hamburger icon close icon
NetApp Ransomware Protection

Anti-Ransomware: Why Backup and Perimeter Protection Aren’t Enough

Despite ongoing years of effort to prevent ransomware, attacks continue to target major enterprises. To get a better understanding of why these attacks continue to proliferate we need to look at the common ransomware protection techniques in use today.

What do these traditional anti-ransomware techniques entail? Why aren’t they preventing attacks anymore? In this blog we’ll take a closer look at ransomware protection methods in use today and why they don’t do enough to protect data.

Use the links to jump down to the sections on:

Today’s Most-Used Anti-Ransomware Tools

There are two main ways that companies have sought to protect themselves against ransomware attacks: protecting the network perimeter and maintaining regular backups.

These actions will allow for recovery if users are locked out. Unfortunately, as the numbers show, these traditional defense mechanisms aren’t doing enough.

1. Perimeter Protection

Building a good defensive wall is an idea as old as the foundations of civilization itself, so it was a logical first step in the fight against ransomware and cyberattacks to rely on securing the network perimeter. The goal was simple: tighten access to ensure no infections could enter the network.

Building defense mechanisms and employing anti-ransomware software that can recognize ransomware before it enters and infects your network is meant to prevent attacks from ever happening. It’s an admirable goal, if not the most foolproof strategy.

Why does this protection strategy fail? Just as with the first defensive walls built around ancient cities, perimeters have weak points where they can be breached. Part of what makes perimeter protection so difficult is the range of techniques being used to inject this type of malware into end devices.

Why perimeter protection doesn’t do enough

The perimeter defense is meant to keep all of these avenues of attack closed off, but there are still ways to get around those defenses. Worse yet, because this defense mechanism is focused on outside intrusions, it won’t be of any use against threats that may already be inside the system, lying in wait to deploy the malicious code.

The takeaway: Dedicated attackers are always probing at defenses and looking for ways in. There is no guarantee that protecting the network will ensure ransomware infections won’t take place.

2. Backup Solutions

Backup is the last line of defense in ransomware attack situations. If an attack is launched and it somehow makes it through the network defenses and data begins to become inaccessible, an up-to-date backup copy can allow systems to be restored. It’s a failsafe, but again, not entirely foolproof.

Users who have such backups know that all they need to do is restore the system from the backup to return systems to an operational state. Unfortunately, the latest ransomware attackers are just as aware that your backups are the best way to circumvent a ransomware lockout.

Why backup solutions fail

However, there is a weak point to relying on backup as your sole anti-ransomware defense: backup methods don’t have any awareness of what’s going on in their systems.

With no ability to detect malicious activity, a perfectly sound backup strategy is going to fail if ransomware is already at work in the system. The latest strains of ransomware know it is crucial to lock out backup data as well as the primary dataset. A full attack might not even take place until the backup is effectively neutralized, ensuring that the victim has no other option than to pay up.

The takeaway: With no awareness of the actions going on in your system, backup data is as vulnerable to infection as the rest of your data.

Protecting What’s Most Important—Your Data

IDC findings show that data will grow by 23% over the five-year period of 2020-2025. In 2020 alone, the report shows, 64.2 ZB of data was created. While not all of this data will be retained, its sheer mass goes to show the vital nature it plays in normal operations for global business.

This data fuels normal operations and is a fundamental part of the relationship between organizations and their clients. Putting that data in jeopardy will affect the ability of an organization to operate and its overall business reputation. This point isn’t lost on the cyber attackers, which is why they turn to ransomware.

Ransomware’s power comes from its ability to take this data out of your hands.

The attacker wants your data, not your network

Since data is the domain of the I&O teams, they need to be able to monitor that data’s wellbeing, make sure it is properly accessed, detect if anything is wrong with it, and have full visibility across the entire estate. These actions are all part of taking a data-centric approach to ransomware protection.

Data-centric ransomware protection is built from the inside out according to the principles of zero trust. This means that users assume the attackers have already breached the network and the top priorities are to protect the data, detect malicious activity before it does harm, and recover as needed.

There is a way to do this, with anti-ransomware, NetApp’s way.

Get Cyber Resilient with NetApp Ransomware Protection

At NetApp, we have been providing industry-leading data management solutions for decades. That's why we understand data protection better than anyone and are perfectly positioned to offer the most comprehensive suite of tools to protect your data.

NetApp Ransomware Protection gives users a full complement of tools and capabilities to put data first. This follows the zero-trust approach to data security, which assumes your system will be infected, if it isn’t already, by making sure security is built from the inside out, staring with your data. Use these tools to:

  • Map your data
  • Organize it for security best practices
  • Locate vulnerabilities
  • Detect unusual behavior that can indicate an attack
  • Control permissions
  • Back up automatically
  • Seamlessly recover after attacks, and more

This goes beyond the traditional anti-ransomware methods of relying on perimeter protection and backups. NetApp’s data-centric approach gives you a comprehensive way to make sure your security posture is as strong as possible to withstand attacks with full recovery capabilities if anything goes wrong.

To find out more, take a look at this free ebook on data-centric ransomware protection with NetApp.

New call-to-action


What is anti-ransomware?

The term “anti-ransomware” describes any approach to fighting ransomware attacks, including the defenses that organizations can build to protect against them. The traditional anti-ransomware tactics used by enterprises have been perimeter defense, securing their networks and keeping reliable backup copies. A data-centric approach is seen as much more secure now.

How does ransomware protection work?

Ransomware protection works differently depending on the approach. For organizations relying on perimeter defenses, the network is secured using strong anti-ransomware software, hoping to catch any malicious software before it enters the network. Backups provide a method of ransomware protection that is a failsafe should the primary dataset become locked. The comprehensive data-centric approach puts data at the focal point, monitoring it for any sign of an attack, and securing it with automatic response tools and efficient backups.

Semion Mazor, Product Evangelist

Product Evangelist