Cobalt Iron has received a European patent for its Cyber Event Responsiveness. The company says that Patent no 3683705 focuses on techniques to improve monitoring, detection, impact analysis and automated reconfiguration of IT infrastructure and operations when cyber threats arise.
The features will all be included in the Cobalt Iron Compass, enterprise SaaS backup platform. Adding them to the existing platform makes them immediately available to existing customers.
James Kost, Director of Systems Engineering at Cobalt Iron said, “Detecting cyber attacks, determining the scope of impact, and taking proper remediation actions are all critical aspects of a cyber security game plan.
“This patent introduces cyber event analytics that provide insights into an attack. It also introduces automated remediation operations to limit the impact of an attack and further secure data.
“Cobalt Iron is focused on protecting and securing business data, so we continue to innovate in the areas of ransomware analytics and automated IT infrastructure optimizations.”
What does the patent cover?
The details of the patent, which runs to 38 pages and includes diagrams, are interesting. It suggests that the first instance of the product in Cobalt Iron Compass is just the starting point for several generations of the product. In the press release, Cobalt Iron acknowledges this with the statement “When the techniques are fully implemented into Compass…”
To understand the patent, the best place to start is to look at the diagrams describing what different elements of the patent will deliver. Figure 1, for example, gives a good idea of how the Adaptive Data Protection (ADP) Analytics Engine and ADP Accelerator will work. It shows the existence of an ADP RESTful API. This not only allows Cobalt Iron to add future components but also enables it to integrate with products from other vendors.
The detail in Figure 4 takes this further. It shows connections to generic storage, cloud services and network devices. It also gives a brief explanation of how the ADP Analytics Director Module will orchestrate the services. Further figures go into more detail about the role of the ADP Analytics Director Module.
Importantly, it is figures 9-13 that show just how Cobalt Iron will detect and remediate a cyberattack before it can wreak havoc.
For anyone interested in more details, there are links from the figures to parts of the patent where the details are explained.
What is Cobalt Iron saying it will implement in Compass?
Cobalt Iron has listed a number of features that Compass will gain as it works through implementing the patent. It is likely that this set of features will be added to as Cobalt Iron looks to exploit the patent fully.
The features that Cobalt Iron has committed to are:
- Determine the interdependencies between various hardware devices of the environment and directories, files, databases, and data.
- Continually monitor metrics, events, and conditions for indications of a cyber attack in the network.
- Analyze metrics, events, conditions, and configurations to identify hardware devices and data that may be impacted by or vulnerable to a cyber attack.
- Automatically create an audit report of impacted hardware devices and data.
- Automatically initiate remediation operations for impacted or vulnerable devices and data. Remediation operations may include things such as:
- Restricting access to impacted or vulnerable devices and data.
- Initiating data replication of a previous clean backup version of the data to an off-site location.
- Initiating recovery and validation of affected data to a safe storage location.
Enterprise Times: What does this mean?
Most vendors’ products focus on stopping or remediating cyberattacks. Cobalt Iron is no different in that respect. What is different is this patent and how it intends to implement it across its Compass enterprise SaaS platform. Importantly, the patent shows how the product will work, something that will allow IT departments to assess it before they buy it.
Another key part of this is that the company is using the phrase Cyber Event Responsiveness. It is not claiming that it will prevent all attacks, but it is delivering a detection and remediation solution. That is critical for many organisations. They often find themselves doing a large-scale restoration of systems in the hope that they have purged an attack. Here, they will be able to see what happened, why, where and from there, they can react.
It will be interesting to see how those organisations that invest in cyber forensic teams see the patent. Will they see it as delivering something they can use? Will they look to take advantage of the ADP RESTful API and integrate it with their tools?
The same question can be asked of Managed Security Service Providers (MSSPs). Will they take Compass and integrate it with their existing tools? Indeed, how many MSSPs will see this as a solution that they can deploy to protect customers from attack?
