DataGravity pitches virtual machine-aware security to stop ransomware

DataGravity report screen

Continuing its pivot into the security market following last year’ exit from the storage hardware business, DataGravity Inc. today is announcing DataGravity for Virtualization, a product suite that protects data in virtual machine environments.

The company said it’s initially targeting the product at small-to-medium-sized enterprises and positioning it as the most effective protection against ransomware, the rapidly growing new form of malware that has infected nearly 40 percent of organizations during the past 12 months, according to Osterman Research Inc.

DataGravity, which has raised $92 million in funding and is headed by veteran entrepreneur Paula Long, maintains that conventional approaches to security – such as perimeter defenses and access control – fail to address the bigger problem of protecting data. “Once you get at the data, there’s very little to stop you from exploiting it,” Long said in an interview.

Conventional data loss protection, or DLP, products monitor for activities against data but don’t go far enough in detecting anomalies and recovering rapidly from breaches, Long said. DataGravity’s approach is to apply heuristics to the process, constantly monitoring data access patterns and looking for anomalies. The company also incorporates full-text indexing of unstructured data to enable customers to better understand where their critical information lives.

“Right now nobody knows what they have,” Long said. “They could have credit cards or passwords on a public share and not know it.”

Anomaly monitoring permits the software to pick up on activities that DLP would miss, Long said. In one real world customer example, a disgruntled employee attempted to sabotage her firm by truncating files but not deleting them. Such activity would not necessarily be flagged by DLP tools, but was quickly spotted by DataGravity.

The trouble with virtual machines

Virtual machines present distinctive problems because when they are cloned or data is moved between them, the access controls don’t necessarily go along for the ride. The result is that organizations can lose track of entire virtual disks or machines, potentially exposing their contents outside existing access controls.

DataGravity automatically discovers an organization’s VMs and treats discrete virtual disks as objects that can be monitored. The software identifies abnormal behavior, such as large-scale file operations or encryption, and alerts administrators to the potential of a breach. It also takes snapshots whenever aberrant activity is detected, thereby minimizing potential data loss. DataGravity claims it can thus not only stop ransomware attacks in their tracks but can quickly restore compromised data from the most recent snapshots.

“We can see if ransomware is happening, take a snapshot of that VM and then do forensics to tell you what user had the issue, what files they touched and what files they didn’t touch,” she said. “Then we recover data from within the product.”

DataGravity doesn’t manage user privileges directly but can shut down accounts through integration with Phantom Cyber Corp.’s security automation and orchestration platform.

Pricing was not announced in advance, but Long said it will be posted today on the company’s website.

Image courtesy of DataGravity