VOX

NetBackup 10.2 introduced a new anomaly detection framework through which we delivered two   new extensions, Image Expiry and Client Health Anomaly. Both of these utilize our machine learning engine to provide just-in-time detection capabilities keeping our customers one step ahead of the new cyber attacks.

These extensions and any new ones will be available in a single package to simplify deployment and will receive regular updates.

In this edition we would like to introduce you to an Isolated Recovery Environment (IRE)
that enables air-gapped backup copies by disabling network connectivity to a secure copy of your critical data, providing administrators a clean set of files on demand to neutralize the impact from a ransomware attack. 

We conducted Royal and Ryuk ransomware attack on NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform.

We have carried out Maze and Lockbit ransomware attack on a NetBackup client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client health anomaly is detected. Once the anomaly is detected, the Client Health anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform.

In this edition we would like to introduce a feature which is RBAC in NetBackup enhances security by ensuring that users have the appropriate level of access and control over backup and recovery operations. It helps prevent unauthorized access and minimizes the potential for errors or data breaches caused by users with overly broad permissions.

In this edition we would like to introduce a feature which is Anomaly Detection of ransomware file extension. During a backup operation NetBackup 10.3 check all file extensions, compares them with the ransomware extension list and generates an anomaly if there is a match.

We have carried out Rhysida and Akira Ransomware attack on VMware infrastructure protected by NetBackup and post attack, a system anomaly of type ransomware file extension was generated.

NetBackup rules engine is a new feature added in NetBackup 10.3 which is a rules-based engine that can trigger certain threshold-based detection use cases. The rule engine detects abnormal activities through NetBackup audit data.

In this edition we would like to introduce a feature which is Multi Person Authorization(MPA) NetBackup Security Administrator can configure multi-person authorization. It proactively protects NetBackup primary servers from an undesirable or a malicious act by ensuring that a second authorized user approves that action before it is allowed to take place.

We have carried out BianLian and NoEscape Ransomware attack on NetBackup Client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client Health anomaly is detected. Once the anomaly is detected, the Client Health system anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform.

In this edition we would like to introduce a feature is Multi-factor Authentication which is a multiple-step account login process that requires you to enter a 6-digit one-time password along with your password. It is strongly recommended that you configure multi-factor authentication to protect the security of your account.

We have carried out Faust and Mallox ransomware attack on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform.

In this edition, we would like to introduce a feature known as Data-in-transit encryption(DTE). The security policies require the backup administrator to ensure that the channel on which NetBackup Clients send metadata and data to NetBackup Servers be secure. In NetBackup 10.0 and later, the data and metadata are encrypted over the wire.

We conducted Lucky and MuskOff ransomware attacks on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform.

We conducted LostTrust and LeakDB ransomware attacks on the NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform.

We conducted Trigona and Wannacry ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".WNCRY" by Wannacry ransomware and "._locked" by Trigona ransomware, resulting in the generation of a Ransomware file extension-based anomaly detection.

We conducted 8Base and Medusa ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".8base" by 8Base ransomware and ".medusa" by Medusa ransomware, , resulting in the generation of a "Client Health anomaly". We have published script options for automating Malware scan host configuration and anyone can refer to the May 2024 newsletter for in-depth details.

We conducted BlackBasta and BlackCat ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".basta" by BlackBasta ransomware and ".uhwuvz" by BlackCat ransomware, , resulting in the generation of a "Client Health anomaly". In this edition, we would like to introduce a feature known as NetBackUp risk engine anomaly detection which detects certain system anomalies in a proactive manner and sends appropriate alerts, enabling corrective action to be taken before any security threats can impact your environment.