Nebulon Launches TripLine
May 2023 by Marc Jacob
Nebulon, Inc.® announced TripLine™, a new threat detection service designed to alert customers when a cryptographic ransomware attack has been detected, as well as the precise location and point-in-time the attack occurred. The company also announced smartDefense, a cybersecurity solution that narrows threat vectors, detects ransomware attacks, and accelerates recovery.
Despite the growing awareness about the dangers of ransomware—nearly two-thirds (63%) of the codebases in production have unpatched vulnerabilities rated “High” or “Critical” according to the March 2023 Unit 42 Cloud Threat Report1. The same report also cites an average response time of approximately six days to a security alert, whereas it only takes a few hours for threat actors to start exploiting a newly disclosed vulnerability.
Nebulon TripLine is the first combined server-storage threat detection solution for cryptographic ransomware. The new smartInfrastructure service can identify attacks on application data as well as the operating system and application software. TripLine is enabled within two parts of the Nebulon solution: (1) the Nebulon Secure Enclave, an isolated infrastructure domain that includes all server lights-out management, data services, boot and data volumes, and attached SSDs, and (2) the Nebulon ON cloud control plane.
Machine learning (ML) runs in the Secure Enclave and identifies encrypted versus unencrypted blocks in real time. Every 30 seconds, these results are sent to the Nebulon ON cloud, which uses a combination of ML and statistical models to compare that data to the historical average of encrypted blocks for a given volume. A spike in encrypted blocks will generate an alert within a few minutes of the first suspicious result.
Hyper-converged infrastructure (HCI), which provides no isolation between infrastructure services and application services, is particularly vulnerable to cyber-attacks. When the HCI operating system (OS) becomes infected, data services become unavailable and the disks that store snapshots protecting application data become compromised, making fast recovery impossible. This leaves enterprises with no choice but to re-install and reconfigure operating systems and clustering software, then recover application data from backup servers which also likely have been compromised—a process that can take days or even weeks.
Unlike HCI, Nebulon TripLine enables performant ransomware detection and recovery of the entire physical infrastructure without resorting to re-installation or backups. Combined with Nebulon ON, enterprises can benefit from push-button, API-accessible recovery of all affected volumes using TimeJump, Nebulon’s 4-minute ransomware recovery service.
Nebulon also announced smartDefense, a new smartInfrastructure solution for narrowing threat vectors, detecting ransomware breaches, and accelerating recovery. smartDefense is intended to complement what organisations have in place for their cybersecurity framework, adding a solution for the deep server-storage application infrastructure. smartDefense protection relies on Nebulon ImmutableBoot, which maintains a known good version of the operating system and application stack within the Secure Enclave of every server. With every reboot, the server reverts to this trusted software instance, eliminating errant firmware updates or dormant malware in the process.
smartDefense detection and recovery capabilities leverage Nebulon TripLine and Nebulon TimeJump. TimeJump can rapidly recover operating systems, application configurations, and data, reducing recovery time from days to less than 4 minutes for multiple clusters simultaneously. With the addition of TripLine to the smartDefense solution, customers can precisely identify the point of attack within their infrastructure and revert to a secure state using TimeJump, resulting in a significant reduction in overall threat response and recovery time.