Profile. Index Engines is a low-profile and little-known company that catalogues unstructured data to create searchable indexes, and uses the indexes to provide the wherewithal for file tiering, eDiscovery, governance and, latterly, ransomware detection with a CyberSense product.
It is privately owned by an entrepreneur with a track record in starting up and selling storage-related software businesses. The huge growth in ransomware makes its CyberSense technology valuable, and the company is nicely positioned to be acquired.
Index Engines contacted us after we ran a story on Dell getting into data management, and said its software was already being used by Dell for data management.
Index Engines was started up in July 2003 by Tim Williams, a former Bell Labs engineer.
Before then, he was the co-founder and CEO of Programmed Logic Corp., which started in March 1990 and changed its name to CrosStor Software ten years later. The company was a creator of NAS appliance operating system software, including the StackFS framework and CrosStor file system. It also developed software to link NAS appliances to SAN storage. CrosStor sold its software to OEMs such as Auspex, Data General, Legato Systems and the Santa Cruz Operation. Dell EMC bought CrosStor for $300 million in stock in November 2000.
After leaving a VP position at EMC in June 2001, Williams invested in Tacit Networks and became its interim CEO, bringing in angel funding to restart the company and pivot it to wide area file sharing (WAFS). After bringing in VC funding he gave way to a permanent CEO in June 2003 and Tacit was bought by Packeteer Networks for $78 million in 2006.
Index Engines was started up a month after he left Tacit, and its software provides searchable indexes of primary and secondary stored data. There is no VC funding whatsoever in this now 18-year-old and profitable business. It sells to relatively few OEM customers and has little need to market its products to the wider enterprise world.
Index Engines’s products include:
- Catalyst — to index from terabytes to petabytes of unstructured file and mail data using file metadata, and identify aged data, abandoned and active data, duplicates, large files, multi-media files, Personal Identification Information (PII) and more.
- Octane eDiscovery — to search, cut out and archive online and offline data.
- Backup Catalog — for legacy backups.
The company packages its technology in three so-called editions:
- Management Edition — metadata indexing, search, reporting, classification and policy-based migration.
- Analysis Edition — classify, migrate, archive, discover sensitive data, detect cyber threats.
- Governance Edition — handles data retention as required by regulations and consumer privacy laws.
An additional product is CyberSense, which is used to detect corrupted data — for example, from ransomware — diagnose the effects and recover from the attack. It uses a full content analytics engine that looks inside files and databases to detect invalid data. CyberSense uses machine learning to check if the data corruption is due to malware. An alert is issued if it is detected (with 99.5 per cent accuracy) and post-attack diagnostics find out when the attack took place, its source, the data which was damaged and the last valid backup set created before the attack.
Download a CyberSense white paper here.
Index Engines and Dell
CyberSense is sold via Dell Technologies and IBM Resiliency Services. The CyberSense software is integrated with Dell EMC’s Data Domain/PowerProtect Cyber Recovery Vault to provide post-process processing — that is, after data ingestion and deduplication.
The software analyses data inside backups to identify files and databases that have been corrupted by ransomware. Jim McGann, VP Marketing and Business Development at Index Engines, told us in a briefing; “It opens up every file and database that changes and checks for malfeasance.”
Cyber Recovery involves an air-gapped vault containing valid golden immutable copies of data, and it can validate recovery processes. It has three aspects to it: isolation, intelligence and immutability. McGann said: “You need a dedicated, isolated environment so you can safely check stuff within it.”
He added: “We’re a last line of defence. Knowing in advance which data is valid speeds recovery.”
Pre- and post-attack processing
He thinks Disaster Recovery products need to change to being for cyber recovery, with constant data content checking. According to McGann, CyberSense can scan 15TB to 18TB of data an hour per node (virtual or physical server instance).
McGann told us Index Engines is talking to cloud providers, storage providers and MSPs about its CyberSense technology and possibilities for Cyber Analytics-as-a-Service, but noted: “We don’t want to conflict with what Dell is selling.”
He said CyberSense is largely a post-attack process: “We want to extend it to pre-attack. We want to find attackers in their dwell time.” That’s the period after they have entered an organisation’s IT infrastructure, but before they actually start corrupting files.
Download a CyberSense for Dell EMC Cyber Recovery data sheet here.
Index Engines appears to have built up a powerful set of software capabilities. Its worldwide partner web page lists Dell EMC, DXC Technology, IBM, NTT, TATA Consultancy Services and Unisys — six enterprise-focussed businesses that use its software.
After 18 years in business this is a relatively small set of partners, and speaks to the lack of outside VC investment and commensurate pressure to grow and expand the business rapidly.
Williams founded and sold CrosStor in a ten-year period. He was in and out of Tacit Networks in a three-year period. Now he has spent 18 relatively quiet years at Index Engines — this leopard must have changed his spots. Will the ransomware pandemic cause him to lift the marketing noise level and raise Index Engines’s profile? Watch this space.