VMware Ransomware Recovery is the industry’s first Ransomware Recovery as-a-Service (RRaaS) offering that empowers organizations to quickly, confidently recover from modern ransomware attacks using a VMware-managed, cloud-based Isolated Recovery Environment (IRE) with embedded behavioral analysis. Recovery is the last line of defense to protect organizational data from modern attacks, but prevention and detection also play a key role. VMware is proud to announce the introduction of Intelligent Threat Detection (Technology Preview), a new capability in VMware Ransomware Recovery designed to proactively prevent, detect and respond to encryption events across protected workloads to minimize the blast radius of a successful attack. With this new feature, VMware Ransomware Recovery is now expanding to address modern ransomware detection. This capability will deliver enhanced visibility into the behavior of the data being protected, which will help organizations stop attacks earlier and speed up the recovery process.
To proactively detect hidden ransomware, Intelligent Threat Detection performs aggressive behavioral analysis on live VMs in the IRE to spot anomalous behavior of the data (such as malicious memory code injections, registry updates and powershell scriptings) and automatically generates threat scores based on indicators of compromise which inform on the presence of ransomware threat signals for review and aggressive response. The behavioral analysis performed on the live VMs can be more thorough and aggressive than what could be done in the production environment, as the memory and compute of the IRE are used instead of production resources. Periodic inspections can also be scheduled to run automatically by the user without impact to production performance.
Intelligent Threat Detection also allows for early detection of encryption events, where offline snapshots stored in the Cloud Filesystem go through scheduled inspections powered by AI/ML techniques that use data and metadata-based parameters such as entropy changes, file deletion or modification and suspicious file extensions to detect the patterns that are associated with ransomware encryption events. It helps with early encryption detection and speeds up recovery by enhancing guided restore point selection capabilities with a risk assessment score that’s automatically assigned to recovery snapshots. This score will help assess the scope of the attack and minimize the blast radius.
Want to learn more about Intelligent Threat Detection? Join one of our sessions at VMware Explore Barcelona or come by the VMware booth to talk to one of our experts:
[CEIB1616BCN] 10 Exciting Things to Know About VMware Ransomware and Disaster Recovery
[CEIB1179BCN] Enforce a Zero Trust Ransomware Defense
[CEIB1617BCN] VMware Ransomware Recovery Customer Panel
[CXS2308BCN] Disaster Recovery in the Ransomware Era
[CEIM1396BCN] Meet The Experts: VMware Ransomware and Disaster Recovery
[CEIT1395BCN] Architecting DR Solutions to Meet Ransomware and Disaster Recovery Goals
