Nebulon, Inc., has announced the availability of TripLine, a new threat detection service designed to alert customers when a cryptographic ransomware attack has been detected, as well as the precise location and point-in-time the attack occurred.
Nebulon TripLine is claimed to be the first combined server-storage threat detection solution for cryptographic ransomware. TripLine is enabled within two parts of the Nebulon solution: the Nebulon Secure Enclave, an isolated infrastructure domain that includes all server lights-out management, data services, boot and data volumes, and attached SSDs; and the Nebulon ON cloud control plane.
Machine learning (ML) runs in the Secure Enclave and identifies encrypted versus unencrypted blocks in real time. Every 30 seconds, these results are sent to the Nebulon ON cloud, which uses a combination of ML and statistical models to compare that data to the historical average of encrypted blocks for a given volume. A spike in encrypted blocks will generate an alert within a few minutes of the first suspicious result.
Nebulon TripLine enables performant ransomware detection and recovery of the entire physical infrastructure without resorting to re-installation or backups. Combined with Nebulon ON, enterprises can benefit from push-button, API-accessible recovery of all affected volumes using TimeJump, Nebulon’s four-minute ransomware recovery service.