Smart infrastructure provider Nebulon today announced the immediate availability of TripLine, an early warning system for cryptographically based ransomware attacks on on-premises systems. It’s designed to quickly identify the precise time and system location where an attack has occurred.
Nebulon said that the new service uses two techniques to achieve this aim. The first is the “secure enclave,” which is a domain isolated from the infrastructure that includes core management and storage functions. Second, it embeds the TripLine functionality into the company’s core Nebulon ON cloud control plane.
Ransomware is malware that typically encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
TripLine, according to the company, works by identifying encrypted vs. unencrypted blocks in a user’s storage arrays. Twice a minute, the results of that calculation are sent to the Nebulon ON cloud service, which compares it to the usual average of encrypted blocks — if the system notices a sudden increase in encrypted blocks, it generates an alert.
Protecting hyperconverged infrastructure
The idea is to provide security for hyperconverged infrastructure systems, which, according to Nebulon, are highly vulnerable to encryption attacks because there’s no isolation between infrastructure and the applications running on them. Even anti-cyberattack systems that rely on snapshotting can become corrupted, making it much more difficult to recover from such an attack.
“This leaves enterprises with no choice but to re-install and reconfigure operating systems and clustering software, then recover application