IBM Storage Sentinel anomaly scan software overview

IBM® Storage Sentinel anomaly scan software solution facilitates an end-to-end automated cyber resilience workflow that is designed to help protect copies of data, detect malicious code attacks, and enable accelerated and automated recovery of data from clean copies with IBM FlashSystem® family and SAN Volume Controller (SVC) storage.

IBM Storage Sentinel combines an IBM Storage Copy Data Management with an anomaly scan software to coordinate file & database corruption scanning with snapshot management and recovery orchestration.

IBM Storage Copy Data Management can take application-aware, immutable snapshots, commonly known as Safeguarded Copy, in IBM FlashSystems and SAN Volume Controller (SVC) storage starting with version 2.2.16.

The anomaly scan software with IBM Storage Copy Data Management and an anomaly scan engine provides scanning for corruption due to malicious code and cataloging for immutable snapshots in primary storage, enabling clients to automate recovery after an event.

Real-time cyber protection solutions are designed to protect from an attack. However, these solutions are not 100% effective and corporate data is corrupted daily. Anomaly scan software adds a layer of protection to these real time solutions and finds corruption that occurs when an attack has successfully penetrated the data center. Anomaly scan software enables early detection of issues so that IBM Storage Copy Data Management can coordinate fast application recovery, minimizing business interruption.

Anomaly scan software identifies files corrupted by malicious code using a set of statistics about files on the host being analyzed with a Machine Learning Model (MLM) trained using real world malicious codes to identify if a host was attacked by malicious code. In addition to identifying malicious code attacks, anomaly scan software checks the integrity of databases to detect corruption of the internal database data. The databases could be corrupted by an attacker, logical or physical data corruption or damage at the disk/volume level, or as a flaw in the process in the creation of a snapshot or backup of the database.

The anomaly scan software examines existing database pages and allocation tables if they exist to ensure that all the allocated database pages are present and located in their correct position. In cases where some type of page data signature is available and/or enabled by the database administrator, such as a checksum or CRC, anomaly scan software recalculates the signature based on the current page contents and verifies it against the value found in the page header. Other ancillary fields are also verified within each page depending upon the database application. The anomaly scan software Machine Learning Model (MLM) has been designed to tolerate a small amount of database corruption that is commonly observed in production database systems to avoid excessive false-positive alerts.

In addition to the anomaly scan software information that is available in IBM Documentation, other information that you might find helpful can be obtained through IBM Storage Sentinel Support.