 Hey, how are you? Hi, so please introduce yourself. Hey, my name is Jim McGann. I'm with Index Engines and today we're going to talk about our CyberSense product. I'm responsible for business development and partnerships at Index Engines, and I'm going to give you some overview about our product and talk about ransomware, which is a hot topic in the news today. So it is a hot topic, like for example, something happened in Sweden where a whole bunch of stores were shut down for a bunch of days because their data got stolen. So where do you come in? What do you do with all this security and ransomware? Yeah, I mean, you're hearing about a lot of this in the news. So I've been in technology for many years and no one really knew enough about technology to ask me questions about what I do for a living, but now everybody knows about ransomware because it's all over the news, whether it's being gas lines being shut down or food manufacturers being shut down or in your case, these stores in Sweden. What we do is to help protect organizations and protect their data. So we know that cyber criminals are breaking into the companies and trying to encrypt and corrupt and make their data unusable to cripple the business. The more they can cripple the business, the more ransom they can ask for. They hold the company hostage. So what we do with CyberSense is we look at the data and we look at the data and see how it's being corrupted or what type of corruption occurs. And the data is a wide range of data. It includes core infrastructure, like active directory and networking infrastructure, things like production databases, things like user files, the stuff that companies can't live without. So CyberSense works in the background, monitors those different data sources, and sends an alert when suspicious behavior occurs and say, hey, something strange is going on that you need to look at. Does that make sense? So how does ransomware work? Where do they get in and what do they do with the data? They basically corrupt the whole data or part of it and... Yeah, that's the change that's been happening recently is they use very creative and sophisticated ways to get in. There was an attack last year, late last year, on this company SolarWinds, where the ransomware basically embedded themselves in legitimate security applications. The companies then distributed the update to their software to all their customers, which was distributing hidden ransomware. And then customers installed it, which is a normal upgrade to the software, but they also installed malware on their systems. So there's lots of creative ways that they're getting in. And that's a challenge for customers is they have lots of security applications that they have running, you know, virus scanners and real-time firewalls and all sorts of things to protect the perimeter and protect their environment, but the cyber criminals are smart and they're getting past that data, past that security systems and getting into the data center. And once they get in there, they spend their dwell time, the time before they attack, to really investigate what security applications are running, what backup software are they using. And in a lot of cases, they harvest or they hijack user names and permissions and passwords to log into these applications and shut them down. So for example, shut down their backup and disaster recovery software, shut down their firewalls, shut down their security applications. And then at that point, they have unfettered access to the data, right? So the data, I'm guessing in all these organizations, tens of thousands of big organizations in the world, they encrypt all their data, but that's not enough. So basically ransomware doesn't care about looking at the data, they just care about making it unusable? Well, that's the way it used to be, 100% right. So they made it unusable by mostly encrypting it or corrupting it. Now what we're seeing as a new trend is they're using keywords to search for things like contract or sensitive or confidential in names of folders and names of files, and that's the data that they're encrypting. So they're being very surgical and very tactical about that and encrypting very the most important stuff. What they're also doing is they're taking that data outside the data center and holding it hostage or threatening to publish it. So can you imagine if a hospital gets attacked and they find sensitive patient records and they threaten to publish those patient records? Or they find intellectual property and they threaten to publish that intellectual property? That is devastating for a company. So everything they're doing is really to motivate companies to pay millions of dollars in ransom, whether you're a hospital or a large financial services firm or a manufacturing organization. So it's not the randomness that it used to be. Now it's very tactical and these cyber criminals are getting in and their dwell time is a long period of time where they're inspecting the environment and saying, how can I make the most impact here and threaten them with the worst threats that they can possibly foresee and ask for the biggest ransom? So I guess maybe your customers deal with multiple hundreds of terabytes of data, maybe petabytes of data and I'm guessing when I'm just trying to do an index or scan some files in my hard drive with just video files and stuff, it looks like it's using a lot of resources to try to figure out what's in there. Do you run some type of computers on the network that do all this processing to analyze the data constantly? Yes. So what CyberSense does which is very