Intro

Since version 4.8.1, Catalogic DPX bundles the Catalogic GuardMode, which provides early detection of ransomware or data-related anomalies before you back up your data.

Integrated Ransomware Detection and Recovery

GuardMode Agent analyzes file system events to find anomalies in access patterns.

GuardMode Agent monitors filesystem activity for:

• Ransomware-specific patterns and extensions

• Processes that are consistently altering data on the system for longer periods

• Rapid file renames and modifications

• Attempts to modify decoy files

• Files with high entropy and unreadable metadata

GuardMode ransomware protection for backups is complementary to the endpoint and edge protection, monitoring file shares and system behavior, even over the network, instead of relying on a specific binary fingerprint. GuardMode maintains and regularly updates over 5000 known ransomware threat patterns, and assesses affected files.

While ransomware detection solutions are mostly built for security teams, GuardMode is designed with the backup administrator and your backup solution in mind, with easy-to-configure detection mechanisms, and the ability to guide administrators through recovering the affected data.