Despite the massive efforts organizations have put into protecting networks, ransomware cyber attacks are on the rise. Since it’s clear that networks can never be 100% secure, organizations are shifting their ransomware protection strategy.
Instead of focusing on the network perimeter, security efforts are being focused on protecting IT assets from within—based on zero trust principles.
In this shift, cyberstorage is emerging as a new approach to implementing the zero trust strategy. In this post we take a look at this data-oriented solution for today's data-oriented security problems.
Use the links below to jump down to:
Cyberstorage is a data-centric approach to implementing the zero trust security model in your storage systems. Combining the capabilities of a number of different technologies, cyberstorage tightly integrates storage and security into a unified data protection solution that's designed around the data estate itself.
Assuming the attacker is already inside the network is a characteristic of all zero trust methodologies, but what makes cyberstorage different is that it provides protection right where the data actually resides.
The concept calls for incorporating a range of functionality, such as vulnerability scanning, activity monitoring, and remediation, to help protect your data against the damaging impact of ransomware and insider attacks for both structured and unstructured data storage. In essence, cyberstorage capabilities serve as a security control center for storage, giving you visibility and control across your entire data estate.
Cyberstorage also incorporates other zero trust measures, such as identity and access management (IAM), endpoint detection and response (EDR), and microsegmentation, providing data-focused security response against attackers who manage to bypass all other layers of security.
But, crucially, by protecting data at the source, cyberstorage reduces your reliance on backup as the only data-focused tool to use against ransomware. Backup is still considered the last line of defense against a ransomware attack, and is considered part of cyberstorage, it is more reactive than proactive.
With a full range of cyberstorage capabilities, users hope to protect against ransomware attacks by limiting vulnerabilities at the data level and detecting attacks and mediating before the damage can be done.
Cyberstorage is still a relatively new concept, with relatively few solutions available on the market. The following capabilities are currently those you can typically find—although it's likely capabilities will broaden as the cyberstorage market grows and evolves.
The NIST CSF Core functions point to out five goals that align with cyberstorage capabilities:
Traditionally, storage had always been the most vulnerable component of enterprise IT infrastructure. This was because:
Before the arrival of cyberstorage, IT teams relied on network and access control mechanisms to help keep the attackers out. However, your data resides in your storage systems—not your applications or networks. So, while these measures to protect the network play an important role, they can only shore up your defenses so far.
Cyberstorage fills this gap, providing the missing piece of the zero-trust jigsaw and more effective protection against ransomware attacks.
In addition to all the capabilities covered above, cyberstorage also offers an important change in the way that security can be approached on the organizational level. Since cyberstorage works at the data level, it gives more control over the responsibility for securing data to an organization’s storage admin teams.
In other words, those in your organization who know and understand your data, and are therefore best placed to assume responsibility for its security. This technology offers a way for those IT team members to effectively reinforce the overall security posture of the organization at the data level.
Cyberstorage is a multi-layered approach, which leverages a range of data protection capabilities that centralized storage has always needed.
It complements your existing tooling by providing a last line of defense against attacks that bypass other security mechanisms.
And, just as with other zero-trust technologies, it assumes hackers are already inside your systems, helping to safeguard your information assets from the latest generation of more sophisticated threat.
But, most important of all, cyberstorage focuses directly on your data—which is the ultimate target of any ransomware attack. To help you do that, NetApp now offers Ransomware Protection.
Ransomware Protection is a data-centric solution that collects all of the data protection capabilities NetApp offers. Users can get a full view of their data, leverage data protection services, map the data and respond, detect abnormal activities in their data, automatically prepare data to limit potential threats, and easily recover from immutable backups.