unique is it's a full content scan so it's looking inside every file and databases to understand how they change over time and to look for signs that are indicative of an attack. So what we've done is we've integrated tightly with backup software, backup targets, backup servers to be able to understand the data, the change rate of the data, the data changes on a daily basis which is typically a small volume of data. So it keeps up with that. Yeah, I mean it's a resources are required or servers are required but what you want CyberSense to do is to do the heavy lifting and to spend that time to check the integrity of the data to have allowing customers to have confidence that when they need to recover, they know that the data is good. So using the compute and using the power of analytics and machine learning and the advanced compute technology really makes that an automated process for customers and we have customers that are using CyberSense on petabytes of data and customers using CyberSense on terabytes of data so it's a wide range of deployments out there. Sometimes when I download a big file on the internet there's this little check file, check some or something like that, right? A little file next to it that kind of, is it related to that kind of, how do you, do you build a bunch of index kind of stuff that can recognize that the data is actually what it was originally? Yeah, so what CyberSense does is for example look at a file, so a PDF for example and CyberSense looks at the extension of the PDF, looks at the structure of the PDF, looks to see if it's encrypted and it looks at the header of that content. So the header gives you a lot of information about what the structure should look like, what the extension should be and so on. So it uses over 200 analytics that examines the file and then the analytics are fed to machine learning saying, hey that file looks okay and it looks normal or that file looks like there's been some corruption or tampering that's been going on. So the fact that CyberSense uses all those analytics and machine learning, that automated process results in a 99.5% level of confidence that CyberSense has found data corruption due to an attack. So what we see here in the slide, 99.5 effective, it says detect, diagnose, recover. Yeah, the biggest challenge that customers find is that, you know once data starts to be corrupted, the question is where's the last good copy of these? So they're making copies of data through their data protection software through replication. So when they get attacked and say 50,000 files are encrypted, that you can diagnose that and figure out what happened. And using these analytics that look at content, look for encryption, look at data integrity, you could basically say hey it looks like these 50,000 files were corrupted and by the way I know where the last good version of these files are. So restore those on the network, on the primary network and recover very quickly. What you don't want to happen is once data is being corrupted, is to have your organization spend time is like hey, where's the last good version of these files? And if they spend time building out a clean room and restoring these into a clean room to say are these good or are these corrupted, that's not when you want to do that process. You want to continually check the integrity of your data and say now I know if we get shut down tomorrow, I know where the last good version of these files are and that's really the whole premise of CyberSense. The holy grail of being in 2021 and 2022 is to be able to, let's say there's a fire in your data center, you need to just survive. Let's say there's a ransomware on your current data, you need to be able to switch to a backup immediately and if the backup is corrupted, you need to have a backup of a backup or something like that and it just needs to be seamless, right? Yeah, well you know the cyber criminals are smart and they know what backup software is being used and we've seen some cases with some of the malware out there where they actually shut off the backup software. So if your organization is thinking that your data is being backed up and replicated and protected, you may find after your attack that that's not the case or you may go and we have customers that have gone to their backup catalogs to do a recovery and find that their backup catalogs were corrupted or we go to see customers that go to restore data out of their backups and they find that data in the backup are encrypted. So basically blindly accepting the fact that your backups are good is really not a resilient strategy. So checking the data with analytics and making sure that the data is good is really the only true way that customers would understand that they can recover seamlessly and quickly. Are you basically using what's the modern trend of AI and machine learning and stuff like that? Exactly, exactly. So using machine learning that's been trained on all the things that cyber criminals do to data allows machine learning to use the analytics to say, hey, is this happening in our environment? So we know that there's a lot of different attack vectors out there. A lot of them are involving, as you mentioned, encryption or data corruption. But what we're seeing now is that they're getting very smart and they're trying to hide their tracks. So there's a new ransomware that came on the market in July. It's called lock file. And lock file goes inside a file and encrypts random bits with inside the file. Here's another example of something called Alpha Locker that if you look at this type of malware, it maintains all the