Discover the latest improvements in Anomaly Detection with Dell PowerProtect Data Manager 19.22. This release introduces a dedicated Anomaly Detection page for streamlined ransomware investigation and centralized threat analysis. Learn how to generate reports, quarantine copies, and configure exclusions from one interface. We also cover the new Default Anomaly Detection Rule, enabling global exclusions to reduce false positives across your environment. Watch to see how these features enhance security and simplify management.
Hello and welcome everyone. I'm Sonali from technical marketing engineering team. And in this video we'll talk about the enhancement of Anomaly Detection in Dell PowerProtect Data Manager 19.22 release. So the prerequisites for the Anomaly Detection, in PowerProtect Data Manager remains the same.
That is, the Search Cluster should be configured and active. And indexing must be enabled in protection policy. We continue to support Virtual Machines, File Systems and NAS workload even in this new release. Now let's talk about what's coming up in 19.22 release. So the first thing that we're introducing in this release is the dedicated page for Anomaly Detection, which will be available in the user interface under "Administration" -> "Anomaly detection" as seen over here. Then we are also introducing global exclusions through default anomaly detection rule. This is also available from the same dedicated page under "Settings" tab. Now let's see in detail about each of these enhancements. Starting with the Dedicated Page for Anomaly Detection.
So with Dedicated Page for Anomaly Detection, the ransomware investigation and intelligent threat response are all streamlined with centralized anomaly management. Now we can do the analysis of anomaly by generating and downloading of report and taking the remediation steps such as flagging the copy as verified save or quarantined, or reporting false positives by configuring exclusions from one centralized interface. Now, that would transform the backup environment into security intelligence platform. Now let's see where this dedicated page reside in our PowerProtect Data Manager graphical user interface. So we log in to the PowerProtect Data Manager and we'll go on the "Administration" Anomaly Detection page. Now that's our dedicated, page for anomaly detection where we have the "Analysis" and "Settings" tab. Under "Analysis" we have the "Assets" where we see all the assets where anomaly detection is enabled under the policy. To select an asset, we can click on View Copy to view the copies for that particular asset and we can mark a copy as safe or quarantined depending upon our analysis that we do by generating the report and then downloading it. Here we also see the anomaly severity triggered by each of this copy and the latest copy anomaly severity is what you see even in the asset. So here we are analyzing the report that we have just downloaded. Once it is analyzed we can go back and mark that copy as safe on quarantine. So let's say we mark the copy and we would want to further investigate, we also provide, note when we mark a copy as save for quarantine to all this is recorded under audit. So here we are flagging it as quarantine for further investigation. So we will, make a note of that. And now the same copy can also be restored from the same centralized page. So even the restoration can be done from here. So you would see all that "Restore" wizard remains the same.
All the "Purpose" remain the same. Where you're restoring the restore location, everything remains the same, as seen from the restore pane. So here we will see that we are restoring it to a new VM, which is named as "Restore_VM_Quarantine_Copy" and will provide a note as well that we are doing it, for further investigation. So as of now, we will cancel that restoration. It was just to showcase. And then, we'll proceed to show you that even from the asset level or the asset tab that we have, we can, do the analysis by clicking on the report. A generate or download can be done from here as well. The other thing over here from this page is we can do the filter as well with asset type or with the anomaly severity. All that can be done and applied and we'll see over here. So as of now I have filtered all the VM's assets. And so here what I want to show you is the audit logs.
So everything that we do in our centralized page is also audited and recorded in the audit logs of the PowerProtect Data Manager so that, that we had quarantined a copy it recorded made a note. Now let's see the second enhancement, which is the "Default Anomaly Detection Rule". So by default, anomaly detection rule user will be able to create the default global exclusion policy for anomaly detection across all the assets existing in policy where anomaly detection is enabled. Doing that will reduce the false positives throughout the environment using this policy level exclusions. Now let us take a step back to explain what happens in background when default anomaly detection rule is initiated or created. So what it does in the anomaly detection rule will aggregate all unique patterns and system context detected as anomalies and include them in a single group. And that creates a default Anomaly Detection Global Rule for. Now, that being said, it also provides flexibility for asset level changes. How it does that is, even with default rule, existing users can still add, exclusions at the asset level later if needed. Now let's see, how to create this anomaly detection rule and where it actually resides. So we'll go to the Anomaly Detection dedicated page under "Administration" and "Anomaly Detection". And "Settings" tab is where we'll be able to create our Anomaly Detection Rule. So once we click on it, it will start the initiation process where it will aggregate all the configuration already existing in the asset level. And by doing that, it doesn't mean that we cannot, do exclusion at the asset level.
We can always do that later on in time as required for any asset. We can always go ahead and edit the rule that has been created by modifying. So by default it takes a sensitivity as low. And these are all the unique patterns it has recognized. So if we have to do any changes to that we can do that and modify it as per the requirement of the environment. Let's save that rule. We can also configure this Anomaly Detection from the asset, as we said at a later point for the, exclusions that we have made. So it will give us a pop up whether we want to go for the Anomaly Detection rule or we want to make, specific exclusion for this particular asset.
So as we do the asset specific exclusion, it will start prompting us the same set of exclusions, the system endurance and the file pattern inclusions, and we can do the modification as per that. So it gives us a choice whether we want to go for asset level exclusions or the default rule global exclusions. So everything we do, even in our dedicated page for the default Anomaly Detection rule is recorded in the audit log. So as and when we create the rule or as and when we update or modify the rule, it is all recorded in this audit log. So that is all about the Anomaly Detection Default Rule which is again available on the dedicated page. Thank you all for watching.
