Innovation Insight for Cyberstorage Solutions to Protect Unstructured Data Again

Cyberstorage solutions deliver active technologies to identify, protect, detect, respond and recover from ransomware attacks on unstructured data storage solutions. I&O leaders must evaluate cyberstorage solutions as a new defense mechanism to protect their most critical data.

Overview

Key Findings

·        Most ransomware attacks target unstructured datasets on network shares, making centralized file storage solutions an attractive target for encryption and/or data exfiltration of large amounts of data.

·        Traditional network-attached storage (NAS) systems hosting file shares are not equipped to identify, protect, detect, respond and recover from ransomware or prevent data exfiltration, as they rely on solutions outside of the storage domain.

·        Cyberstorage solutions deliver a variety of capabilities to identify, protect, detect, respond and recover ransomware attacks by analyzing user, admin and data access behavior and detection of anomalies where blocking the active attack is the most important function.

·        Cyberstorage solutions can be delivered natively by (new) storage vendors, or partially as a new set of features by your existing storage vendor or as an external add-on to the existing storage solution.

Benefits and Uses

The primary benefit of cyberstorage solutions is that they can detect and stop ransomware attacks before significant damage is done to the data. Blocking the attack is extremely important because a ransomware attack can encrypt all data and take out important business activities. This will result in significant downtime and require complex forensic analysis and intensive recovery activities to get back to business as usual. In addition, cyberstorage can detect data exfiltration where hackers, having stolen an organization’s data, threaten to publish confidential data if you do not pay the ransom.

From a business perspective, cyberstorage can help the business to:

·        Mitigate interruptions almost immediately.

·        Detect and alert out-of-policy activities before they become liabilities.

·        Offload those enterprises with smaller IT and security organizations.

·        Proactively monitor and detect suspicious behavior from both an administrative and end-user perspective.

·        Provide real-time governance and control from a security and compliance objective.

Risks

Ideally, cyberstorage solutions should be deeply integrated into the unstructured data storage system to provide the highest level of protection. As current cyberstorage capabilities from enterprise storage providers are limited, organizations would be required to change storage systems to other, mostly younger and less well known, companies. Replacing existing storage systems introduces some risks as cyberstorage solutions are relatively new and might have gaps in supporting the typical enterprise data management and storage features.

While new storage vendors might offer very advanced security mechanisms, they are less known for their storage availability, functionality and performance capabilities; whereas existing storage vendors have a long-proven track record. For this reason, organizations have to balance their risk between optimal security functions and rich enterprise data management, or a proven track record of storage functions. Organizations should deeply evaluate the impact of switching, and perform an extensive proof of concept with the new solution.

Switching unstructured data storage vendors can also be a challenging exercise for many companies. This is because of existing investments in equipment, knowledge of the existing storage solutions and deep integration of their existing storage products into their IT and/or application environment. All of this will need to be addressed. In addition, dealing with startups might be another challenge for enterprise organizations.

Add-on software solutions or appliances that sit in front of the existing storage solutions will offer less physical and logical protection to the unstructured data solution, but eliminate the risk involved in switching to an unproven storage offering.

Recommendations

·        Prioritize active protection of unstructured data storage systems as disaster recovery and backup on the grounds that limiting or blocking an attack is better than recovering from one.

·        Evaluate your current storage vendor(s) for cyberstorage capabilities, near-term features to come or add-in third-party options.

·        Do not treat cyberstorage products as an alternative to backup, immutable vaults, network monitoring or disaster recovery; they are an additional layer of protection preventing large-scale recovery and/or data theft of file systems.

·        Thoroughly analyze and harden your existing storage solution to prevent against management infrastructure hacks or a rogue admin by applying cyber hygiene best practices and storage vulnerability management solutions.