metadata intact. So the file name and the file size and the file extension are all the same before attack and after attack. But by going in and reading the header and looking for encryption, you can see CyberSense would see that inside the file there's suspicious activity. So the fact that these guys are very smart, they're very well funded, they're making a lot of money, they're using machine learning and advanced technology to attack companies. So companies need to combat them with equal or better technology to make their environment safe and secure and to recover very quickly. So on this slide, I see in the bottom it says file entropy, 48 on one side and 99 on the other side. What does that mean, the file entropy? Yeah, if you build this out one more time, you'll see in the green highlights, one more click on the slide, you'll see, yeah, in the green highlights at the bottom, as you mentioned, there's two different entropy scores. So we use a algorithm that looks for the random disorderness of a file. So when you encrypt a document or a file, it becomes very disordered, that's the nature of encryption. So we assign a 99 score to a file that has become encrypted. So anything with a 99 score, as the one on the right does, that's been encrypted. And if you see at the upper green highlight, you'll see the other file type is unknown. So they've corrupted the header of this file. And that's where machine learning or the machine learning is going to say, hey, those two factors looks like something like an alpha locker attack. So if you're just looking at the metadata highlighted in the yellow there, everything looks okay. And this file looks okay. But if you look at the green components there, it's not okay, it's been corrupted. Can't maybe an attacker fake those parts too? It's hard to fake some of the aspects of the file. I mean, that's why CyberSense is constantly adding new analytics to look for just different types of factors that are indicative of an attack. So we monitor all the new attack vectors that are on the market. And when we see those, we add new analytics to counter those types of approaches. So we're constantly keeping up with what they're doing and staying ahead of the curve. And what we see here on this slide, you're fully automated. Yeah, so we have a number of partners that are integrating CyberSense with their storage platforms, with their backup environments. Dell EMC, Dell Technologies has integrated this with their Cyber Recovery product. So in their Cyber Recovery product, the CyberSense analytics are an integral part of that solution. So what Dell does with their solution is they isolate the data. So it's kind of taking the critical data assets and putting them in an isolated storage environment that cyber criminals don't even know exists. They're hiding their critical data. Then they make it immutable, which is locking it down so nobody can modify it. And then they apply analytics, which is CyberSense to it, to check and make sure the data has integrity. So they use an approach which they call the 3Is, is isolation, immutability, and intelligence to check the data and isolate it. So the idea is you can go into that isolated vault when you've been attacked and know that what's in there is clean and good and can be recovered very quickly. Can you mention a little bit more about where you position in the market because I guess people have firewalls, they have antivirus, they have all bunch of stuff, right? Yeah, I've talked to companies that have 50 or 75 security applications running in their data center. The question I ask them is, do you feel safe? And they're like, no, we don't. Because there's people out there that have sophisticated technology that'll infiltrate and break in. So we are not... CyberSense is not a replacement for any of those security applications. We think they're good, we think they're important, we think they're mandatory and critical. What CyberSense is really is a last line of defense. And as a last line of defense, when you think that you're not 100% covered by those security applications, monitor your data, look at how it changes over time, and see if you find any suspicious behavior. And if you do, CyberSense will detect it and CyberSense will give you a much quicker recovery plan versus if you didn't have CyberSense. What's your background or the company's background? Is it like in search engines? How does it compare with Google? Yeah, I mean, that's interesting. You mentioned Google. If the internet didn't have Google or search capability to search and classify data, the internet would just be a bunch of stuff that you'd really need to have a direct link to be able to get access to. It wouldn't be very useful. Google made large volume of data very useful and available to the world. We started out with that same premise, is in the enterprise there's a large volume of data. Let's make it useful, let's make it searchable, let's make it discoverable, and let's allow customers to classify it because there's different classes of data. So what CyberSense is one of the components of what we do with index engines is the ability to classify data based on suspicious behavior due to a ransomware attack. We also have in our product the ability to classify data based on age and usefulness and redundancy and any old project or intellectual property data or sensitive data or personal data. Europe has the GDPR regulations, California and the US has different regulations. Customers need to treat their data differently and to understand what they have and to manage it in a different way to be able to support not only