc .jpg .giv Whitelist CryptoSpike Portal • Setup Wizard • Blocked Users • File History /Restore • Config. / Management Fpolicy Server CryptoSpike Server

  9. Live-Demo

  10. Access blocking • As soonasransomwareisdetecte, useraccessisblocked • Alert via email and in portal • Infectedfilesaredisplayed in detail and arereadytoberestored

  11. Easy Restore /RestoreFolder • Choosefilestoberestored • Click „Restore“ button • Select Snapshot • Chooselocationfor Restore • Confirm „Restore“ • Done!

  12. Access transparency and traceability

  13. Detailedtraceaility who? what? how? when? Dateigelöscht! Comprehensivefilterpossibilities: Recogniseanomalies: SMB_DEL

  14. Will the works council agree? • Specific user-access is protected by dual-login (4-eyes-principle)! • Two or more users need to log in, to view detailed access-information.

  15. Overview

  16. Easy Installation (.OVA / .VHDX) • Complete „recording“ tofileaccess • Transparency and traceability/auditability • Real timedetectionof Ransomware <0,5ms • Immediate automaticblockingofaffecteduser • Machinelearningofaccesspatterns • Recogniseanomalies • Central White lists and Black listsprovide additional protection • Oneclick Restore from NetApp SnapShots • No additional NetApp licencecost!

  17. „Data isthenew Oil“ protect manage analyse

  18. ...wegotheextra mile...

More Related