Transcript
Hi Mike Matchett with Small World Big Data and we are here today talking about cyber security and how to protect all your devices, servers, and even databases from the evil hackers. They're using AI more and more they're getting in. You can't stop 100% of every attack, and it's unrealistic to think you can. But what do you do to recover? And we're going to talk about recovery today with NeuShield . And just hang on a second and we'll bring on Alicia our our expert today. Hey, welcome to our show. Alicia. Um, how are you doing today? Doing well. Thank you for having me on. All right. Uh, you know, I think people are aware that there's cyber criminals out there, that they're they're attacking them every day. People are. People kind of know what ransomware is. They know they're being attacked every day. Uh, but what's interesting, I think about NeuShield is that you're not talking about backup, and you're not talking about being a security provider to stop the attacks. We want to talk about where you fit into this landscape and provide something key. So maybe just tell us a little bit about NeuShield and sort of the high level view of what you guys developed and why. Yeah, yeah. So I think let me start out by saying that we really focus on the data. I think that's really where the difference is. We focus on protecting the data and recovering the data, and doing that virtually instantly so that we can recover as much data as the customer needs. And we fit we like to talk about ourselves as fitting in between backup and security. So we fill that niche in between that, where there's gaps in backup and there's gaps in security products. And we we cover those gaps. All right. But you know, I've talked to a lot of companies on both sides of that spectrum. And they all are talking about including features from the other side to try to cover that gap as well. So if I talk to security providers, they're starting to dabble in doing backup, and if I talk to backup providers, they're starting to talk a little bit about how do we check for ransomware. And the intrusion shows up. So is that market evolving or you know, what's happening there? Yeah, we've seen that to quite a few of the security products are adding backup. Now, what's interesting is the reason they're adding backup. They're not adding backup because they want to get into a NeuShield . They're adding backup because they see that security isn't covering the isn't covering them fully. Right. They're not able to detect the threats. The threats are coming. You know, uh, they're not able to detect it at all or the threats are not detected for a while. That gives time for your data to be ransomed, either stolen or encrypted. And so they add backup. But the problem is that the backup vendors have an issue also, which is recovery time, right? Or their backups get damaged. And so what happens is that when back when security products add backup. It has the same limitations so that the backup companies have. And so if you look at the backup companies, they see that there's a problem because it's taking too long to recover from ransomware. So what are they doing. They're adding security into their product to solve their problem. So each of them in their own fields have their issues, and they're all they're trying to add the other solution in to solve the issues, not realizing that that layer has issues too. All right. So so backups got some gaps. Security products. You know, Sentinel one and the rest of them, they have some gaps when it comes to what they're doing. And they want to cover those up. Paper those over I guess you'd say. Uh, but uh, you know, my understanding of what you guys are doing, it's, you know, it's not security and it's not backup, per se. It's really about recovery. So, so, so how do you how do you how do you separate that out and say, like what we specialize in is in recovery. Yeah. Yeah. Yeah. So really we we thought about this and the ransomware really changes the game because with other types of threats, when you get hit, you can just, you know, remove it at some point in time, even if a day later. But with ransomware, your data is encrypted and recovering takes a very long amount of time. And so with our product, we really focus on that instant recovery. What we do is we lock the data down. We put actually an overlay on top of the data. You can think about it like a pane of glass on an overlay. And all the changes go there. And since the changes are isolated, it makes it very easy to then see the changes and delete the changes that you don't want. For whatever reason, you don't want it. All right. So this is running. This is something you're running on your PC your or your server in the data center. That's really you know, I, I tend to try to use old school words like versioning and archiving, but you're really you're really saying we're going to sit in the middle a little bit. And if you're something's trying to write to our file systems, we're going to put panes of glass, as you're saying, in front of them and and preserve those rights. So at some point, kind of like a snapshot recovery or whatever, I can roll back to my earlier perspective. Is that kind of what what's going on? Exactly. And, you know, in a sense, you can think about it like VMware snapshots on a physical machine, done file by file on a file by file basis. All right. So so bring bring bring those concepts to the file world is really what we're saying where we're bringing snapshots incremental incremental recovery. Like an undo. Yeah. Like an undo button for your hard drive. Oh yeah. Control Z except about about about at the hard drive level, which is kind of cool. Um, I know we don't have time to get into all the technical details, but just a little bit. How are you doing that? I mean, I mean, that seems like a big task. I mean, are you are you rewriting the file system? Do I have to deploy the NeuShield file system to make this