regulations but able to support data integrity checking which is where CyberSense comes in. A lot of the reporting capability that we built in like this post-attack diagnostic capability is to help customers understand who, what, where and when of an attack. I think when customers are in a situation where they have regulatory requirements around personal data or get attacked by ransomware they need to be able to quickly understand what happened and classify the data and to manage it effectively and that's never been the case and that's really what the premise of index engines has been and why we were in business today. And if I go here to the next slide what is this show here? Yeah, this is kind of the report that customers rely on with our CyberSense product is if you woke up tomorrow and you're in the IT organization and went into your company and found lock screens on all your computers saying hey, we have your data hostage CyberSense would be able to kick out this report and what CyberSense does is it'll tag all the last good versions of files so for example if they went and corrupted or encrypted 50,000 files and locked them up CyberSense would say, hey here's the last good version of those 50,000 files and it would give you this report and say hey, these 50,000 files are contained on these backup sets so these are the backup sets this basically would be your hit list of recovery you would use your backup software to go to these backups and say hey, recover these backups in production and the business operations would go back to a normal operation and that's really what customers want is how quickly can I get back to normal operation and this is one of the reports that they would go to immediately So there's different ways of putting the data potentially in the Amazon AWS cloud or in the Google cloud but I guess many enterprises want to host their data it's like one of the most precious things in the enterprise right and so they want to have it on their hardware and that's where you come in right No, I mean CyberSense can run in the cloud as well so it's architected to be really transparent wherever it needs to run so I mean in the Dell deployment that we have right now that runs on premise there is a cloud deployment that's in the works but it can run in lots of different environments and you'll see CyberSense in lots of different iterations in the future Alright so there's a special partnership here with Dell but how many different platforms are there that people like to use out there and do you work on all of them? Yeah, well Dell was first to market with CyberSense Dell's been selling this directly for a number of years and very successfully so we have joint customers around the globe hundreds of customers using this today there's other partners that are coming in the coming year possibly late this year definitely early part of next year so there'll be other deployments that will be available in the short term I guess you're very more and more in demand as the use of data grows exponentially right and people need to manage all this data and make sure they don't lose it Yeah, I mean data is the lifeblood of the organization so I mean if you wake up at a personal level if you wake up and your laptop is completely locked and frozen that's not going to make for a good day but if you're a manufacturing organization or a hospital or a financial services firm that could shut your business down we saw the colonial pipeline attack in the U.S that shut one of the main oil pipelines down it was headline news and gas prices increased and people stood online for gas and panic so not only is it an impact to the business but it impacts companies' reputations and so on if you're a financial services firm that gets locked down then customers say I should think about where I put my money and secure my money and I guess maybe there is more and more demand for these kind of experts that work in this kind of backups and data security and stuff like that and they all need to get on board and on the page of your latest tools and maybe do you educate them, do you have outreach in that kind of way yeah absolutely it's a very hot topic I mean there's the people are definitely in demand, we are hiring if you're looking for, if you're a developer out there and are looking for a job come to our website indexendance.com and apply but it's a very hot topic and I think there's a lot of education going on I think companies are still learning what to do, I think vendors are still learning how to approach this but this is a very fast moving, very dynamic space and it's going to be for the next couple years, it's not something that's easily solved so how old is the company and have you pivoted into this kind of ransomware proposition or is it something you've been working on for like a decade or a long time or the company is just over 15 years old so we've been around for quite a bit our core technology is at play here so everything we built allows for extreme scalability like you said to process significant volumes of data, petabyte class to process data that's in complex formats like backup images so all that is the core technology that has been in development for 15 years the ransomware analytics is something that's fairly new, we did a little bit of a pivot there because one of our partners Dell was asking for capabilities there but it's really, it's everything that we've architected and been built for is comes to play with this product and we've had great success over the past few years and we have a lot of technology that can expand and help support other use cases