Catalogic upgrades ransomware, hypervisor protection

Data protection supplier Catalogic has updated its software to provide ransomware pattern matching that protects Microsoft 365 and more hypervisor workloads.

Update: Catalogic ProLion situation explained and GuardMode scanning information added. 13 July 2022.

Catalogic was a copy data management supplier (ECX product) and endpoint and server data protector (DPX product), but it sold its ECX products to IBM in May 2021 to concentrate fully on data protection. It has CloudCasa software to protect containers and a DPX product to protect more traditional workloads. DPX v4.8 introduces Guard Mode for earlier ransomware detection and vPlus to look after Microsoft 365 and various hypervisor environments.

Sathya Sankaran, Catalogic
Sathya Sankaran

Sathya Sankaran, Catalogic COO, said: “DPX GuardMode changes a backup teams’ cyber reliance posture from reactive to proactive with early detection. [It] notifies backup and storage teams of suspicious activity and pinpoints the extent of damage caused by cyber incidents.”

How does it do this? We’re told GuardMode maintains and updates over 4,000 known ransomware threat patterns, and assesses affected files. It also monitors file shares and file system behavior, locally and over the network, as well as relying on a specific binary fingerprints (ransomware patterns). Affected files can be recovered by rolling back to clean versions in DPX’s backup store.

This follows on from Dell announcing its CyberSense ransomware detection capability a few days ago.

Catalogic had a relationship with ProLion, dating from 2019, for its CryptoSpike offering to protect NetApp ONTAP environments. Through this it gained access to a Block List that includes thousands of ransomware file endings or names. There were daily list updates on a CryptoSpike server. However, this is no longer operational, as a Catalogic spokesbody said: “Catalogic started the ProLion relationship around 2019 but it ended as of May 2022 (2 year relationship), although [it is] still selling support renewals. Catalogic ended the relationship in part due to not focusing on NetApp as a key partner anymore (it does not sell ECX anymore to storage vendors), and of course, now with the focus on DPX with GuardMode, and vPlus (Storware 5.0 product) and Catalogic’s CloudCasa.”

Catalogic product set slide
Catalogic product set slide from 2019 or so, showing CryptoSpike and two Storware products

Catalogic told us: “For DPX GuardMode which is Windows only in its initial release, we use the File Server Resource Manager (FSRM)  to do the file level scanning to find compromised files.  FSRM uses a 3rd party community sourced lists of filters or signatures that is updated daily.”

The vPlus addition provides data protection for Microsoft 365, and other virtualization platforms such as RHV/oVirt, Acropolis, XenServer, Oracle VM, and KVM. Catalogic CEO Ken Barth said: “We are excited to extend our relationship with Storware and announce DPX vPlus, that adds Microsoft 365 cloud data protection and expands our coverage of hypervisor workloads. DPX vPlus is fully integrated into the DPX vStor backup repository, and it delivers greater workload coverage for an organization’s edge and cloud data.”

vPlus is not Catalogic’s own software. In fact, Catalogic partnered with Polish data protection software company Storware in 2018 after previously reselling its products. It took an equity stake in Storware, entered into an exclusive distribution agreement to offer Storware data protection products in the North American market, and gained an exclusive right to promote Storware products for potential OEM signings with North American companies.

The agreement covered two Storware products: vProtect and KODO. vProtect is an enterprise backup solution for virtual environments that secures virtual machines running on Citrix XenServer, Xen, Nutanix Acropolis, RHEV, oVirt, KVM, KVM for IBMz, Proxmox, and Oracle VM. KODO is data protection software for Windows and macOS systems (desktops and laptops), mobile devices (iOS, Android), and SaaS platforms (Office 365, Box).

Clearly, DPX vPlus is a combination of Storware vProtect and KODO. 

Catalogic is announcing its ransomware detection and M365/multi-hypervisor table stakes in the data protection market casino. That they are table stakes means they should be welcomed by Catalogic’s customers.