Joel Reich

The Storage Manager’s Quick-Guide to Ransomware Resiliency (Part 2)

  • October 3, 2022
  • 4 min read

About Continuity™

Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.

Read more

Part 2: How Storage Managers Can Achieve Ransomware Resilience

Part 1 explained why storage managers need to prepare for the ransomware scourge. In Part 2, we move onto what they need to do to achieve ransomware resilience.

Various surveys make it clear that the rising frequency of ransomware attacks is steadily eroding confidence in being able to cope. Almost 60% of respondents are not confident in their ability to recover from a ransomware attack.

How should they deal with the problem?

Here are 6 ways organizations can improve how they detect and prevent ransomware attacks, how to mitigate the impact if they suffer from one, and how they can recover their data.

1. Immutable storage/backup

Immutable storage is data that retained in a form that cannot be altered or tampered with. Once backed up, it is stored in that same format and can’t be changed. It can be implemented on tape, disk, SSDs, or in the cloud as a defense against ransomware. Some tools even incorporate machine learning features that can detect any signs of interference from ransomware.

2. Snapshots and replication 

Replication is about sharing data between redundant resources, such as software or hardware components or between servers or data centers to provide fault tolerance and business continuity. If one server goes down, the other holds the same data, for example. Snapshots are typically used in replication to provide near-instantaneous data protection. Point-in-time copies are replicated to other systems. If data is loss, they can be used to rapidly restore it. Backups, too, can be transmitted to an offsite location using replication.

3. Network Segmentation

Network segmentation is a tactic that can greatly reduce the impact of a ransomware attack. By separating the network into smaller, distinct areas, the spread of a malware is minimized if one area is compromised.

4. Data Vaulting and Air-Gapped Solutions

Data vaulting is a good way to avoid the possibility of ransomware infecting backup files. Cybercriminals increasingly target backup environments with ransomware as a way to guarantee the success of their extortion attempts. Vaulting addresses this via air gapping i.e., a copy of the backup is kept offline, separated from other systems. This is best achieved via tape backups that are retained offline. As there is no physical connection to the internet, ransomware has no chance of infecting it.

5. Data security

Data security is about protecting valuable data. There are different procedures, standards, and technologies to choose from. These include encryption (in transit and at rest), file scanning, malware detection and prevention, network security such as firewalls, intrusion detection, data privilege, access management, and more. Their goal is to ensure that only authorized parties can access and use the data and that its integrity is maintained at any given moment. 

6. Storage and Backup Security Posture Management

There are a great many patch management and vulnerability management tools out there. They continually scan networks and systems for security risks. They do a fine job with operating systems (OSes) and enterprise applications. However, they often miss security misconfigurations and vulnerabilities in storage and backup systems.

There are currently thousands of active CVEs out there that relate to storage and backup systems. They can be used to exfiltrate files, initiate denial-of-service attacks, take ownership of systems, block devices, and delete data. Overall, about 20% of storage devices are exposed and can be attacked successfully by ransomware.

In fact, many organizations fail to configure immutable backups properly – possibly the result of insufficient understanding of the technology and its limitations. This allows adversaries to compromise those backup systems. 

Continuity’s StorageGuard was designed to comprehensively scan all data storage, storage management, storage networking, and backup systems to look for security misconfigurations and vulnerabilities. It offers enterprises complete visibility into storage and backup security blindspots, automatically prioritizing the most urgent risks. As the industry’s only security posture management solution for storage and backup systems, it provides:

  • Visibility. For the first time, detect all security misconfigurations and vulnerabilities in your storage & backup systems
  • Prioritization. Act upon your most urgent security misconfigurations and vulnerabilities, where you’re most at risk 
  • Protection. Ensure all your storage & backup systems can withstand ransomware and other attacks, to prevent data loss
  • Compliance. Guarantee storage & backup systems are compliant with security regulations and standards 

StorageGuard also complements data security and file-based security solutions. Files eventually are stored within storage devices. If you break into a storage device, you can still delete, alter or block all files stored within the device – even if those files are encrypted.

Discover how secure your storage & backup systems are. Click here for a free trial of StorageGuard.

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree