Index Engines gains traction with major OEM partnerships

Quietly and behind the scenes, startup Index Engines has notched up Dell, IBM, and Infinidat as OEMs for its ransomware detecting CyberSense technology.

Index Engines was started up in 2003 in Holmdel, New Jersey, by CEO Tim Williams, a former Bell Labs engineer. In July 2021 we wrote about Williams’ background in founding startups and selling them, saying: “Index Engines was started up a month after he left Tacit (Networks), and its software provides searchable indexes of primary and secondary stored data. There is no VC funding whatsoever in this now 18-year-old and profitable business. It sells to relatively few OEM customers and has little need to market its products to the wider enterprise world.”

It has just recruited two senior execs – Geoff Barrall as chief product officer and Tony Craythorne as chief revenue officer – and they spoke to us about the technology and go-to-market activity of Williams’ company.

They identified three current OEMs using its CyberSense technology in a briefing:

  • Dell’s on-premises and in-cloud PowerProtect Cyber Recovery vault products use Index Engines’ CyberSense software technology, with full content indexing and searchability for ransomware activity
  • IBM’s Storage Defender product is also based on CyberSense software
  • Infinidat’s InfiniSafe Cyber Detection is the third OEM deal for CyberSense

Product lines

In 2021, we noted the company had four product lines:

  • Catalyst – to index terabytes to petabytes of unstructured file and mail data using file metadata, and identify aged data, abandoned and active data, duplicates, large files, multi-media files, Personal Identification Information (PII), and more
  • Octane eDiscovery – to search, cut out, and archive online and offline data
  • Backup Catalog – for legacy backups
  • CyberSense – to scan indexed data using a full content analytics engine that looks inside files and databases to detect invalid data. It includes machine learning to check for malware-caused data corruption

Indexing was the core technology and that has become highly relevant. The rising plague of ransomware has brought with it the need to recover from attacks as prevention is practically impossible – witness the frequency and severity of attacks such as those on Caesars and MGM in Las Vegas. The MGM attack could cost it $100 million, with entry apparently either due to a bad actor impersonating an employee using LinkedIn details, and calling a help desk to get access, or gaining access to MGM’s Okta system.

If you can’t prevent attacks, you absolutely must be able to recover your data or the vast majority of it. That’s the sweet spot Index Engines wants to hit while cyber resilience has become a boardroom-level topic.

The technology

How does CyberSense work? Barrall said: “It’s been able to do some things that I would have thought were close to impossible… They’ve been able to reverse engineer a giant number of formats. And they’ve been able to produce technology which applies that intellectual property recursively. And that’s a hell of a challenge.

“They can take a Commvault backup, and then find a virtual machine in the Commvault backup. They open the virtual machine, because they understand the binary format, then they parse the file system in the virtual machine because they understand the binary format, then they find a Word file in the virtual machine file system. Remember, this is just a binary dump. Then they can open that file using the recursion, the word parser opens up, and then they find an Excel spreadsheet embedded inside the Word document inside the file system inside the virtual machine and they parse that… They look at the binary pattern of that and try and decide where the corruptions occurred.”

In effect, Index Engines has developed connectors into data sources such as Commvault and other backups, snapshots, file systems, databases, and VMs.

Craythorne said: “There are 200 different inspections that we do on every file that we open, that we then feed into machine learning… We are able to spot changes within the file that nobody else can… We can do the same … on a database. We can go down to the record and apply those 200 change algorithms, and feed that into our machine learning engine to see if it’s been corrupted.”

The company says it has reversed engineered database and other structured and unstructured data formats so that its detection engine can look inside database records, for example, and find evidence of corruption.

Barrall said: “They’ve had 20 years to build up this giant library. And most of it, obviously, was produced for indexing. But it also works great for malware detection, which is a very high priority problem right now.”

How much data do customers using CyberSense scan? Barrall replied: “Customers want to scan more or less everything. So we have customers with petabytes of data that we have to see. And so the product has to be clever…  We pay a lot of attention to change logs and other triggers that help us find the things that have actually been modified.

“When you’re scanning that kind of data, first of all, you need parallelism… We’ve got customers with 30 or 40 servers that can engage in a giant scan. But also… you need to use a lot of tricks to be able to scan through that data.”

OEMs and profile raising – ‘no plans on going direct’

Craythorne said the company’s revenues were in the tens of millions area. “We’re profitable, we’re cash-flow positive… The company is in really good shape through just a very small number of customers right now. But we are expanding that pretty quickly at the moment. It’s really exciting.”

He was brought on board partly to help raise Index Engines’ profile. “One of the reasons I’ve been hired is nobody knows who we are, that we are the ransomware detection engine behind these products. We do want to promote our own brand a little bit.”

Craythorne said the product is customized quite heavily for each OEM and is not a generic software component.

He said of IBM and Infinidat: “We’re in heavy engagement with them right now, both from an engineering perspective and in sales engagement.” He’s also talking to other companies in the top right of Gartner’s magic quadrant and close to it, emphasizing: “We have no plans on going direct.”


Index Engines claims its analytics and machine learning detect corruption with 99.5 percent confidence. A detection alert is issued and post-attack diagnostics identify when the attack took place, its source, the corrupted data, and the most recent clean version.

Craythorne told us: “We’ve got thousands of customers and some are very small, just scanning a few hundred terabytes, some are scanning 30 petabytes.” These are end-user customers. An OEM told Index Engines that around 30 percent of its CyberSense customers “have had a ransomware attack, and have managed to successfully rollback without any issues whatsoever. They’ve done the scan, they’ve identified the malware. They then have been able to identify where it came in, and when it came in, and so… isolate those files, and then successfully rollback without any phone call to support.” It’s self-service ransomware recovery, as he tells it.

Index Engines, he said, intends “to be the leader in the convergence of cyber resilience and storage. That’s our strategy right there.”

If it manages to notch up one or more of Hitachi Vantara, HPE, NetApp, Pure, or VAST Data as OEM customers, Index Engines could be set for substantial revenue growth.