CryptoSpike Ransomware Protection & File System Auditing Robert Graf

Slides:



Advertisements
Similar presentations
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Advertisements

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Frangipani: A Scalable Distributed File System C. A. Thekkath, T. Mann, and E. K. Lee Systems Research Center Digital Equipment Corporation.
Elad Hayun Agenda What's New in Hyper-V 2012 Storage Improvements Networking Improvements VM Mobility Improvements.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Confidential [Offline] Regular Demo installation SOP for ME172V.
SmartLog X 3 TEAM Basic SmartLog X 3 TEAM Basic DescoEMIT.com USER STATUS USER EDIT TEST LOG ADMIN TEST MACHINE SCHEDULE INSTALL System Requirements:
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,
Barracuda Load Balancer Server Availability and Scalability.
Tutorial 11 Installing, Updating, and Configuring Software
systemhound © Raxco Software Belgium systemhound PC inventory software.
NUMOSS NURUL ‘IZZATI BINTI OTHMAN A
Hands-On Virtual Computing
An Introduction to IBM Systems Director
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
W2K Server Installation It is very important that before you begin to install Windows 2000 Server, you must prepare for the installation by gathering specific.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE Virtual Appliance Presenter Name: Patrick Nicholson.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Linux Operations and Administration Chapter Two Installing OpenSUSE.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
1 Chapter Overview Using Standby Servers Using Failover Clustering.
Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.
Active-HDL Server Farm Course 11. All materials updated on: September 30, 2004 Outline 1.Introduction 2.Advantages 3.Requirements 4.Installation 5.Architecture.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
Software Version: DSS ver up13 Presentation updated: September 2010 How to Connect a DSS V6 to another DSS V6 with an iSCSI Target Volume.
Software Version: DSS ver up85 Presentation updated: September 2011 Step-by-Step Guide to Asynchronous Data (File) Replication (File Based) within.
Step-by-Step Guide to Asynchronous Data (File) Replication (File Based) over a WAN Supported by Open-E ® DSS™ Software Version: DSS ver up85 Presentation.
UFIT Infrastructure Self-Service. Service Offerings And Changes Virtual Machine Hosting Self service portal Virtual Machine Backups Virtual Machine Snapshots.
Client-Side Malware Protection for your site
About ProLion CEO, Robert Graf Headquarter in Austria
Web Content Security Unlock the Power of the Web
Check-in System.
Robert Graf | CEO Mobile
Monitoring Storage Systems for Oracle Enterprise Manager 12c
ZIMBRA DESKTOP USER MANUAL
Critical Security Controls
Installation, setup and use - Ferro Backup – V1.1
CMS Central Version 1.0 Made by Eden Sun Jan 2010.
A Technical Overview of Microsoft® SQL Server™ 2005 High Availability Beta 2 Matthew Stephen IT Pro Evangelist (SQL Server)
Services Course 9/9/2018 3:37 PM Services Course Windows Live SkyDrive Participant Guide © 2008 Microsoft Corporation. All rights reserved.
Creating a Windows Server 2012 R2 Datacenter Virtual machine
Creating a Windows Server 2016 Datacenter Virtual machine
Monitoring Storage Systems for Oracle Enterprise Manager 12c
Robert Graf | CEO Mobile
Printer Admin Print Job Manager
Get to know SysKit Monitor
More than just File Sync and Share.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Welcome and thank you for choosing SharkGate
HC Hyper-V Module GUI Portal VPS Templates Web Console
CryptoSpike Robert Graf CEO Mobil
CryptoSpike Robert Graf CEO Mobil
Robert Graf CEO Mobil
Linux Operations and Administration
Robert Graf | CEO Mobile
About ProLion CEO, Robert Graf Headquarter in Austria
Administrator’s Manual
HC VMware Module
ClusterLion Automatic switchover for SAP HANA Robert Graf CEO
DataOptimizer Transparent File Tiering for NetApp Storage Robert Graf
Presentation transcript:

