Feature Spotlight: AI-Powered Backup Anomaly Detection

The rise of ransomware, cloud computing, and the proliferation of data across ever-expanding IT infrastructure have introduced a vast array of potential failures and cyberthreats that can jeopardize data protection success and bring extensive losses. Case in point: a 2024 ransomware attack against UnitedHealth Group caused more than 9 months of business disruption and an estimated $2.87B in losses for UHG in 2024 alone.

In this feature spotlight, we’ll demonstrate how Bocada Enterprise can help you identify, investigate, and remediate backup anomalies that threaten your cyber resilience.

Early Ransomware Detection

96% of ransomware attacks in 2024 targeted backup repositories according to Sophos’ The State of Ransomware 2024, and they often do so before primary systems are targeted, preventing successful recovery from backups. It has therefore become critical for organizations to monitor backup anomalies for the early signs of a ransomware attack.

Three components of backup performance that often present anomalies related to ransomware are byte count, job duration, and throughput.

For example, backup byte counts often increase due to encryption overhead (extra metadata), job durations can increase due to extra CPU and memory load from ongoing malicious encryption activity, and throughput can decrease due to extra load on both the network and backup systems.

By monitoring these performance attributes for suspicious patterns, IT operations teams can stay well ahead of catastrophic data loss.

So, how does Bocada’s new AI-powered backup anomaly detection help with this? Let’s dive in.

Backup Anomaly Summary View

Bocada Enterprise now provides a summary view of backup anomalies, giving users a single-pane view of every anomalous backup job in their environment based on byte count, job duration, or throughput. This view can be used as a launch pad for further investigation or simply to understand anomaly incidence at a high level.

The backup anomaly summary view displays anomaly counts by type, per day. Users can click on any graph segment to drill into more detailed anomaly reports.

These anomalies are detected with AI with a configurable confidence threshold to adjust sensitivity, resulting in more or fewer identified anomalies. Configurable report criteria make it easy to filter the data as needed.

Anomaly Details

If a user wishes to investigate specific anomalies to understand whether remediation or incident response actions are required, they can simply click on any segment of the summary graph to drill into any set of anomalies for a closer look.

A detailed table organizes relevant information on the anomalous jobs, while a graph makes it easy to visually identify patterns and/or the magnitude of any anomalies.

The anomaly graph supports easy zooming, making it easy to investigate specific anomalies.

Network Issues, Backup Configuration Issues, Storage Contention & More

Ransomware and cyberthreats aren’t the only issues Bocada’s anomaly detection can help with. By examining the AI-identified anomalies, IT operators can diagnose a multitude of other potential issues affecting backup success throughout their environment.

For example, throughput anomalies could indicate network problems or congestion forcing jobs to take longer than planned and potentially completing outside of backup windows. Sudden variance in byte counts for backups could indicate fast-growing data volumes that may require additional storage media or successful backups that are not recoverable. Job duration anomalies could indicate slow disk read/write speeds or contention on backup and storage systems which might require additional load balancing to ensure proper backup health.

These are just the tip of the iceberg when it comes to potential issues. Having a centralized backup anomaly detection capability makes it much easier for IT teams to identify and remediate abnormal backup performance outside of basic backup success and failure reporting.

Automating Remediation and Beyond

This update represents just the beginning of Bocada’s foray into AI-powered automated anomaly detection and remediation. In the coming months, Bocada will release enhancements to this functionality, including:

• Adding an anomaly feedback mechanism to help improve AI accuracy
• Alerting and incident ticketing automation for anomalies to support remediation
• AI-powered storage forecasting
• Storage utilization anomaly detection

Did You Know: For users interested in ensuring backup-level security against ransomware attacks, Bocada Enterprise also includes immutable backup and encryption reporting.

 Interested in learning more about how to enable proactive cyber resilience with Bocada? Request a demo today.