Elastio’s data integrity scans delivers unparalleled ransomware defense through its 7 layers of protection.
Contents
- 1. Zero-day Ransomware Behavioral Model
- 2. Zero-Day Ransomware Historical Model
- 3. Zero-Day Deterministic Ransomware Model;
- 4. Insider Threat Protection
- 5. Malware Scans
- 6. Filesystem Integrity Scans
- 7. Storage Security Posture Scans
1. Zero-day Ransomware Behavioral Model
Targets unknown ransomware strains with statistical modeling and machine learning. It detects encryption patterns and identifies attack elements, achieving low false positives (<5 per 10M files) and a false negative rate below 1%.
Model Description
Elastio’s behavioral ransomware model targets unknown ransomware strains. It is a statistical model, combined with machine learning, that clusters the parameter space to efficiently detect ransomware encryption and identify key elements of the attack. The choice of these techniques was based on the explainability of detection and the ability to perform interactive model refinement.
Elastio’s model has multiple analysis subsystems that work in concert, including timing analysis, file integrity analysis, and multiple intermittent encryption detectors, and it is augmented by a multi-lingual semantic analysis system for ransom notes. Elastio’s behavioral ransomware model achieves very low false positive rates (<5 per 10M files scanned) with false negative rates below 1% on unknown ransomware attacks.
2. Zero-Day Ransomware Historical Model
This model watches the evolution of data to unmask ransomware's hiding techniques. It optimizes performance by accurately identifying candidates for deeper analysis.
Model Description
Elastio’s over-time analysis model operates across multiple recovery points or snapshots of the same asset to analyze filesystem differences in the data. Over-time analysis significantly improves accuracy by unmasking several hiding techniques used by ransomware at the filesystem layer that cannot be detected without watching the evolution of data. In addition, delta analysis built into the over-time model improves performance by more accurately identifying candidates for deeper analysis.
3. Zero-Day Ransomware Deterministic Model
Precisely detects both ransomware encryption and the particular ransomware family used in the attack. Elastio’s security lab continually analyzes new families and updates its deterministic models daily.
Model Description
Elastio Platform’s deterministic ransomware model was built by analyzing all known ransomware families since 2014 - 2300+ families and over 10,000 variants. Each family was reverse-engineered, cut off from command and control servers, and patched to induce controlled detonations.
Elastio uses dozens of parameters derived from these detonations to build its deterministic model, which detects both ransomware encryption and the particular ransomware family used in the attack. Elastio’s security lab continually analyzes new families and updates its deterministic models daily.
4. Insider Threat Protection
This layer detects encryption by insiders with valid access and identifies smaller, targeted attacks on critical data that lack the volume indicators of typical ransomware.
Description
Elastio’s encryption detection module is designed to detect insider threats that encrypt data. Insider threats have valid access that passes controls and can tailor their attack to go after the most valuable data, which might be small. Such attacks typically do not show the behavioral patterns of a commercial threat actor focused on the volume of data and are thus missed.
5. Malware Scans
Detects early-stage attacks that bypass endpoint systems, providing critical early warnings.
Description
Elastio deploys an enterprise-grade malware scanning engine that is continuously updated with the latest signatures and backed by an industry-leading database.
Elastio runs its malware scans on stable read-only data within a sandbox. Thus, it can detect early stages of attacks that have bypassed endpoint systems and are hiding their payload from real-time scans. Cleanroom malware scans provide early warning of compromised systems and are a critical defense layer in detecting and stopping threats well before ransomware detonation.
6. Filesystem Integrity Scans
This feature continuously checks server filesystems for corruption that could impact recoverability. It detects issues in both application-consistent and crash-consistent backups.
Description
This has existed for a long time; however, it’s still relevant to the cloud. Elastio conducts comprehensive filesystem integrity checks across Windows and Linux filesystems to continuously ensure the recoverability of clean backups.
Integrity checks detect corruption of VSS snapshots, including those caused by ransomware, in application-consistent backup systems. Elastio also detects corruption of crash-consistent snapshots, where a significant portion of the filesystem has consistency issues.
7. Storage Security Posture Scans
Identifies vulnerabilities in storage configurations, including unencrypted volumes, unattached or misconfigured resources, and public buckets, reducing the risk of unauthorized access.
Elastio analyzes your storage inventory to uncover potential vulnerabilities. It identifies unencrypted volumes that are more susceptible to attacks, unattached volumes that may lack proper protection, volumes without customer-managed keys, and public buckets that could be forgotten or misconfigured, potentially exposing sensitive data to unauthorized access.