work? Yeah. So we've worked. No. So we are using the standard file system, Microsoft Windows, NTFS. We've worked very closely with Microsoft on this, and our security is located inside the NTFS so that we're not hooking into the OS. You know, we actually the OS knows about us and which files we are protecting. And the security is done there. And then it redirects the file to NeuShield . And then NeuShield takes over after that. And we can do all of our magic with our overlay and so forth. Does this is this interrupt any of the security work or the backup work or the other products that might be involved? No, no. So, you know, just like if you put a pane of glass on top of a whiteboard and you start drawing on it, you if the pane of glass is very thin, you may not even know there's a pane of glass there. And you continue doing your work. Every other application, whether it's your backup application, your security applications, your, you know, desktop applications, your server applications, they're not even going to know we're there. We do all this work under the covers, so to speak, inside the NTFS kernel so that it's transparent to all these other applications. Right. So so if I'm thinking three dimensionally, you know, your x axis is back up and your y axis is your security firewalls and all the rest of the stuff. And you guys are really the Z axis poking up. So you don't you can move in that direction and not really interfere. What's happening? Yeah, that's a good way of thinking about it. It's a mathematical approach anyway. Uh, which is pretty cool. So, uh, you know, recovery. Recovery is an issue. I just want to touch on that just briefly. Uh, for a lot of people who spend a lot of time doing backups, for example, and then they think that I've got I've got recovery in hand because I have this great backup paradigm. I even test my backup, my recovery at times. Uh, why what would you what would you argue, uh, that that's not sufficient. How would you say, like, no matter how good your backup system is. Yeah. You're not going to be able to recover adequately. Yeah. You know, first of all, I say it's good to have a backup and it's good they test it because those are important things. We see a lot of companies don't do that. They think they're protected. They just back up and they and they are not actually. But the issue though really comes about the recovery time. When you're hit with ransomware, the attacks are usually much worse than you anticipate, and they're much worse than you've tested for. A lot of times, you see every device in your corporation may get hit by ransomware, your servers, your desktops, and you don't have security staff. You don't have networking bandwidth. Maybe your backups got damaged, too. If you have offline, off site, or offline backups, you know it takes time to recover from those. You know, the average amount of time is is almost a month to get back when your company has been fully hit by ransomware, and that's where NeuShield comes in. We can get you back up the same day. Because it's like a local. It's a local kind of recovery where you just are reverting the machine back to a known good state and not really recovering from a tape or an offline thing and rebuilding anything. You're just saying, take away those changes. Give me my machine back the way it was. Yeah, and that's a good point, because a lot of times what we see is the network becomes an issue when you recover, when you're restoring the hundreds or thousands of devices at once, your network becomes the issue. Since we do everything locally on the device, there's no network activity. And we can that, you know, that makes it so you can recover in parallel all of your devices all at the same time. Yeah. And just to be clear to folks, you know, it's not when we said we said files and user data and stuff. It's not it's that and the system files too. So depending on whether you're being hit by an OS malware kind of attack or a user data encryption attack, it's kind of the same principles involved here. Yeah. And that's another good point because we do have a, a feature called One Click Restore that allows us to recover the entire operating system and applications back to a previous point without losing any data. So we don't roll the data back. In that case, we have obviously the mirror shielding that I talked about earlier to roll back, but we can roll back the entire operating system for whatever the case may be, not just for security events. We've seen that in many cases, customers roll back because of a bad Microsoft patch or whatever other reason they want to roll back to. But we can save them money, because a lot of times these events I remember talking to one customer, they said an average IT call took 45 minutes. With NeuShield . It was less than 15 minutes. They saved 30 minutes per call. And what that does is it allows them. In that case, they were a managed service provider MSP. That allowed them then to have more customers with the same amount of staff. Now you could look at the other way around. Nobody likes to lose their job, of course, but you could reduce your staff. If you have a certain number of employees, you could reduce it, or you could move them to other places in the company where they're more useful. Yeah, I mean, staff reassignment efficiency is one thing, but the key thing, I think, is if someone's got user data and they've got an operating system malware, you can recover the operating system without rolling back their user data to two weeks ago, and they've lost two weeks worth of work. Right. So you can you can sort of make those independent judgments and, and do that, which is I think is really key for the way people work today. Um, you know, obviously, you know, there's stuff you can do to lock the device down because you're an endpoint kind of tool. Um, but I just want to ask you one one more thing that was that was interesting. Or maybe a couple two