beyond just cyber So where are you based? We are headquartered in New Jersey in the US on the east coast but we have, you know, we have people across the globe that support the sales activity and the technical activity throughout the world Would you say that you are offering something completely unique or you have competitors in this kind of space or do you have competitors that do things completely differently than the way you do? We have, you know, a lot of the competitors that we have are more competitive on the marketing messaging they're kind of copying our messaging Technology wise, I think the 15 plus years of development we're way ahead of the curve in terms of what we can deliver to the market. A lot of vendors have kind of just created very very lightweight versions of what CyberSense does and just packaged it as a CyberSense alternative but we do a lot of proof of concepts that customers test this and see that that's not true We've seen customers that have deployed some of those things that look like it's competitive and have been attacked and seeing that they're not, their cyber resiliency just isn't there So I mean a lot of, as you mentioned it's a lot of education to customers about what the technology is and when we talk to true cyber security engineers and professionals they understand what we've done and appreciate the work and the technology that has really been deployed Do you have to partner with like hard drive makers or CPU makers to use all their security acceleration and maybe the way the hard drives have formatted Are you part of like developing that? Yeah, the when you deal with large systems of data, tight integration with either the backup targets or the backup storage vendors or even the cloud vendors is really required So there's a lot of orchestration that goes on with these vendors and that really makes the product a lot more scalable and the performance a lot faster and we've been doing that on a regular basis and we will continue to do that in the future Can you describe a little bit like in terms of how does the business model work Do people have to pay based on how big the company is or how much data there is Yeah, they pay based on how much data is being processed with the analytics So we have customers that are using analytics on a terabyte of data and again we have customers that are using analytics on tens of petabytes of data They pay different prices obviously So it's definitely affordable and through partnerships like Dell they've sold this into small regional school systems which unfortunately are attacked very frequently or small healthcare organizations that are being attacked all the way up to major global financial services firms that have multiple data centers across the globe So it's very affordable on the low end and it supports large scale deployments as well So you've never been attacked Your solution No I mean you've never lost the attack No So we have customers that have been attacked We have customers that have deployed CyberSense and have found that there's data corruption in their environment that they weren't aware of So CyberSense provides the insight and the intelligence to help recover so one of the recent customers that was attacked was a school system they had been attacked before and frequently when customers get attacked and they pay a ransom they're on a target list because they're a known payer so why wouldn't you attack them again So within one week of being deployed with CyberSense they were attacked again but they didn't pay the ransom and they were able to recover very quickly So they found it useful on the first week that they deployed the technology So how many enterprises have shut down that just gave up and like just got sad just changed business Yeah they don't give up I mean a lot of companies spend weeks or months recovering I mean I know of local government organizations that spent six months recovering and the challenge is that there's a lot of data that's just not recoverable so you know and when you're dealing with you know licenses what they could be business licenses or marriage licenses or police records and it's not recoverable so what's the impact of that it could be pretty severe So I think they're you know organizations do recover do they recover 100% of their data probably not and that that hurts their business long term And of course you provide full privacy guarantees or something like that like people if you get customers in Europe or in Asia they can be secured that there's no kind of way that your system gets like a backdoor into reading data Yeah I mean our system is for example the Dell deployment it's integrated into an isolated vault and that you know that's off the network so it can't be corrupted or infiltrated so and then we have a lot of security mechanisms in place to know that you know they're not going to embed their malware within our technology so we've taken a lot of precautions to protect the software for customers and I guess there's a list of all the supported platforms and stuff like that that people can be using that you work on right you don't just work on any platform yeah I mean there's you know within a lot of our integration has been within backup software so you know there's there's specific environments that we support and that's very important for customers to understand it's all the common ones that are that are out there and the popular ones that are out there so All right and has it been going in the last 18 months accelerating your business? It's just growing? Yeah no it's been growing very strongly I mean I think you know we