Analysis of More than 400 Enterprise Storage Devices Detected 6,300 Discrete Security Issues; On Average, Analyzed Devices Had 15 Security Vulnerabilities
NEW YORK, October 13, 2021— Continuity™, a leading provider of cyber resilience solutions, today issued The State of Storage Security Report. The first research to examine the security of storage systems, this new report provides an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage systems have a significantly weaker security posture than the other two layers of IT infrastructure: compute or network.
These findings are alarming given the fact that, unlike an attack on individual endpoints or servers, which can cause problems, an attack that targets storage systems can be truly devastating. A compromise of a single storage array can bring down thousands of servers – and wipe out petabytes of data, a frightening prospect given the rise in ransomware attacks over the past three years that target corporate data.
For The State of Storage Security Report, Continuity’s automated risk detection engines analyzed data from more than 400 enterprise storage devices from vendors including Brocade, Cisco, Dell EMC, IBM, Hitachi Data Systems, NetApp, and others.
Key research findings include:
“Of the three main IT infrastructure categories — compute, network, and storage — the latter often holds the greatest value, from both security and business perspectives,” said Gil Hecht, founder and CEO of Continuity. “Security vulnerabilities and misconfigurations of storage devices present a significant threat, especially as ransomware attacks have taken hold of businesses over the past few years. Yet based on our analysis, the security posture of most enterprise storage systems is strikingly weak. Organizations must act immediately to better protect their storage – as well as backup systems – to ensure their data is secure against ransomware and other cyberattacks.”
To help organizations gain the visibility they need to understand their storage vulnerability risk and avoid blind spots, Continuity recommends that they evaluate existing security processes and ensure that the storage layer be secured and hardened to a similar – if not greater – extent as compute and network assets.
Continuity’s StorageGuard is the only solution that checks for thousands of possible misconfigurations and vulnerabilities at the storage system level that pose a security threat to organizations’ data.
Continuity compiled anonymized inputs from more than 20 customer environments across North America and EMEA, covering the banking & financial services, transportation, healthcare, telecommunications and other industry sectors. A total of 423 enterprise storage devices were analyzed from vendors including Brocade, Cisco, Dell EMC, IBM, Hitachi Data Systems, NetApp, and others. The analysis covered the configuration of block, object and IP storage systems, SAN / NAS, storage management servers, storage appliances, virtual SAN, storage network switches, data protection appliances, storage virtualization systems and other storage devices. Continuity’s automated risk detection engines checked for thousands of possible misconfigurations and vulnerabilities at the storage system level that posed a security threat, of which was tagged with a security index (1-5) and tracked so as to allow for detailed assessment, aggregation and drill down.
With the rise in cybersecurity threats, Continuity is the only solution provider that helps enterprises protect their data by securing their storage systems – both on-premises and in the cloud. Continuity’s StorageGuard complements existing data-protection and vulnerability management solutions, by adding a layer of security that prevents attackers from penetrating storage and backup systems which can result in gaining control over practically all of an enterprise’s critical data.
Among Continuity’s customers are the world’s largest financial services firms and Fortune 500 enterprises, including six of the top 10 US banks. For more information, please visit www.continuitysoftware.com