more things here. One is, um, databases, because you don't just have a personal edition, you have a business and data center edition that does something more for databases. And I wonder if you could speak to that a little bit. Yeah. Yeah, yeah. Great question. So we do have three main editions. We have business edition for workstation. We have business edition for server. And then we have that data center edition that you mentioned. Now that's specifically designed to protect, uh, databases. And we install on the database and we lock that database down. And there's three basic features. One is the recovery which recovers the entire database and the application, including transaction files, indexing and everything. And then we also have what we call a database Guardian feature. And that allows us to protect the data itself from being damaged. So if any ransomware tries to modify the database files, we block that. And then the third one is exfiltration protection where we can protect that data, that key data that customers store in their database from being stolen out. And we do that by hiding the database files. So when ransomware gets on that box and tries to search around, it's not even going to find the database files at all to even know those database files on this thing that they need to steal. So my HR, you know, employee payment records and things like that, I can those can be protected even at a security perspective. Even though we're really talking about recovery here, there's a great security advantage and risk reduction in losing corporate IP, which is which is interesting. And finally, you know, I saw something about, um, you know, I buy security tools and some of the things I want to do is have the security tools look for data changes or rate of change, or rate of encryption or encryption algorithms or stuff like that. But you've got something kind of built into what you're doing that can detect that something's changing. Can you describe that data side? Yeah. We call this data driven detection. Now if you look at a lot of products have detection especially the security side has detection and they use signatures or AI or something else to try and detect the threat itself. We've kind of turned that on its head. Again. We're data focused. We look at the data and we understand the structure of the data. Right. If it's a word document, we know how word documents are supposed to be structured. We can tell what they look like. We know PDF files, sound files, graphic files, whatever. They're all in a particular structure. If you save a PDF file, it's in a particular format to allow it to be opened up by other PDF applications. Right. And what we do is since we're monitoring the data and we have our mirror shielding, protecting all that data and storing the changes separately, we can then look at is this a good known file type? And does the structure of the data change in such a way that makes it no longer a good file? Right. It's like that indicates it may have been encrypted because it was a good PDF file, and now it's been set into random data, which is what encryption looks like. I think that happens to my PDF docs, you know, without being hacked. You know, one day there, one day they're good and the next day it looks like no, but I get the point. So you're not actually looking for the content of the data to change. You're not looking for signatures of viruses or malware. You're just saying, is this no longer a PDF? Is this no longer a doc X? Is this no longer what it what it what it said it was? And hey, that's a that's a strong signal that something's bad is probably happening on your system. So I like that. Yeah. And we're doing that by looking at the data. We're not looking at the extension. You know it was a dot PDF and it's a different we're looking at the data itself, the content of the file itself. Yeah. Which is, which is, which is very cool. Um, and I think, you know, I wish more storage oriented companies became a little more data oriented in outlook. And we're doing things like this because every storage array has the data they could be doing anyway. Uh, you know, not to talk about companies like that app and Pure Storage, but, you know, they could learn a lesson here maybe, do you know, get in touch with you guys? Um, I guess that's that's really all the time we have here today. There's a lot more to talk about, though. And even, you know, maybe we could even at some point have you back and do a little demo, uh, because I think this is something that a lot of security people are going to be interested in. Once they understand what you're doing, that there is a third thing and something that actually can give them some instant recovery capability or instant reaction instead of, you know, month of backup recovery. Uh, you know, which, which or infallible security regime where they try to harden their walls and they never get it to 100%. Right. But here's a way to erase mistakes, right? Get the graffiti off the wall with one push of a button. Uh, which I kind of like. So if someone's interested in sort of looking at this more, what would you recommend they do? Or what can you offer them? Yeah. Yeah. So my go go ahead and go to our website at NeuShield .com. That's new. And then shield.com. And on there we have a free trial. You can download a business edition. Try that out. We also have a contact page. You can get in touch with us that way or a partner page if you want to sign up for a partner we have that as well. So definitely check us out at NeuShield .com. And thank you, Mike, very much for having me on this call. No problem. Easy to deploy to SAS operated. So remote remote operation you don't have to be installing your own servers and things for that I understand, which is cool. Uh, thank you so much for being here. Hope to have you back soon. Um, and with that, folks, check it out. There's a free trial, free download Protect Your PCs. Take care.
