1 / 17

CryptoSpike

CryptoSpike. Ransomware Protection & File System Auditing. 2nd Sept. 2019. We care about your data !. 1001110110101110100111111001. protect. manage. analyze. Transparency on File System Access and Auditing. Who created , changed , copied , deleted …. data when , where ,….

rdykema
Télécharger la présentation

CryptoSpike

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CryptoSpike Ransomware Protection & File System Auditing 2nd Sept. 2019

  2. We care aboutyourdata! 1001110110101110100111111001 protect manage analyze

  3. Transparency on File System Access and Auditing Who created, changed, copied, deleted…. datawhen, where,…

  4. DetailedTraceability who? what? how? when? File deleted! Comprehensivefilterpossibilities: Recogniseanomalies: SMB_DEL

  5. Malware and Ransomware Threats WannaCry Petya CryptoLocker

  6. 2.000 User 10.000 files being manipulated Vol. 1 50 Mio. Files Vol. 1 The only option: Restoring the whole volumeto Tuesday’s Snapshot Ransomware attack • Ransomware attack: • Filename & filetypehave not changed • Last-access-dates have not changed • All files seem to be the same as before • How can GOOD files be separated from BAD files? Data SnapShots Tu Mo Th Fr We 3 days loss of data!!!

  7. 2.000 User 10.000 files being manipulated Vol. 1 50 Mio. Files Vol. 1 The Restore: ONLY the changed (damaged) files will be restored! • Active Blocking! • Anomaly detection and White- / Blacklists • Affected files are identified • Transactions are being logged • Detail overview of all users • Onlyaffectedcontentsbeingrestored! single file restore Data Tu Mo Th SnapShots Fr We All other users continue to work WITHOUT data loss!

  8. CryptoSpike Manager Collect Blacklist form different Community Projects and Websites • License Mgmt • Add new Customers • Blacklist Updates CryptoSpike load *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx manageBlacklist Blacklist Pattern Learner Pull fromserver .pdf .xls .doc .jpg .giv Whitelist CryptoSpike Portal • Setup Wizard • Blocked Users • File History /Restore • Config. / Management Fpolicy Server CryptoSpike Server

  9. Live-Demo

  10. Access Blocking • As soon as ransomware is detected, access for effected user is blocked • Alert via email and in portal • Infected files are displayed in detail and are ready to be restored

  11. Easy Restore /RestoreFolder • Choose files to be restored • Click „Restore“ button • Select Snapshot • Choose restore location • Confirm „Restore“ • Done!

  12. Transparency on Users File Access User Actions User IOPS Location / Path

  13. Summary • Easy Installation (.OVA / .VHDX) • Complete recording of all file activities • Transparency and traceability on file access (Auditing) • Real time Ransomware detection <0,5ms • Machine learning of access patterns • Detect anomalies • Immediate automatic blocking of affected user • Central Whitelist and Blacklist provide additional protection • One click Restore from NetApp SnapShots • Multitenant capabilities for Service Providers • Licensed per Storage Controller (ONTAP primary Systems)

  14. Installation and Prerequisites • Download .OVA or VHD/VHDX File: http://releases.prolion.at/CryptoSpike/ • 3 VM’s and 3 IP Addresses are needed to deploy Virtual Machine • CryptoSpike Server     • CryptoSpikeFPolicy Server • CryptoSpikeFPolicy Server 2 • VM based on Linux Debian 9 • Hardware Prerequisites: • 1x CryptoSpike Server: 8 vCPU, 12 GB RAM and 100 GB Disk-Space • 2x FPolicy Server: 4 vCPU, 8 GB RAM and 20 GB Disk-Space • Check Network Connectivity: • Data LIF SVM <-to-> FPolicy Server (High performance, low latency) • FPolicy Server <-to-> CryptoSpike Server (Throughput ~ 40 MB/s) • CryptoSpike Server <-to-> ONTAP (Latency and Throughput is not critical)

  15. ...wegotheextra mile...

More Related