kind of growing in lockstep with the ransomware activity and we know through the pandemic that they've definitely ramped up their activity very strongly because there's a lot of people working from home so that makes networks more accessible or vulnerable so we've seen customers that were going into a six or nine month test evaluation of our software quickly go into a purchase because of their fear of what's happening out there and I think some of these major attacks get a lot of coverage in the news but it also creates a lot of fear and customers need to deploy something very quickly so our growth has been astronomical over the past few years partly because of our partnerships and partly because the space is one of the most the hottest space that is very well funded by IT organizations and I guess your enemies like these ransomware hackers and stuff they must be extremely talented and where are they is it just like everybody is talking about Russia is that really where they are or could it be like anywhere and nobody knows where they are Yeah the main ones are out of Russia or out of North Korea out of China out of the Middle East so those are the main Ukraine those are the main ones that are and those organizations are well funded and they are also funded allegedly funded by the government to support that business so they are not going away anytime soon there are buildings and buildings full of these very smart criminals that are out there and supported and there is no repercussions for them so they are not going away so my understanding of cryptocurrency is limited but I've been hearing about it for a decade and I kind of wish I invest in the beginning but I'm joking so as far as I understand they are always using crypto to get paid right? they are not coming like telling you to throw a bag of money under the bridge it's crypto and but as far as I understand that crypto can be tracked so why don't the banks just like the global banking system just shut this down? yeah it says a lot of talk about that if they shut down cryptocurrency there will be other ways they will get paid I think that's making it harder for them it can be tracked in a sense there was one attack in the US a major attack where the FBI was able to track it and to stop payment they have to be on top of it very quickly to do that before it gets transferred and so on so I think making it difficult for companies to pay or making it illegal for companies to pay will probably take that process and move it underground or they will use agents or partners to be able to make those payments they will find ways to work around it I think there is lots the government can do to make it more difficult for them but they will find ways it's too successful and too profitable for them to just walk away from it I'm not just talking about shutting down crypto which is one question which China could do by pushing a button somewhere but what I'm thinking is that as far as I understand when you send crypto to someone it's a public ledger everybody can see which ID got it and then the whole banking system can make sure that whenever that one tries to withdraw you know immediately who it is and you can shut that part down so they might get the crypto but they can never do anything with it there are things that they can do and financial services firms can do what we see that happening with a lot of the cyber criminals is they constantly shut down their organization and then start up a new one so they are constantly reinventing themselves in different environments but they will find ways to get paid there are lots of approaches and a lot of that stuff will go underground you remember Bitcoin and everything was very mysterious early on so they will find another approach to getting paid isn't it actually the whole ransomware stuff is like one of the main real uses of the crypto that it seems that some people are hyping it up as a future of currency but actually it's harboring this kind of activity which maybe it's a little bit weird you remember it was really cheap now I don't know what a single Bitcoin goes for these days but it's been very successful and I think ransomware is a big piece of it I was doing videos about Bitcoin when it was like a dollar it's too bad I didn't have like a few dollars to invest but whatever so thanks a lot are you going to any kind of virtual events or real events coming up yeah we do a lot of events a lot of events with Dell a lot of virtual stuff we do a lot of training and you'll see some webinars and education sessions that are coming up will be available there or follow us on LinkedIn out and about at these different virtual events hopefully physical events sometime soon and I guess it's a lot to do with enterprise but also governments get involved in this kind of stuff so there's a lot of very important events about government tech and high tech and stuff like that a lot of that stuff the biggest targets for cyber criminals have been education hospitals, financial services manufacturing obviously government regional government as well so I mean it's just across the board their equal opportunity cyber criminals so alright thanks a lot and thanks everybody for watching we didn't forget to talk about some topics right? yeah no no I think we're good I appreciate the time today and hope everybody found it of interest thanks and I'm looking forward to the 100% safe and secure backups and data protection and everything and I'm sure you're going to be providing that right? 100% 99.5 right now 99.5 yeah lots more information on indexengines.com check us out thanks thanks for watching