Security Guard
Introduction
The Security Guard feature is an automated self-test tool designed to simulate a ransomware attack on a cluster to validate that all security components are functioning correctly. It ensures that Ransomware Defender is effectively monitoring, detecting, and responding to suspicious user behavior and potential ransomware threats.
By running a simulated attack, Security Guard checks if your environment is ready to handle real ransomware incidents by validating the proper alerting, monitoring, and session lockout functionalities. This simulation provides administrators with the highest level of confidence that the Data Security Edition is actively protecting your data in the event of a malicious attack.
The system can run these simulations on a scheduled basis, typically once a day, or they can be initiated manually on-demand.
What's involved in the Simulated Attack?
During the simulated attack, the Security Guard:
-
Creates a secured share for the service account automatically.
- Share name:
igls-securityguard
(Isilon). - ECS Bucket name:
igls-security-guard-bucket
(ECS).
- Share name:
-
Removes old files from the previous execution.
-
Generates test files with a specific extension to trigger a simulated attack response from the Ransomware Defender Clustered agent.
-
Verifies user lockout by checking if files cannot be written to the share.
-
Checks to create that a RSW event was raised in Eyeglass.
-
Initiates user recovery and confirms that access to the share is restored.
-
Tracks and reports success or failure at each step of the process.
-
Emails the results to the administrator automatically.