Detection Types
Threat Detection
Dell Cyber data security identifies and responds to these threat categories. For details on how threat detection works, see the Threat Detection Overview documentation.
| Threat Number | Threat Category | Type | Category | Description |
|---|---|---|---|---|
| TD1 | Data Creation and Deletion | Ransomware | Data Encryption and Manipulation | Creation of new encrypted data while removing original data |
| TD2 | Data Encryption | Ransomware | Data Encryption and Manipulation | Creation of new encrypted data with specific extension while removing original data |
| TD3 | Data Renaming | Ransomware | Data Encryption and Manipulation | Reading data followed by bulk file renaming |
| TD6 | Security Guard Simulated Attack | System | System Functions | Automated self-test that simulates an attack to verify system functionality |
| TD7 | Suspicious Extension | Ransomware | Suspicious Activities | File operations with extensions associated with ransomware (.blacksuit, .locky, .zzz) |
| TD9 | Mass Delete | Data Loss | Destructive Actions | Multiple files or objects deleted from a single location |
| TD10 | Data Loss Prevention | Data Theft | Suspicious Activities | Exceeded access threshold for Data Loss Prevention triggers |
| TD11 | Honeypot Activity | Suspicious | Suspicious Activities | Interaction with honeypot files serving as tripwires across the file system |
| TD12 | Data Overwrite | Ransomware | Data Encryption and Manipulation | Reading data followed by bulk overwriting of the same files |
| TD13 | Multi-Extension File Modification | Ransomware | Data Encryption and Manipulation | Reading data followed by renaming files to multiple different extensions |
| TD14 | Data Encryption | Ransomware | Data Encryption and Manipulation | Activity matching known encryption patterns resulting in new encrypted data |
| TD15 | Data Overwrite | Ransomware | Data Encryption and Manipulation | Reading data followed by overwriting the same objects |
| TD16 | Encryption Key Change | Ransomware | Data Encryption and Manipulation | Copying data with a new encryption key |
| TD17 | Data Encryption | Ransomware | Data Encryption and Manipulation | Copying/uploading encrypted objects then deleting previous versions |
| TD18 | Data Deletion | Data Loss | Destructive Actions | Bulk deletion of objects or buckets |