Catalogic protects Azure and GCP VMs against ransomware

Data protector Catalogic has expanded its Guard Mode ransomware protection coverage and now protects virtual machines running in Azure Stack and the Google Compute Engine

Catalogic has its Cloud Backup-as-a-Service offering for containerized applications on-premises or in the cloud, and its DPX suite for bare metal and virtualized workloads running on-premises. It can back up to on-premises object stores or cloud storage. The DPX family includes vPlus for Microsoft 365, which covers Exchange Online, SharePoint Online, OneDrive for Business, and Teams. The vPlus for Open VMs offerings supports Citrix Hypervisors, KVM, Nutanix Acropolis or AHV, Oracle VM, Proxmox, RHEV/oVirt, Scale Computing HyperCore/HC3, and XenServer, along with Amazon EC2.  

Ken Barth.

Catalogic CEO Ken Barth said: “Backups are now the last line of defense against cyber security threats such as ransomware and malware. Catalogic is committed to stretch left and offer proactive security solutions for our data protection customers. … With these new enhancements to DPX GuardMode combined with DPX instant recoveries, Catalogic customers will be among the best prepared to detect and recover from a cyber attack.”

“Stretch left” is Catalogic-speak for protecting Kubernetes and cloud environments. We think it comes from the containerized DevOps world where “Shift Left” is jargon for automating cloud-native application test, management and operational processes and doing them early on in an application’s life cycle. Stretch left sounds DevOpsy and modern, and would logically include SaaS applications. More on this in a minute.

Catalogic data protection universe.

Catalogic has introduced v4.9 of DPX, having announced v4.8 in July. This included Guard Mode for Windows, which detects ransomware by monitoring file access behavior patterns – local or networked – and comparing them to over 4,000 known and constantly updated ransomware threat patterns with so-called honeypots used as decoys for ransomware attacks. Once threats are detected, admin staff receive alerts.

It has introduced Guard Mode for Linux servers and Samba shares. Backup administrators can also benefit from an increased quality of alerts, where DPX GuardMode measures the level of file entropy and compares known magic signatures on files suspected to be impacted. A file’s entropy level indicates the amount of random data in a file. A magic signature refers to a file’s type – the first few so-called magic bytes in its data that identifies its format.

Catalogic says GuardMode uses active, live forensic techniques instead of analyzing backup data that lags security incidents by several hours, days and even weeks.

One thing that we suspect Catalogic has on its roadmap is protection for SaaS applications beyond M365. It is going to stretch even further left, we envisage, to cover things like Salesforce, ServiceNow, GSuite, Box and Dropbox. Otherwise, companies like OwnBackup and Druva will start eating its SaaS lunch.