More about NetApp Ransomware Protection
- What Should Your Data-Centric Ransomware Protection Include?
- Anti-Ransomware: Why Backup and Perimeter Protection Aren’t Enough
- The Zero Trust Model: What It Is and How It Affects Data Management
- Ransomware Protection Services and Solutions: A Market Overview
- IT & Ransomware: IT’s Role at the Forefront of Ransomware Protection
- Ransomware Detection: Techniques and Best Practices
- Data Security Capabilities Every IT Leader Needs To Know
- Ransomware Protection: Detection, Recovery, and Prevention
- Organization Security: Who’s Responsible for Keeping IT Safe?
- Ransomware Types: 5 Common Types of Ransomware Attack Top Security Tips for IT Teams
- Cyberstorage: Data-Oriented Security Designed for Ransomware Protection
- NetApp Ransomware Protection: A Complete Set of Data-Focused Protective Capabilities
- Ransomware Prevention and Remediation with Cloud Volumes ONTAP
May 25, 2022
Topics: Data ProtectionAdvanced6 minute readRansomware ProtectionSecurity
Despite the massive efforts organizations have put into protecting networks, ransomware cyber attacks are on the rise. Since it’s clear that networks can never be 100% secure, organizations are shifting their ransomware protection strategy.
Instead of focusing on the network perimeter, security efforts are being focused on protecting IT assets from within—based on zero trust principles.
In this shift, cyberstorage is emerging as a new approach to implementing the zero trust strategy. In this post we take a look at this data-oriented solution for today's data-oriented security problems.
Use the links below to jump down to:
- What Is Cyberstorage?
- Cyberstorage Capabilities
- Benefits of Cyberstorage
- Giving IT Teams More Control Over Data and Storage Security
- Get Direct Protection for Your Data: NetApp Ransomware Protection
What Is Cyberstorage?
Cyberstorage is a data-centric approach to implementing the zero trust security model in your storage systems. Combining the capabilities of a number of different technologies, cyberstorage tightly integrates storage and security into a unified data protection solution that's designed around the data estate itself.
Assuming the attacker is already inside the network is a characteristic of all zero trust methodologies, but what makes cyberstorage different is that it provides protection right where the data actually resides.
The concept calls for incorporating a range of functionality, such as vulnerability scanning, activity monitoring, and remediation, to help protect your data against the damaging impact of ransomware and insider attacks for both structured and unstructured data storage. In essence, cyberstorage capabilities serve as a security control center for storage, giving you visibility and control across your entire data estate.
Cyberstorage also incorporates other zero trust measures, such as identity and access management (IAM), endpoint detection and response (EDR), and microsegmentation, providing data-focused security response against attackers who manage to bypass all other layers of security.
But, crucially, by protecting data at the source, cyberstorage reduces your reliance on backup as the only data-focused tool to use against ransomware. Backup is still considered the last line of defense against a ransomware attack, and is considered part of cyberstorage, it is more reactive than proactive.
With a full range of cyberstorage capabilities, users hope to protect against ransomware attacks by limiting vulnerabilities at the data level and detecting attacks and mediating before the damage can be done.
Cyberstorage is still a relatively new concept, with relatively few solutions available on the market. The following capabilities are currently those you can typically find—although it's likely capabilities will broaden as the cyberstorage market grows and evolves.
The NIST CSF Core functions point to out five goals that align with cyberstorage capabilities:
- View data across your entire data estate
- Manage your data security posture across all environments, both cloud-based and on-premises, from a unified location
- Get recommendations on how to improve the security posture
- Pinpoint data that requires extra protection
- Find the most secure location for sensitive data and migrate
- Determine the highest priority data to restore in the event of an attack
- Create a data protection strategy and plan
- Encrypt data—both in transit and at rest
- Configure an air-gapped disaster recovery (DR) site
- Take immutable backups and snapshots
- Delete stale or unnecessary data that hackers might still target
- Log activity for monitoring and analysis
- Identify signs of a ransomware attack early in the attack lifecycle
- Detect suspicious usage patterns, such as mass read, write, and delete activity, abnormal increase in encryption, and user access outside normal working hours
- Identify unpatched vulnerabilities
- Identify misconfigurations and weaknesses, such as unsafe file permissions
- Monitor and control access privileges
- Generate alerts that signal attacks, such as unusual system stress or loss of storage efficiency
- Quickly locate affected data in the event of an attack
- Provide automated defense mechanisms, such as session blocking
- Provide actionable information about an attack so you can quickly assess the impact and take appropriate measures accordingly
- Recover quickly using reliable and efficient backup copies
- Provide forensic details so you can establish the root cause of an attack and implement future preventative measures
- Assess the damage with file-level forensics and identify which files to restore
- Place data directly in locations you specify, at the block level
- Locate last uncorrupted copy of the data in an indexed catalog (with Cloud Backup)
Benefits of Cyberstorage
Traditionally, storage had always been the most vulnerable component of enterprise IT infrastructure. This was because:
- data held in storage had always been the ultimate target of the hackers
- storage provided no built-in capabilities to protect your data in its host environment
Before the arrival of cyberstorage, IT teams relied on network and access control mechanisms to help keep the attackers out. However, your data resides in your storage systems—not your applications or networks. So, while these measures to protect the network play an important role, they can only shore up your defenses so far.
Cyberstorage fills this gap, providing the missing piece of the zero-trust jigsaw and more effective protection against ransomware attacks.
Giving IT Teams More Control Over Data and Storage Security
In addition to all the capabilities covered above, cyberstorage also offers an important change in the way that security can be approached on the organizational level. Since cyberstorage works at the data level, it gives more control over the responsibility for securing data to an organization’s storage admin teams.
In other words, those in your organization who know and understand your data, and are therefore best placed to assume responsibility for its security. This technology offers a way for those IT team members to effectively reinforce the overall security posture of the organization at the data level.
Get Direct Protection for Your Data: NetApp Ransomware Protection
Cyberstorage is a multi-layered approach, which leverages a range of data protection capabilities that centralized storage has always needed.
It complements your existing tooling by providing a last line of defense against attacks that bypass other security mechanisms.
And, just as with other zero-trust technologies, it assumes hackers are already inside your systems, helping to safeguard your information assets from the latest generation of more sophisticated threat.
But, most important of all, cyberstorage focuses directly on your data—which is the ultimate target of any ransomware attack. To help you do that, NetApp now offers Ransomware Protection.
Ransomware Protection is a data-centric solution that collects all of the data protection capabilities NetApp offers. Users can get a full view of their data, leverage data protection services, map the data and respond, detect abnormal activities in their data, automatically prepare data to limit potential threats, and easily recover from immutable backups.