Presentation is loading. Please wait.

Presentation is loading. Please wait.

CryptoSpike Ransomware Protection & File System Auditing Robert Graf

Published byJade McBride Modified over 5 years ago

Similar presentations

Presentation on theme: "CryptoSpike Ransomware Protection & File System Auditing Robert Graf"— Presentation transcript:

1 CryptoSpike Ransomware Protection & File System Auditing Robert Graf
CEO 2nd Sept. 2019

2 1001110110101110100111111001 We care about your data! protect manage
analyze

3

4 Transparency on File System Access and Auditing
Worst Ransomware Strains Who created, changed, copied, deleted… data when, where,…

5 Detailed Traceability
who? when? what? how? File deleted! Comprehensive filter possibilities: Recognise anomalies: File Activity SMB_DEL

6 Malware and Ransomware Threats
WannaCry CryptoLocker Petya Worst Ransomware Strains

7 Ransomeware attack at Lukaskrankenhaus in Neuss

8 3 days loss of data!!! The only option: 2.000 User
files being manipulated Vol. 1 50 Mio. Files Vol. 1 The only option: Restoring the whole volume to Tuesday’s Snapshot Ransomware Attack Ransomware attack Ransomware attack: Filename & filetype have not changed Last-access-dates have not changed All files seem to be the same as before How can GOOD files be separated from BAD files? Mo Tu We Th Fr SnapShots Data 3 days loss of data!!!

9 All other users continue to work WITHOUT data loss!
files being manipulated Vol. 1 50 Mio. Files Vol. 1 The Restore: ONLY the changed (damaged) files will be restored! single file restore Active Blocking! Anomaly detection and White- / Blacklists Affected files are identified Transactions are being logged Detail overview of all users Only affected contents being restored! Data Mo Tu We Th Fr SnapShots All other users continue to work WITHOUT data loss!

10 CryptoSpike CryptoSpike Manager Blacklist CryptoSpike Portal Fpolicy
*.*locked *.*kraken *.*crypto *.*cry *.exx Collect Blacklist form different Community Projects and Websites License Mgmt Add new Customers Blacklist Updates *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx load CryptoSpike manage Blacklist Pull from server .pdf .xls .doc .jpg .giv Whitelist CryptoSpike Portal Setup Wizard Blocked Users File History /Restore Config. / Management Pattern Learner Fpolicy Server CryptoSpike concept CryptoSpike Server

11 Live-Demo

12 Access Blocking Block Ransomware As soon as ransomware is detected, access for effected user is blocked Alert via and in portal Infected files are displayed in detail and are ready to be restored

13 Easy Restore Choose files to be restored Click „Restore“ button
/RestoreFolder Choose files to be restored Click „Restore“ button Select Snapshot Choose restore location Confirm „Restore“ Done! One-button-restore

14 Transparency on Users File Access
User IOPS User Actions File Activity Location / Path

15 Summary Easy Installation (.OVA / .VHDX)
Complete recording of all file activities Transparency and traceability on file access (Auditing) Real time Ransomware detection <0,5ms Machine learning of access patterns Detect anomalies Immediate automatic blocking of affected user Central Whitelist and Blacklist provide additional protection One click Restore from NetApp SnapShots Multitenant capabilities for Service Providers Licensed per Storage Controller (ONTAP primary Systems) CryptoSpike Benefits

16 Installation and Prerequisites
Download .OVA or VHD/VHDX File: 3 VM’s and 3 IP Addresses are needed to deploy Virtual Machine CryptoSpike Server     CryptoSpike FPolicy Server CryptoSpike FPolicy Server 2 VM based on Linux Debian 9 Hardware Prerequisites: 1x CryptoSpike Server: 8 vCPU, 12 GB RAM and 100 GB Disk-Space 2x FPolicy Server: 4 vCPU, 8 GB RAM and GB Disk-Space Check Network Connectivity: Data LIF SVM <-to-> FPolicy Server (High performance, low latency) FPolicy Server <-to-> CryptoSpike Server (Throughput ~ 40 MB/s) CryptoSpike Server <-to-> ONTAP (Latency and Throughput is not critical) One-button-restore

17 ...we go the extra mile...

Download ppt "CryptoSpike Ransomware Protection & File System Auditing Robert Graf"

Similar presentations

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Frangipani: A Scalable Distributed File System C. A. Thekkath, T. Mann, and E. K. Lee Systems Research Center Digital Equipment Corporation.

Frangipani: A Scalable Distributed File System C. A. Thekkath, T. Mann, and E. K. Lee Systems Research Center Digital Equipment Corporation.
Elad Hayun Agenda What's New in Hyper-V 2012 Storage Improvements Networking Improvements VM Mobility Improvements.

Elad Hayun Agenda What's New in Hyper-V 2012 Storage Improvements Networking Improvements VM Mobility Improvements.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Confidential [Offline] Regular Demo installation SOP for ME172V.

Confidential [Offline] Regular Demo installation SOP for ME172V.
SmartLog X 3 TEAM Basic SmartLog X 3 TEAM Basic DescoEMIT.com USER STATUS USER EDIT E-MAIL TEST LOG ADMIN TEST MACHINE SCHEDULE INSTALL System Requirements:

SmartLog X 3 TEAM Basic SmartLog X 3 TEAM Basic DescoEMIT.com USER STATUS USER EDIT TEST LOG ADMIN TEST MACHINE SCHEDULE INSTALL System Requirements:
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. We create innovative software solutions for SharePoint,

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
Tutorial 11 Installing, Updating, and Configuring Software

Tutorial 11 Installing, Updating, and Configuring Software
Www.systemhound.be systemhound © 2001-2007 Raxco Software Belgium systemhound PC inventory software.

systemhound © Raxco Software Belgium systemhound PC inventory software.
NUMOSS NURUL ‘IZZATI BINTI OTHMAN A150807 951020036056.

NUMOSS NURUL ‘IZZATI BINTI OTHMAN A
Hands-On Virtual Computing

Hands-On Virtual Computing
An Introduction to IBM Systems Director

An Introduction to IBM Systems Director
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

Similar presentations

Ads by Google