Interview CyberSense developer Index Engines uses AI and machine learning to look inside databases, as well as backup and other file types to detect signals of malware-caused corruption. It claims a 99.99 percent detection precision rate and has an SLA based on that. CyberSense, it claims, detects over 200 signs of a possible ransomware attack, including:
- Files encrypted in place
- Encrypted files and files with new extensions added
- Files moved into encrypted archives
- Deleted files
- Encrypted pages within database files
- Files replaced with decoys
It sells its technology through white label deals with Dell, IBM, Infinidat, and other third parties. According to the sales pitch, end-user customers can identify the last known good copy of data and recover from malware attacks more efficiently, without having to pay extortionate amounts to retrieve their own hijacked data.
The company hired Neil DiMartinis as CRO in July last year, taking over from the departed Tony Craythorne, and we caught up the with exec to discuss the company’s plans.
Blocks & Files: Why did you join Index Engines?
Neil DiMartinis: What attracted me is … first and foremost, the product we have… is in a market and in a space that is growing. It’s critical to the businesses, and we have a niche, we are doing something that nobody else is doing. So we absolutely believe we’re on the cusp of something really exciting and that there’s going to be a lot of growth over the coming years.
Blocks & Files: Index Engines has three OEM white label-type partnerships with Dell, Infinidat, and IBM, and there are other partnerships. Your background has involved dealing with partners. Is that going to play a large part in what you do? Recruiting high-level partners?
Neil DiMartinis: If you look at how we’re taking the CyberSense product, which is doing the scanning, the closer we get that to production storage and production data, the better [it is] for customers, [and] better for the entire security experience. That is the goal and you look at the partners who can bring the solutions to bear in that storage realm. So, yes, bringing on more partnerships in the storage arena is definitely the goal.
Beyond the storage vendors, as I look at the security challenges, they’re never going to be solved by one company. We really need to, as an industry, work together with alliances to help customers solve this issue, because it’s only going to get more complex and more challenging. That’s absolutely the goal for us; to not only expand our OEM relationships, but also our ecosystem partnerships that are working in this space and bring value to our customers.
Blocks & Files: Would you also be thinking of having direct sales to large enterprises?
Neil DiMartinis: It’s something we have discussed internally, and I wouldn’t say it’s on the horizon for the for the foreseeable future. In terms of the next 12 to 18 months, as we start to think about an Index Engines overarching solution, it could be a possibility down the road. I think, right now, we have so much on our plate working with our current OEM partners that it makes the most sense to continue to leverage that and then figure out, solution-wise, how we take it to market on our own, if that does become the vision.
Blocks & Files: How does Index Engines help its partners compete with or work with other suppliers such as Palo Alto or Rubrik or virtually anybody else we could care to mention? There are massive, massive companies in this area.
Neil DiMartinis: Absolutely. We believe that partnering with the Palo Altos and some of these other security players just complements what they’re doing to tell a better story to their customers. How we help customers together is that, what we’re doing through our scanning engine is providing information on the data and giving customers a clean copy of the data to go back and recover from. When you start to couple that with your other security measures that you’re leveraging within your infrastructure, within your overarching environment, we’re going to help. We’re a piece of the pie. We’re a piece of that recovery whereby, hey, you have a good copy of data. This is where it exists now. You can take it to a clean room and really start to recover smarter.
Blocks & Files: Then you could, from Palo Alto’s point of view, provide a better indication of the infection status of a customer’s data assets, which then feed into Palo Alto’s higher-level security apparatus?
Neil DiMartinis: Yes. I think I would look at it more as the Palo Altos of the world are much more focused on prevention. How do we keep the bad actors out? Right? CyberSense is much more focused on the bad actors that are already in.
So now, what do we do? And that’s where we complement them. The overarching security story is when you get past the prevention, which unfortunately happens; it happens everywhere. These hackers and these bad actors are getting better and better.
And, once you’re there in, now, what is your plan to recover? And that’s where we come into play, because, to your point, with feeding up reports to whatever overarching security manager you’re using, you can now see and look at where’s my last good copy? What does my CyberSense Security Index look like, and so on and so forth, and identify that good, clean copy. Then, using your run books and playbooks and knowing how to recover, you have that process to go recover from your last known good copy.
Blocks & Files: CyberSense can look inside Commvault backups and detect Word files or other Microsoft files and detect signals of infections. Rubrik would say that it can do pretty much the same thing with its backups. So are there situations in which your partners will be competing with Rubrik?
Neil DiMartinis: There are other partners around, other competitors out there, that are looking at the metadata, whereby we’re going down to the file level. We’re looking at the file level. We’re going down to the content level, and we are looking at all the file extensions, etc. And also the fact that we have an engine that’s been around, has 20 years engineering effort, and has AI machine learning that is constantly looking and scanning on a daily basis, learning about your environment, learning what the anomalies could be within the data. And it’s that deep level scanning that we’re doing…. So when it truly comes to the recovery, CyberSense has gone a lot deeper in looking at the content so you know that you can tell where the blast zone was and what’s been impacted and what’s not.
Blocks & Files: You’re going into the content inside, for instance, a Commvault backup. But you could equally do that for Rubrik or Veritas, Cohesity or Veeam, and you’re, in that sense, a potential partner for them?
Neil DiMartinis: The key is the integration between us and those platforms and they obviously have to have the API first to connect in. But, yes, once we have access to them, and develop a connector from CyberSense that will attach to anybody’s storage system, backup platform, what have you, we have the ability to scan almost any data set.
Blocks & Files: Is there scope for Index Engines using GenAI large language model technology to help its end users use your technology better? I’m thinking the answer is likely going to be no.
Neil DiMartinis: We have our own AI engine and machine learning that learns to identify the variants that are out there from a virus perspective and whatnot, but using large language models and generative AI, we would say, is not applicable in this case to our product, per se.
Blocks & Files: What can you tell us about the development roadmap?
Neil DiMartinis: The product continues to improve its integration through partnerships, and we have a lot of exciting things to come down the road; the user interface, the reporting in the dashboards that we’re creating, and it’s all for the customer experience. It’s going to be an exciting year, and we’re looking forward to it.
Bootnote
Get a white paper discussing CyberSense and databases here. Check out a more general CyberSense white paper here and a datasheet here.