CryptoSpike Ransomware Protection & File System Auditing Robert Graf CEO rg@prolion.at +43 664 1314403 2nd Sept. 2019

1001110110101110100111111001 We care about your data! protect manage analyze

Transparency on File System Access and Auditing Worst Ransomware Strains Who created, changed, copied, deleted…. data when, where,…

Detailed Traceability who? when? what? how? File deleted! Comprehensive filter possibilities: Recognise anomalies: File Activity SMB_DEL

Malware and Ransomware Threats WannaCry CryptoLocker Petya Worst Ransomware Strains

Ransomeware attack at Lukaskrankenhaus in Neuss

3 days loss of data!!! The only option: 2.000 User 10.000 files being manipulated Vol. 1 50 Mio. Files Vol. 1 The only option: Restoring the whole volume to Tuesday’s Snapshot Ransomware Attack Ransomware attack Ransomware attack: Filename & filetype have not changed Last-access-dates have not changed All files seem to be the same as before How can GOOD files be separated from BAD files? Mo Tu We Th Fr SnapShots Data 3 days loss of data!!!

All other users continue to work WITHOUT data loss! 10.000 files being manipulated Vol. 1 50 Mio. Files Vol. 1 The Restore: ONLY the changed (damaged) files will be restored! single file restore Active Blocking! Anomaly detection and White- / Blacklists Affected files are identified Transactions are being logged Detail overview of all users Only affected contents being restored! Data Mo Tu We Th Fr SnapShots All other users continue to work WITHOUT data loss!

CryptoSpike CryptoSpike Manager Blacklist CryptoSpike Portal Fpolicy *.*locked *.*kraken *.*crypto *.*cry *.exx Collect Blacklist form different Community Projects and Websites License Mgmt Add new Customers Blacklist Updates *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx load CryptoSpike manage Blacklist Pull from server .pdf .xls .doc .jpg .giv Whitelist CryptoSpike Portal Setup Wizard Blocked Users File History /Restore Config. / Management Pattern Learner Fpolicy Server CryptoSpike concept CryptoSpike Server

Live-Demo

Access Blocking Block Ransomware As soon as ransomware is detected, access for effected user is blocked Alert via email and in portal Infected files are displayed in detail and are ready to be restored

Easy Restore Choose files to be restored Click „Restore“ button /RestoreFolder Choose files to be restored Click „Restore“ button Select Snapshot Choose restore location Confirm „Restore“ Done! One-button-restore

Transparency on Users File Access User IOPS User Actions File Activity Location / Path

Summary Easy Installation (.OVA / .VHDX) Complete recording of all file activities Transparency and traceability on file access (Auditing) Real time Ransomware detection <0,5ms Machine learning of access patterns Detect anomalies Immediate automatic blocking of affected user Central Whitelist and Blacklist provide additional protection One click Restore from NetApp SnapShots Multitenant capabilities for Service Providers Licensed per Storage Controller (ONTAP primary Systems) CryptoSpike Benefits

Installation and Prerequisites Download .OVA or VHD/VHDX File: http://releases.prolion.at/CryptoSpike/ 3 VM’s and 3 IP Addresses are needed to deploy Virtual Machine CryptoSpike Server     CryptoSpike FPolicy Server CryptoSpike FPolicy Server 2 VM based on Linux Debian 9 Hardware Prerequisites: 1x CryptoSpike Server: 8 vCPU, 12 GB RAM and 100 GB Disk-Space 2x FPolicy Server: 4 vCPU, 8 GB RAM and 20 GB Disk-Space Check Network Connectivity: Data LIF SVM <-to-> FPolicy Server (High performance, low latency) FPolicy Server <-to-> CryptoSpike Server (Throughput ~ 40 MB/s) CryptoSpike Server <-to-> ONTAP (Latency and Throughput is not critical) One-button-restore

...we go the extra mile...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.