Detection Types
Threat Detection
Dell Cyber data security identifies and responds to these threat categories. For details on how threat detection works, see the Threat Detection Overview documentation.
| Threat Category | Type | Category | Description |
|---|---|---|---|
| Data Creation and Deletion | Ransomware | Data Encryption and Manipulation | Creation of new encrypted data while removing original data |
| Data Encryption | Ransomware | Data Encryption and Manipulation | Creation of new encrypted data with specific extension while removing original data |
| Data Renaming | Ransomware | Data Encryption and Manipulation | Reading data followed by bulk file renaming |
| Security Guard Simulated Attack | System | System Functions | Automated self-test that simulates an attack to verify system functionality |
| Suspicious Extension | Ransomware | Suspicious Activities | File operations with extensions associated with ransomware (.blacksuit, .locky, .zzz) |
| Mass Delete | Data Loss | Destructive Actions | Multiple files or objects deleted from a single location |
| Data Loss Prevention | Data Theft | Suspicious Activities | Exceeded access threshold for Data Loss Prevention triggers |
| Honeypot Activity | Suspicious | Suspicious Activities | Interaction with honeypot files serving as tripwires across the file system |
| Data Overwrite | Ransomware | Data Encryption and Manipulation | Reading data followed by bulk overwriting of the same files |
| Multi-Extension File Modification | Ransomware | Data Encryption and Manipulation | Reading data followed by renaming files to multiple different extensions |
| Data Encryption | Ransomware | Data Encryption and Manipulation | Activity matching known encryption patterns resulting in new encrypted data |
| Data Overwrite | Ransomware | Data Encryption and Manipulation | Reading data followed by overwriting the same objects |
| Encryption Key Change | Ransomware | Data Encryption and Manipulation | Copying data with a new encryption key |
| Data Encryption | Ransomware | Data Encryption and Manipulation | Copying/uploading encrypted objects then deleting previous versions |
| Data Deletion | Data Loss | Destructive Actions | Bulk deletion of objects or buckets |