CTERA’s latest software claims to be able to detect ransomware attacks against the file system as they happen and stop them in their tracks.
The idea is to monitor write activity in CTERA’s global file system using ML models to detect anomalous behavior, such as a spike in encrypted writes. CTERA uses its global filesystem to provide file access to distributed users using edge filers (or caches). As the edge users create new files and versions of files, these are synced to the global file system. CTERA’s software creates read-only snapshots of the files every 5 minutes and retains them in read-only form for a policy-set retention period.