Security

Primary Storage Protection Solutions That Thwart Ransomware Attacks | DCN

virtual storage cabinets secured with locks

Ransomware attacks pose a significant threat to primary storage, as they can encrypt and hold data hostage, rendering it inaccessible until a ransom is paid. Regular backups have been the go-to strategy for data restoration to deal with ransomware attacks that break through preventative cyber defenses, allowing for the recovery of primary data from the most recent unaffected backup.

However, a newer option is to use the features built into primary storage arrays to detect and recover from a ransomware attack that damages data.

Related: Data Center Storage Systems Revenue Decline Continues – Omdia

Point-in-time copies or storage snapshots have long been a mainstay of primary storage to create a history of data images for disaster recovery. These enhanced snapshots are now being used to restore data in a fail-safe way in the event of a ransomware attack that corrupts data.

Lines of Defense

The first line of defense in cybersecurity is networking and access controls. However, those in charge of the data center have quickly realized that having up-to-date, ransomware-free, versioned data copies is a crucial fallback for data recovery if frontend defenses are breached.

Related: The Ransomware Crisis Deepens, While Data Recovery Stalls

In addition to protecting data against corruption and accidental loss, storage array snapshots inside primary storage are now playing a crucial role in thwarting malicious activity and recovering data during a data-damaging attack.

Despite claims made by some storage vendors that their array snapshots may be used for ransomware attack data recovery, simple snapshots fall far short of being the complete cybersecurity solutions required to truly secure mission-critical data. In addition, with ransomware data thefts and data ransoming on the rise, stored data should always be encrypted with well-thought-out key management to protect against theft and the threat of exposing company information for ransom. This includes all company secret data, data that contains a competitive advantage, or data that might just be embarrassing if released to the public.

See also  FTC Prepares to Investigate Microsoft’s Cloud Business

Mission-critical data must have at least two immutable copies made by two different backup processes to guarantee that at least one ransomware-protected copy would survive a ransomware assault, given the increased sophistication of cyber-attacks observed by Omdia in 2022.

A layered protection strategy should also be considered to move the recovery closer to the data inside the storage system, allowing for a speedy shutdown in the event of an attack and quick data recovery afterward.

Storage Array Snapshots

Inside a primary storage system is a great place to deploy other important capabilities that can thwart ransomware attacks. The latest storage system software can instantly recognize and respond to abnormally stored system data being written to it. It can then respond to these occurrences with automatic procedures to ensure the stored data is affected as little as possible. Comprehensive solutions can also scan the storage for data protection security gaps and misconfigurations that ransomware software tries to exploit by changing configuration settings to shut down data recovery measures.

Centralized monitoring for and timely notifications of any ransomware activity are essential components of any complete security plan. Since immutable backups remain a crucial component of any layered protection strategy, Omdia advises that storage-level protection be coupled with the broader backup vendor technology to obtain centralized monitoring and possible integrated application recovery management.

Keeping Copies Under Lock and Key

Last year, data centers experienced increasingly sophisticated cyberattacks, so it is now a must-have requirement to have immutable data copies as a fallback against such attacks. Immutably stored data copies cannot be altered by writing to them. They are locked in time and cannot be deleted through typical administrative actions. Thus, they are great for recovering data.

See also  PowerSchool data breach leaks info of students and staff at schools across the US

Omdia analysts have increasingly witnessed companies develop capabilities embedded into primary storage to recover compromised data from immutable copies. These mechanisms often involve snapshots that cannot be altered.

An acceptable initial step for primary storage is simply making array-based immutable recovery copies, especially if an excellent backup procedure intended to guard against ransomware also protects the storage. Beyond that, the following list of key capabilities must be considered to resist ransomware in primary storage completely:

  • Recovery as a feature of storage software: Careful thought should be given to whether the offering provides complete ransomware protection or is merely a checkbox item that is minimally effective when recovering ransomware-attacked data.
  • Immutable volumes and file copies: Two important considerations of snapshot capabilities are how many can be held at one time and how often snapshots can occur.
  • Solution hardening and protected controls: Administrative controls must be secured, and the storage operating software must be updated to the latest versions to neutralize these attackers’ efforts. Requiring two administrator approvals for major configuration modifications and copy deletions is a good idea.
  • Attack detection and its containment: An important feature of a complete ransomware data solution is the proactive detection of ransomware operating on a stored dataset and then taking automated actions to freeze the attack before it does further damage.
  • Centralized detection alerting and status: Monitoring for incidents with immediate alerting and reporting to a centralized dashboard are essential for any ransomware solution.
  • Fail-safe ransomware attack data recovery: Using primary storage snapshots taken in the context of the storage environment is highly helpful for speedy restoration and can be easily verified before use for simpler data recovery.
  • Assisted recovery point selection: Ransomware recovery solutions must assist businesses in recovering with the least amount of damage. Numerous data copies are stored by storage systems, and the best solutions help operators locate the optimal ransomware-free recovery point for each stored data set.
  • Automated and quick data recovery: Given that the recovery time for a complete data center environment can be lengthy, the system should be able to prioritize recoveries of the most crucial systems first and then help guide those recoveries.
See also  U.S. Gives Samsung $6.4 Billion To Build Chip Factories in Texas | DCN

Organizations should always have a strong detection and prevention aspect to their cybersecurity counter-offensive. However, when those security measures eventually fail, guaranteed remediation from an attack is critical for not incurring data loss.

Guaranteed recovery requires organizations to use a layered approach to recover attacked mission-critical data. Array-based solutions for ransomware data recovery are good examples of this layering and provide advantages over just using backups to provide protection.

Storage snapshots have historically been a valuable tool in disaster recovery plans and have been used to successfully recover data from unintentional file deletions. However, simple snapshots are not particularly effective in preventing deliberate attacks on data.

To provide a foolproof ransomware solution, enhanced capabilities added to simple snapshotting are crucial for ransomware recovery features in mission-critical storage.

Originally appeared as a free-to-download analyst’s opinion: Primary storage cyber protection solutions to thwart ransomware from Omdia’s Cloud Storage subscription service. Omdia is an Informa property.

Source link

Contents
Lines of DefenseStorage Array SnapshotsKeeping Copies Under Lock and Key
TAGGED: , , , , , , ,
Share This Article
Previous Article Intro to Quantum Random Number Generators Intro to Quantum Random Number Generators
Next Article Cloudflare discloses breach related to stolen Okta data Cloudflare discloses breach related to stolen Okta data
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Your Trusted Source for Accurate and Timely Updates!

Our commitment to accuracy, impartiality, and delivering breaking news as it happens has earned us the trust of a vast audience. Stay ahead with real-time updates on the latest events, trends.
- Advertisement -
Ad image

Popular Posts

Honeycomb Acquires Grit

Honeycomb, a San Francisco, CA-based supplier of a software program observability platform, acquired Grit, an

The Road Ahead for Digital Infrastructure | Compass Data Centers

Raymond Hawkins, Chief Income Officer at Compass Knowledge Facilities, sits down with Mike Netzer, VP

A metal–air paper battery for wearable devices

Images and a circuit diagram of a SpO2 sensor with out cowl. On the entrance

VAST Data extends global namespace capabilities to Google Cloud

VAST Data, a AI knowledge platform firm, hads made the VAST Data Platform accessible with Google Cloud.By

Torram Raises Strategic Funding from Blockchain Founders Fund

Torram, a Toronto, Canada-based supplier of an infrastructure for DeFi and asset tokenization natively on Bitcoin,