Advanced Behavioral Analytics and Two-tiered Architecture Address the Ransomware Blind Spot in Legacy File Systems
News Summary:
- New AI-powered threat detection and mitigation capabilities for CloudFS are designed to proactively stop ransomware and data exfiltration. The platform learns normal user behavior to identify and neutralize threats in real time, moving beyond traditional reactive security models.
- The new Threat Control feature set uses a unique two-tiered architecture that analyzes file activity without impacting performance. It automates responses to threats, such as disabling compromised accounts, which can cut manual intervention and prevent attacks from escalating.
- The CloudFS update also deepens data security by providing behavioral fingerprinting for each user and detecting anomalies like mass deletions or unusual file access. It enhances CloudFS core benefits like immutability and global deduplication for significant TCO infrastructure savings.
SAN FRANCISCO – August 27, 2025 – Panzura has announced new artificial intelligence (AI)-powered threat detection and mitigation capabilities for the CloudFS hybrid cloud file platform, targeting a critical vulnerability in enterprise data security.
File systems typically represent a security blind spot with 91% of ransomware attacks now involving data theft, costing an average of $5.21 million per incident and dragging on for an average of 291 days. Current security approaches that only scan for known malicious signatures create an inherently reactive defense, leaving organizations perpetually vulnerable to evolving attack vectors and allowing attackers to damage critical business systems before detection.
In response to this challenge, CloudFS has introduces a new Threat Control feature set, powered by advanced machine learning (ML) analytics and a unique, patent-pending two-tiered architecture, that eliminates the compromise between early threat detection and file performance impact. This enhancement transforms passive file infrastructure into an intelligent security layer that proactively stops ransomware and data exfiltration before attackers can gain a foothold, fundamentally shifting cybersecurity from reactive to predictive.
The platform learns how users normally interact with files and detects subtle deviations in real time, enabling threat detection and neutralization at the earliest possible stage. This approach can identify and contain threats at the infrastructure level, often before an incident becomes a business disruption, leveling the playing field for IT teams and putting competitive pressure back on attackers.
“Data security is no longer a technical checkbox – it’s the core of business resilience. With continued innovations like advanced Threat Control for CloudFS, our customers can focus on what they do best, confident their file data is truly secure,” said Dan Waldschmidt, CEO, Panzura.
Unlike competitive offerings, Threat Control in CloudFS monitors file activity without resource-intensive client-side scanning, preserving performance and privacy while delivering a truly proactive security model. These capabilities introduce behavioral fingerprinting and workflow awareness that transform the file system into a source of active security intelligence, unlocking not just file data protection but potentially also operational insights and productivity gains – a preview of future AI-driven cyber storage capabilities.
A New Standard for File Data Protection
The new CloudFS capabilities create a comprehensive profile of each user’s typical file activities – how they read, write, create, and access data. This is a behavioral baseline for the individual user and the organization. When user activity suddenly changes, such as mass file downloads, deletions, or unusual access times, the system immediately flags potential threats, acting as an early warning system for IT infrastructure.
This dramatically cuts investigation time and associated costs. It means technologists can potentially stop an attack in its tracks rather than watching it cascade across a network to compromise servers, encrypt databases, or infiltrate other critical systems.
Building on the platform’s industry-leading data protection, resilience, and recovery capabilities, the expanded feature set delivers what security experts call “defense in depth.” This layered approach ensures attackers must defeat multiple different protection mechanisms to cause lasting damage. The CloudFS immutable architecture guarantees that even if a threat bypasses detection, attackers cannot destroy recovery points, which eliminates slow backup dependency.
“Most solutions focus on recovery after the damage is done – but breaches don’t just corrupt files, they disrupt entire business operations. CloudFS ensures file data remains trustworthy, accessible, and secure as vulnerabilities evolve so you can move faster than the threats themselves,” said Sundar Kanthadai, Chief Technology Officer, Panzura.
Advanced Behavioral Threat Control
CloudFS Threat Control expands the platform’s existing layered security by using ML-powered anomaly detection to instantly identify and alert teams regarding data exfiltration, data destruction, mass deletions, and other unusual behaviors including bulk file creation or erratic access patterns. It continuously monitors user activity and creates a unique behavioral signature for each user within the CloudFS environment.
Initial user profiles are compiled by analyzing current CloudFS audit logs, requiring minimal user activity to form a baseline. These profiles are continuously refined using a rolling 90-day window, ensuring the system adapts to legitimate baseline changes in user behavior – such as different job responsibilities or new project assignments – without requiring manual input.
This addresses the critical and pervasive gap facing storage administrators and security teams, who are drowning in alert fatigue. It’s a “zero-touch” approach that maximizes operational efficiency and reduces false positives, a common pain point with traditional, rules-based systems.
CloudFS now delivers precise alerts on these expanded anomaly detection categories:
- Data Exfiltration: The platform instantly detects when large volumes of data are copied or moved out of the system in patterns unusual for the users. This is critical given that 46% of breaches involve Personally Identifiable Information (PII).
- Data Destruction: ML-powered pattern recognition pinpoints suspicious behavior, particularly mass deletions inconsistent with normal file handling. This often signals active attacks and can be seen following data exfiltration.
- Unusual Behavior: Detection of outlier events such as bulk file creation, abnormal permissions changes, and unusual file access patterns, providing coverage that goes beyond known attack vectors.
Securing Data without Compromising Performance
The core of the Threat Control innovation lies in a unique two-tiered architecture that secures data without a heavy client-side footprint. The system is comprised of two components. A centralized cloud-security management system performs initial monitoring using metadata as well as audit logs. This offloads the computational burden where other solutions often degrade performance.
A lightweight agent in the CloudFS node remains dormant until the security management system flags a potential threat, at which time detailed inspection of the actual file content takes place. This local inspection is key to both preserving data confidentiality and maintaining performance, as sensitive file data never leaves the client environment and the system avoids constant, heavy-duty scanning
Tiered automated response cuts manual intervention by up to 80%, allowing the platform to instantly log anomalies, notify admins, and for high-severity threats, disable compromised accounts. This eliminates the human delay factor that can cost millions.
Beyond security, CloudFS continues to deliver significant total cost of ownership (TCO) reductions. By consolidating disparate file management functions into a single platform, it reduces data and infrastructure sprawl and associated licensing costs. Its unique global file system architecture means IT teams can manage a single, authoritative data set across the entire organization, eliminating expensive, redundant local storage, and complex backup strategies.
While competitors highlight ‘chunky’ deduplication and compression, CloudFS performs this at granular block-level before data is synced to the object store, reducing storage requirements by 35% to 80%. This directly translates to lower cloud storage costs, reduced energy consumption, and a smaller data footprint. CloudFS empowers technologists – especially those in regulated industries or managing sensitive information – to protect intellectual property, stay compliant, and keep attackers out.
Existing Panzura CloudFS customers with Detect and Rescue, now renamed to Threat Control, will be upgraded to the enhanced capabilities at no additional cost and without requiring any action on their part including infrastructure changes or system downtime. If you’re exploring your file management options, schedule a demo with a Panzura expert.
About Panzura
Panzura empowers modern enterprises to unlock the full potential of their unstructured data, aligning it with strategic business goals. Our solutions ensure data visibility, accessibility, and control, seamlessly preparing organizations for a digitally transformed, AI-driven future. With Panzura, organizations can enhance data resilience, optimize costs, and deliver data instantly to users and processes – anywhere, anytime. Discover how Panzura can drive your success at panzura.com.
Panzura is a trademark or registered trademark of Panzura LLC in the U.S. and/or other countries. All other trademarks, registered trademarks and/or logos are the property of their respective owners.