Opti9 Observr Verified By CyPROS to help Prevent Ransomware Attacks

July 26, 2023 | By Ryan Felkel

Garden City, New York – July 26, 2023 – Opti9, a leading hybrid cloud solutions provider, announces the results of its cybersecurity validation assessment, conducted by CyPROS, a leading provider of penetration testing, and threat protection services. Opti9 engaged CyPROS to substantiate the effectiveness of their Observr product, a SaaS tool which detects the presence of attackers within organizations’ backup environments, helping to prevent an attack before it starts. CyPROS findings confirm the effectiveness of Observr, provided suggestions for how it can be effectively implemented by organizations to help detect & prevent attacks, and recommended feature enhancements for future versions.

“Our detailed examination and testing confirmed the efficacy of Observr in detecting unusual activities within backup and replication environments,” shared Guy Mizrahi, CEO of CyPROS. “The tool’s capabilities to monitor and identify threat indicators can significantly reduce an organization’s risk of falling victim to ransomware. Observr represents a substantial step forward in backup security and is a critical component of a holistic enterprise security strategy.

According to the 2023 Global Report on Ransomware Trends, 93% of ransomware attacks specifically target backup data and infrastructure to destroy any possible recovery capabilities before initiating the attack, increasing the likelihood of securing a ransom payment. Observr by Opti9 is an anomaly detection service that seamlessly integrates with Veeam, the #1 Data Replication and Protection Software Worldwide, and was built to address this and other threats. Observr utilizes machine learning to baseline, monitor, and identify suspicious activity within the backup infrastructure. In doing so, Observr can detect the presence of an attacker within the backup infrastructure attempting to modify and destroy recovery options, helping organizations stop an attack before it starts.

The results of the validation assessment conducted by CyPROS are published in a report titled, “Thwart Cyberthreats: Evaluation Report of the Opti9 Observr.” The report summarizes its findings and recommendations from multiple scenarios conducted in January and February 2023. During that period, CyPROS’ team of elite white hat hackers mimicked attack workflows and techniques known to be employed by bad actors. The test scenario included common deployments of Veeam Backup & Replication™ software typical of enterprise environments. Among other things, CyPROS confirmed that in-line change-rate based detection, such as those being added to some backup products, is ineffective at identifying a ransomware in progress. Furthermore, it is a reactive alarm, only notifying an organization after their systems have started to be infected. Instead, focusing on the backup control-plane is a far more effective means to detect activities that typically precede the attack.

“Backup environments themselves are a new attack surface under the microscope of nefarious actors. Organizations have a false sense of security related to their ability to recover from Ransomware and other attacks,” said Sagi Brody, CTO of Opti9. “By focusing on this exposure point, and providing threat detection capabilities that can be ingested by common SIEM & MDR platforms, Observr bridges the gap between BCDR and security teams, yielding higher levels of resilience.”

CyPROS’ report identifies Opti9’s Observr as the only product on the market that they know of, that specifically focuses on the backup environment itself, an emerging attack vector. CyPROS confirmed functionality of Observr’s threat detection capabilities, including suspicious deletion events, job modification, retention modifications, job deletion, and many others. Additionally, CyPROS provided Opti9 with a list of additional activities to monitor as part of its threat detection engine to provide additional granularity. These enhancements and others are slated to be released as part of Observr v1.1, later this year.

To learn more about the Opti9 Observr platform, click here.  To download the CyPROS report, recommending the Observr solution for global enterprise businesses, here.

About Opti9:

Opti9 is a hybrid cloud solutions provider with offices in Garden City, NY, Omaha, NE, Overland Park, KS, and St. Louis, MO, and data centers in North America, Europe and the APAC region. The company is an AWS Advanced Consulting Partner and Platinum Veeam® Cloud & Service Provider (VCSP) partner, along with several other key partnerships and certifications. Opti9 specializes in managed cloud services, application development and modernization, backup and disaster recovery, security, and compliance. With its business-first focus, Opti9 blends experience with innovation and new solutions to deliver on its “Right Workload, Right Cloud, Right Time” approach. To learn more about our services, and visit our website: https://opti9tech.com/

About CyPROS:
CyPROS is a cyber security services and consulting provider located in Holon, Israel.

Founded on our team’s vast experience in the Cyber domain, worldwide projects and services – we provide executive leadership and security engineering expertise to organizations of all sizes utilizing the team’s professional broad perspective.

Our team of security experts deliver security, risk, and compliance programs from startups to Fortune 100 companies. CyPROS’ services include consulting, penetration testing, incident response, virtual CISO (VCISO \ CISOaaS), managed threat detection and response, compliance assessment services and specially tailored cyber services according to the specific client’s needs.