Table of Content
Use Cases
Ransomware Attack
(Patient, sophisticated)Characteristics
- Malicious changes (software, parms)
- Rogue encryption events
- Subsequent Data attack & ransom
Solution
- Detect malicious changes, alert
- Detect, Intercept, suspend / resume
- Real time alerts, rapid incident forensics
Blitz Attack
(minutes, hours)Characteristics
- Mass deletion / over-write of data files
- Malicious encryption
Solution
- Detect, Intercept, Undelete
- Instantaneous Detection, suspend / cancel / resume
Internal Attack
Rogue insiderCharacteristics
- Has legitimate credentials and MFA
- Change in data referenced
Solution
- Detect unauthorized changes
- Behavior monitoring - suspicious user activity
Exfiltration of data
Characteristics
- Uncharacteristic data transfers
- Send to new IP
- unusual volumes
Solution
- Monitor for suspicious user behavior
- IP / Network monitoring – Vertali zTrust for networks
Recovery
Characteristics
- Infrastructure recovery – without regression
- Data recovery – forward recovery
- Dell, IBM, Hitachi
Solution
- Create surgical recovery steps
- Use conventional and immutable backups
- Support for CSM and SafeGuarded Copies
Compliance
Characteristics
- PCI – 10.5 & 11.5 Log file alterations / reporting
- SOX – report unapproved changes
- NIST, HIPAA, GDPR, Cyber Resiliency
Solution
- Monitor logs, sensitive files, weekly reports
- Unauthorized file changes
- Protect, Detect, Respond, Recover
Incident Response
Characteristics
- Situation Analysis – What was compromised
- Who did it, point in time recovery
Solution
- Integrity monitoring – What, When
- Browser / GUI Forensics tool ,Fetch SMF
- Suspend, resume / cancel, quarantine
- Automated client recovery protocols
Backup Integration
Characteristics
- Are backup files compromised or not created
- Which backups to recover from
Solution
- Validate / retrieve from conventional backups
- Assist recovery from immutable backups
Supply Chain Attack
Characteristics
- Infected build process
- How to verify changes legitimate
Solution
- Automated release comparison
- Augmented control procedures
- Verify deployed correctly
End-to-end Integration
Characteristics
- Integrate with other security tools and assets
- on z/OS, Cloud, other platforms
Solution
- Splunk, ServiceNow, BMC AMI, QRadar,
- Immutable & conventional backups, etc