Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > PowerScale Cyber Protection Suite Reference Architecture > Ransomware Defender vs Easy Auditor
Together, Ransomware Defender and Easy Auditor provide powerful cyber protection. However, it is important to note that each module's cybersecurity features, and coverage areas are unique. The following table summarizes the key attributes of each module.
Ransomware Defender | Easy Auditor |
Real-time per-user behavior-based detection: Displays user, IP, shares, and files affected | Top active users (files created, deleted, renamed, and so on) |
Automated snapshot creation upon initial detection for ground-zero restore point | Least accessed shares by user (Stale permissions report) |
Per user lockout automated response and file system data protection | Share access report |
Cyber recovery manager streamlines recovery from snapshots, automating the process to determine the best available restore point for each file affected | Login reports |
In-Eyeglass alerts plus email, syslog, or webhook forwarding of events to a SIEM (Zero Trust API) tool or slack channel | Helps administrators find who deleted or moved a file |
Honeypot tripwire feature for enhanced protection | Mass Delete feature: Detect, react, and prevent an number of files deleted from a specified folder |
Automated security penetration testing ensures that defenses are fully operational by testing detection and lockout on a scheduled basis | Data Loss Prevention: Detect and prevent bulk data copying of sensitive data |
Access to data itself is not required because Ransomware Defender is not in the client access path | Wiretap feature used to monitor all IO to a path or a user for security monitoring, or excess permissions to a path, share, or export |
Zero Trust API Integration provides:
| Create custom policies that alert when a specific behavior occurs on the filesystem |