In this video, we'll provide a brief overview of anomaly detection feature in Dell PowerProtect Data Manager and Data Manager Appliance. Anomaly detection with PowerProtect Data Manager provides a robust layer of security by offering early detection of anomalies from every backup. This means one can gain immediate insights into potential security threats, allowing issues to be addressed proactively.
Now, how does it achieve this? The software uses proactive machine learning to continuously analyze patterns within the backup data environment. This helps identify suspicious activity as it arises, securing the IT environment from threats before they have the chance to escalate. One significant advantage is the lightweight nature of its detection process. It operates seamlessly within the existing infrastructure of PowerProtect Data Manager. This ensures on-remise detection is both efficient and resource conscious allowing optimal system performance. Additionally, the comprehensive evaluation ensures the integrity of the backup data. By identifying anomalies quickly, PowerProtect Data Manager empowers you to act before challenges become significant issues. Anomaly detection enhances the security and integrity of the data environment with PowerProtect Data Manager by leveraging advanced machine learning.
Anomaly detection offers proactive security that identifies cyber threats in the protection backup environment. This capability ensures early threat detection by scanning metadata after backup completion to provide immediate insights into potential risks without any additional licensing cost. Here is how it works. It uses detection techniques such as pattern matching, which leverages Dell's extensive library to recognize known ransomware indicators. This method scans backup metadata to identify suspicious file names, paths, and extensions, prioritizing alerts based on severity. Next is behavior analysis. This takes a closer look at the backup file metadata, evaluating details like name, modified time, and created time. By applying a time series model with moving averages, this approach helps detect anomalies that might signify a ransomware attack, even those not covered by pattern matching.
The next technique is system configuration analysis. It scans system settings during the backup process to pinpoint vulnerabilities that could be exploited. It currently supports Windows systems, checking for common issues and identifying known configuration weaknesses along with specific ransomware related settings to enhance overall security. These techniques provide fast detection and enable immediate responses allowing organizations to address threats before they escalate. PowerProtect Data Manager is therefore empowered to protect valuable data seamlessly, fostering a resilient and secure business environment.
PowerProtect Data Manager and Data Manager Appliance turns every backup into a live cyber signal with anomaly detection instantly spotting unusual changes or suspicious patterns. Clear dashboards highlight what needs attention fast. With the new centralized view in the 20.1 release, you get a complete snapshot of your environment. PowerProtect Data Manager and data manager appliance doesn't just back up data. It helps detect and investigate cyber issues proactively. When an anomaly is triggered, you can go directly to the anomaly detection landing page where anomaly detection appears as its own dedicated section in the left navigation. Across the top you will see three tabs, dashboard, analysis, and settings. These help you understand what is happening, assess the impact, and tune the system based on the environment. The anomaly detection dashboard provides key information at a glance. You can view the total number of impacted copies and see the top anomaly categories such as ransomware, configuration, or behavioral anomalies. You can also identify affected assets and copies.
This dashboard becomes the command center for both operations and security teams during a suspected event, giving them a clear and actionable view to respond quickly and confidently. From here, you can drill down to see the impacted copies under the top anomaly category and move toward actionable analytics by generating and downloading a report. This helps review the impacted data and make informed decisions to either mark the copy as safe or quarantine it. From the asset tab, you can also see the affected assets.
You can review the latest impacted copies of a particular asset and generate or download reports from this view as well. Control and customization are important because every customer environment evolves. So, detection settings need to be tuned accordingly. In the settings of the anomaly detection landing page, you can access anomaly detection rules, a central place to see the total number of rules and anomaly enabled protection policies. When the default rule creation is initiated, all anomaly detection enabled protection policies automatically become part of the default rule. You can create default or custom rules or edit and clone them from this page.
When creating a custom rule, you can choose which policies should be moved to it. You can modify detection mechanisms, tune file patterns to include or exclude, and adjust system configurations. You can also set quiet mode by choosing a duration to suppress alerts. Quiet mode is useful during planned maintenance or major changes, helping reduce alert noise while still maintaining control. Start and end dates are configurable, making it easy to schedule around migrations or patch weekends. In quiet mode, anomalies are still tracked and reports are available, but alerts are suppressed. After creating a custom rule, you can see how many protection policies have moved from the default rule to the custom rule. Default and custom rules can be modified or cloned, but only custom rules can be removed. When a custom rule is deleted, its associated policies automatically return to the default rule. These parameters can also be tuned at the asset level. You can select an asset, click on configure exclusions, and choose a rule or create an asset specific exclusion list. You can then configure detection mechanisms, sensitivity, file patterns, and system configuration specific to that asset.
Overall, these capabilities make anomaly detection more configurable, predictable, and operationally aligned. Another way to navigate to the anomaly detection page is through the main dashboard. When a protection job completes and an anomaly is triggered, it appears in the anomaly alerts widget. From here, you can view alerts of different severities. By drilling down into a category, such as critical alerts, you can access the impacted copy from the alert details, which takes you to the anomaly detection landing page.
Here you can analyze the impacted data by generating or downloading a report and then marking the copy as safe or quarantined. You can also restore a copy from the same page. One can also view the impacted assets and tune anomaly detection parameters through the configure exclusions option. Coming to the supported workloads for anomaly detection feature. Until now it supported virtual machines, file system and NAS workloads. Starting with 20.1 release, we'll now support HyperV as well. For that prerequisite will remain the same. The search cluster should be configured and active and indexing must be enabled. While creating the protection policy, we first enable indexing. Only then we can enable the anomaly detection. We can also set the anomaly detection rule for tuning the anomaly detection parameters while creating the policy. Next workload supported in this release is the P store snapshots which deliver integrated resilience across snapshots, backup and storage direct workflows. With anomaly detection now extended to powers store snapshots, PowerProtect Data Manager provides unified and consistent resilience management for both primary and backup data all while reducing tool complexity through a common resilience plane and shared anomaly detection services. Note anomaly detection for powers store snapshots is supported only for PowerProtect data manager.
Anomaly detection on P store block volume snapshot copies allows detection of ransomware patterns behavioral and system configuration anomaly supported scope is listed over here. It does support powers store snapshot copies and fiber channel protocol only at this time. Here are a few of the limitations that needs to be considered while configuring anomaly detection for powers store snapshots. Also, the key prerequisite is to have fiber channel zoning configured between powers store array and the ESXi cluster hosting the search nodes.
The anomaly detection is enabled through policy creation under the options section. We can also select the anomaly detection rule to tune in the parameters for anomaly detection while creating or modifying the policy. So that's how with the anomaly detection feature in PowerProtect Data Manager and Data Manager Appliance, one can have peace of mind knowing that potential threats are addressed before they impact the organization. Overall, anomaly detection enhances the ability to maintain business continuity and secure data from potential breaches or ransomware attacks, empowering resilience and supporting organizational success. Thank you all for watching.
