Ensuring the Data Integrity of your Backups with GuardMode
Martin Phan
02/01/2023
Ransomware Detection and Recovery Built-In to your Backup Software
GuardMode provides early detection of ransomware or data-related anomalies before you backup your data. GuardMode, ransomware protection for backups, is complementary to the endpoint and edge protection, monitoring file shares and system behavior, even over the network, instead of relying on a specific binary fingerprint. GuardMode maintains and regularly updates over 4000 known ransomware threat patterns, and assesses affected files.
While ransomware detection solutions were built for security teams to use, GuardMode was designed with the backup administrator and your backup solution in mind, with an easy to configure detection mechanism and the ability to guide administrators in recovering the critical affected data.
WHY GUARDMODE
Designed for Scale and Extendability
We designed GuardMode to be a complementary ransomware and data anomaly detection that enhances the security posture of your backup and storage teams, and therefore your company.
Distributed architecture
Data-related events are stored on the client and synced to the server. Analysis and anomaly detection happens independently from the server.
Smart Processing
GuardMode only processes active data and analyzes file heuristics rather than block heuristics (a lot fewer events).
Integration Flexibility
Modular architecture for plugin-like extensibility for data sources and targets, and making integration with SIEMs through REST API or Syslog as simple as it can be.
Why GuardMode
Benefits to Backup Admins and IT Ops
“It is the responsibility of every company to do all they can to harden their cybersecurity stance. This includes monitoring that the data they are backing up has not been compromised by ransomware, and that they can recover their systems and data from their backups. With the GuardMode agent in the new DPX 4.9 release, Campus and our clients’ IT backup teams have a valuable tool to help ensure that their data is being proactively monitored and protected, and that they can identify and recover any data that may have been compromised.” — Timo Fischer, System Architect, Campus Computer Systems.
Early Detection to Block Ransomware
Know what files were impacted and when. Detect, alert and act early!
Rollback just the Affected Data
Restore just the affected data without brute force reversion back to a point in time snapshot.
Customizable Alerting
GuardMode allows for customizable alerts, so an admin can be notified immediately in case of an attack.
Minimize Disruption
Integrate with snapshots and maximize customer investments in primary storage.
Easy to Use
Easy to set up and use, and can be integrated with existing security solutions, making it an effective addition to an overall security strategy.
Proactive Detection
Continuously monitors for ransomware-like behaviors and takes action to block it, providing proactive detection for known and unknown threats.
FAQS
Frequently Asked Questions
What is GuardMode?
GuardMode is pre-backup solution that provides an additional layer of protection to a backup and recovery solution, specifically for ransomware and ransomware-like threat detection. It is distributed as an agent installable on Windows and Linux hosts. It exposes a REST API and has built-in plugin architecture that can be used for integration with existing security or data protection infrastructure.
What operating systems are supported?
GuardMode supports Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9.
How can I try GuardMode on my infrastructure?
Please reach out to us using the contact form to get access to the downloads and the documentation.
How do I benefit from getting the GuardMode?
GuardMode provides an additional layer of protection against ransomware, by detecting suspicious activity in real-time, alerting the user immediately, and preventing the ransomware from encrypting backups, thereby minimizing the impact of an attack on the user’s data and systems.
Which of Ransomware strains are detected?
GuardMode uses behavior-based detection techniques to identify ransomware-like behavior, such as abnormal file access patterns, unusual process execution, and other indicators of malicious activity. This allows it to detect a wide range of known and unknown ransomware strains.
How is GuardMode different from XDRs or AntiVirus software?
GuardMode is software that provides an additional layer of protection and detection that can be integrated with a backup and recovery solution, specifically for ransomware detection. It is different from XDRs (Extended Detection and Response) and Anti-virus software as it focuses on detecting ransomware-like behavior on monitored file systems and attempts to track the damage to allow rapid return to production with only the affected data
How long does it take to detect ransomware?
The time it takes to detect ransomware with GuardMode can vary depending on the specific implementation and configuration of the solution. Generally, GuardMode uses advanced algorithms and behavior-based detection techniques to detect ransomware in real-time, as soon as it begins to encrypt files. This means that it can detect ransomware before it can cause significant damage, and alert the user immediately. While for blocklist type of detection, an alert will be instantaneous, for threshold and behavior based detection it might be several seconds.
Can GuardMode protect from ransomware infections?
GuardMode is a pre-backup solution designed to detect and alert on suspicious activity that may indicate a ransomware infection, and to prevent the ransomware from encrypting backups. This can help to minimize the impact of an attack on the user’s data and systems. However, GuardMode alone is not a complete solution for protecting against ransomware infections. It works as an additional layer of protection, it can be integrated with other security solutions, like enterprise or endpoint data protection, intrusion detection/prevention systems to provide a more comprehensive defense.
What are the licensing models?
GuardMode is available to DPX customers free of charge as a part of the DPX Enterprise Data Protection suite. For standalone installations, please reach out to us.
