Computation of entropy and file attributes in NetBackup
NetBackup 10.3 and later clients compute an additional risk signal in-line, called entropy. It improves the quality of detected anomalies. Entropy is a measure of randomness of file contents. Threat vectors that encrypt files tend to abruptly change the entropy. The entropy metric is used with the anomaly detection in Cohesity Alta View to help you detect such potential malicious activity. When this indicates anomaly activities, it is recommended to check the system for potential malicious actors and not to use those images as a recovery point if suspicious activities are found.
NetBackup 10.4 and later servers run a real-time, in-line ransomware detection process (nbinlinerwdetect) that analyzes the entropy and the following file attributes, and detects anomalies:
File size
File extension
File permission
File access time
File modified time
File change time
Use the COMPUTE_IMAGE_ENTROPY option in NetBackup to enable computation of entropy and file attributes in NetBackup that enhances cyber resiliency in the NetBackup - Cohesity Alta™ View environment.
See COMPUTE_IMAGE_ENTROPY for NetBackup primary servers.
See the Cohesity Alta View Help to learn more about entropy score and how to view it in the Cohesity Alta View UI. Entropy score helps you identify potential anomalies in your NetBackup - Cohesity Alta View environment.
Computation of entropy and file attributes can be disabled for specific NetBackup clients.
See Disable backup anomaly detection and computation of entropy and file attributes for a client.