{"id":90608,"date":"2023-05-10T04:41:00","date_gmt":"2023-05-10T04:41:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=90608"},"modified":"2023-05-10T04:41:00","modified_gmt":"2023-05-10T04:41:00","slug":"nebulon-aims-tripline-at-ransomware-detection-in-storage","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=90608","title":{"rendered":"Nebulon aims Tripline at ransomware detection in storage"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/nebulon-aims-tripline-at-ransomware-detection-in-storage.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Nebulon has launched Tripline, a <a href=\"https:\/\/www.computerweekly.com\/resources\/Data-protection-backup-and-archiving\">ransomware detection<\/a> capability that samples <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/input-output-I-O\">input\/output (I\/O)<\/a> every 30 seconds to test for unusual volumes of encrypted data, with claims it can send the first alerts of a ransomware attack after 2.5 minutes.<\/p>\n<p>Tripline fits into an existing portfolio of ransomware protection and recovery tools from <a href=\"https:\/\/www.computerweekly.com\/news\/252513426\/Nebulon-gets-Ansible-collection-for-datacentre-deployment\">Nebulon<\/a>, which it claims can help customers recover from an attack within four minutes.<\/p>\n<p>\u201cGenerally, if customers are CIOs and CTOs, top of mind for them is ransomware and protecting their organisations from it,\u201d said Craig Nunes, chief operating officer at Nebulon. \u201cAccording to Gartner, 75% of organisations have had to <a href=\"https:\/\/www.computerweekly.com\/podcast\/Podcast-Ransomware-data-protection-and-compliance\">deal with ransomware threats<\/a>, so we had to have an offering with certain capabilities around security and resilience.\u201d<\/p>\n<p>Tripline samples data frequently and uses machine learning (ML) to identify anomalous patterns that indicate unusual levels of encryption. In so doing, it can alert customers of an attack and give details about when and precisely where the attack has affected data.<\/p>\n<p>Nebulon is following a common theme among storage providers that have focused on the ransomware threat. In most cases, storage suppliers make more of a deal of recovery and the ability to restore data from <a href=\"https:\/\/www.computerweekly.com\/feature\/Immutable-snapshots-aim-to-neutralise-ransomware\">protected snapshots<\/a>. Nebulon is possibly unusual in focusing on ransomware detection, albeit in concert with recovery from snapshots.<\/p>\n<p>Tripline functionality is built into the core of Nebulon\u2019s offer \u2013 its services processing units (SPUs), which offload data services and storage management from the server, and which are managed via a cloud-based controller and admin interface. SPUs and connected flash drives form Nebulon pods and are effectively a hyper-converged infrastructure (HCI) solution.<\/p>\n<p>Nebulon\u2019s anti-ransomware functionality addresses the potential weaknesses of HCI, said Nunes.<\/p>\n<p>\u201cWith HCI, data services and the storage operating system are connected. If one part becomes the attack surface, everything can be compromised. So if you can detect ransomware in data volumes and the OS [operating system], it\u2019s going to be better.\u201d<\/p>\n<p>Tripline is intended to work with Nebulon\u2019s Timejump to provide its claimed four-minute recovery. Tripline is enabled within the so-called Nebulon Secure Enclave, which is an isolated infrastructure domain that includes server management, data services, boot and data volumes, and attached solid-state drives (SSDs) as well as the Nebulon ON cloud control plane.&nbsp;<\/p>\n<p>Timejump is based on snapshots held in the secure enclave that can be recovered from when a ransomware attack has been detected. The claimed four-minute recovery is therefore dependent on the rapid detection promised by Tripline.<\/p>\n<p>\u201cBeing able to detect encryption patterns quickly allows for quick recovery,\u201d said Nunes. \u201cIt shrinks the window, which is beneficial when the average time to respond to such attacks is six days, according to research.\u201d<\/p>\n<p>But what about ransomware attacks that lead to <a href=\"https:\/\/www.computerweekly.com\/feature\/Ransomware-and-backup-Overcoming-the-challenges\">exfiltration of data<\/a> and ransom demands? Nebulon is yet to tackle that threat, but is working on it.<\/p>\n<p>\u201cCurrently, the ML works around encryption,\u201d said Nunes. \u201cBut exfiltration looks different, and the ML needs to identify different patterns, namely sequential bursts, and that\u2019s something we\u2019re working on.<\/p>\n<p>\u201cWhat we offer is very much near real time. Other tools such as those offered by the backup vendors are very good but they\u2019re not real time and protect data only,\u201d he added.<\/p>\n<p>\u201cAttacks often unfold from the OS, BIOS, which we watch, but we also watch application data too. The idea is that if you had a faulty electrical outlet in your home, you\u2019d want to know when it started smoking and deal with it then rather than wait for your whole house to be engulfed in flames.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nebulon has launched Tripline, a ransomware detection capability that samples input\/output (I\/O) every 30 seconds to test for unusual volumes of encrypted data, with claims it can send the first alerts of a ransomware attack after 2.5 minutes. Tripline fits into an existing portfolio of ransomware protection and recovery tools from Nebulon, which it claims [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":90609,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-90608","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/90608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=90608"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/90608\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/90609"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=90608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=90608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=90608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}