Data Insight provides the analytics, tracking, and reporting necessary to deliver organizational accountability for file use and security. Designed to manage the needs of organizations with petabytes of data and billions of files, Data Insight integrates with archiving and security solutions to prevent data loss and ensure policy-based data retention.
When it comes to ransomware detection, Data Insight includes anomalous behavior detection, custom ransomware-specific query templates, and file extension identification that can all be used to detect ransomware.
Data Insight includes policy-based monitoring and alerting that is near real-time, which helps in detecting any malicious or anomalous behavior from user accounts.
It does this by scanning the unstructured data systems it monitors and collecting audits of all users read, write, create, delete and rename activities performed on the files as well as security and file counts for each user. It compares historical data it has collected and looks for statistical standard deviations to help detect anomalous behavior and identify accounts that might be compromised due to ransomware.
In addition, social network analysis, combined with anomaly detection, points out the malicious user accounts in the environment.
To provide more details on malicious or anomalous behavior and further detect ransomware specific activity, Data Insight includes various ransomware specific query templates.
These templates capture counts of activities such as writes and renames performed on the files by each user. If the count is higher than the specified threshold value, then the files on which the activities occurred could be exploited.
The following ransomware query templates are included with Data Insight:
In addition, Data Insight captures file metadata, including file extensions. This information can be used to generate reports that can identify the location of known potential ransomware file extensions and accordingly take actions. This can be helpful to find ransomware infected systems and orchestrate remediation.