Cyber-resilient storage a final defense against ransomware
Features to enhance storage cyber resiliency should be table stakes for buyers, experts say. But enhancements are needed to stave off ransomware attacks.
Storage vendors are adding more cybersecurity features called cyber resilience into their offerings, providing a small but still valuable layer of defense against ransomware or other disasters.
Cyber resilience in storage, also called cyberstorage, protects the storage platform, system and software from malware and viruses, which are often spread through ransomware, said Mitch Lewis, an analyst at Futurum Group.
These cyber-resilient capabilities are typically included with customer's storage purchases without the need for an additional purchase. Storage industry experts say there's little downside in enabling these capabilities, but data security and cyber resilience still require security, storage and backup teams as well as their tools to work in tandem.
These tools also offer some disaster recovery or data management capabilities, such as user permission controls. But they primarily focus on protecting against ransomware with capabilities such as anomaly detection or honeypots as well as decoy data to mislead attacks, Lewis said.
"You can never have enough layers," he said. "[But] you need to have security measures in place. Their capabilities play more into data protection, which is getting increasingly entangled in security."
Malware detection and notification services and other security tools are the final defense an enterprise might have against ransomware attacks or infections, said Marc Staimer, founder and president of Dragon Slayer Consulting. Storage cyber resilience services cannot stop infection or virus payload detonations in progress but shouldn't be discounted. They can provide warnings or some protection.
"It's not the primary defense against ransomware and malware; it's the last line," Staimer said. "Like any last line, you want it to be really strong."
Minimum requirements
Primary storage systems, such as unstructured data in file NAS systems or hybrid cloud storage setups, are priority targets for ransomware, according to a report by Max Mortillaro and Arjan Timmerman, co-founders of TechUnplugged, an independent technology analyst firm.
These storage systems can hold valuable information for the enterprise, such as financial data or personal identifiable information. But without constant management, they can grow in size and become silos, according to the report. Primary storage system protection should, at minimum, include immutable snapshots; replication capabilities; and air-gapping for backups, either physically on media or logically in a cloud.
More advanced features to qualify a given storage platform as cyber-resilient include anomaly detection, which can pick up changes to data invisible to most humans through machine learning or pattern detection, and snapshot recovery orchestration tools, according to the report.
Market additions
Ctera Networks and Panzura Data Services are two storage vendors that are adding or enhancing their cyber-resilience capabilities.
Ctera's global file system platform already offers data management and object locking tools. But the new Ctera Ransom Protect feature adds new honeypot capabilities and user identification controls.
The offering, available to all Ctera customers, specifically aims to prevent data exfiltration by either external parties or rogue users within an organization, said Saimon Michelson, vice president of alliances at Ctera.
It's not the primary defense against ransomware and malware; it's the last line. Like any last line, you want it to be really strong.
Marc StaimerFounder and president, Dragon Slayer Consulting
Modern ransomware tends to focus on data exfiltration, he said. Finding ways to halt user profiles incorrectly accessing data can be just as valuable as stopping the infection itself.
"We see ourselves as yet another line of defense," Michelson said.
Panzura's CloudFS, a global file system, now has a ransomware detection software named Panzura Detect and Rescue. The service detects suspicious user activity or file activity and uses preset change thresholds to alert administrators. The service also includes support staff and auditing tools.
The Panzura platform hasn't prioritized ransomware protection over the disaster recovery capabilities offered before, said Dan Waldschmidt, CEO of Panzura. The company now aims to tackle the challenge head-on and expand cyber-resilient capabilities in the future, such as Detect and Rescue operating beyond the CloudFS environment.
Storage companies like Panzura and Ctera might find their offerings overlapping for many customers, resulting new features or capabilities beyond cyber resilience as the way to stand out among one another, Mortillaro said.
"[They're all] in a small pond going after the same customers," Mortillaro said.
Next evolution
Most enterprises will likely have dedicated security teams and software to cover many of cyberresilience capabilities, Mortillaro said. But the low impact to performance and extra security should be enough of a reason to use the tools.
"You can get a sign that something is wrong early, but it's not [always] sufficient," Mortillaro said. "If it's provided for free, I don't see why you wouldn't implement that. [But] you cannot rely on a single layer to protect you."
Enterprises using cloud tools such as air-gapped vaults should also ensure these tools comply with security policies, Timmerman said. This is mainly to avoid violating laws such the EU's GDPR data sovereignty regulations, which can require data to remain within a given jurisdiction or country.
"It's really important to have something to show for [business or regulation purposes]," Timmerman said. "If you enable something, you need to make sure you know what is going on with your data."
Any cyber-resilient offering should also include basics to stop human errors, such as two-factor authentication, enabling administrators to curtail strange behavior if other users suffer phishing attacks, Staimer said.
Ransomware attacks will continue to evolve, especially as generative AI contributes to new ransomware strains faster than most vendor offerings can keep up, Staimer said. Having the proper balance between all-inclusive security software and some additional services within storage will remain a balancing act.
"They're a start. They're going to catch a lot of variants in ransomware, but not the latest," he said.
Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.
