Webinar: Configuring Storage & Backup; the Forgotten Threat Vector

   

Summary of on-demand webinar:

Introduction

Welcome to this joint webinar by Dell and Continuity Software. Today, we’ll shed light on an often-overlooked area of cybersecurity: storage and backup configuration. We’ll explore real-world cyber incidents, attack anatomy, and offer practical recommendations for securing these critical systems.

Why This Topic Matters

Cyber attackers are evolving—and they’re now targeting storage and backup systems directly. These platforms, once considered back-office infrastructure, are now strategic assets and prime targets in sophisticated attacks.

Real-World Examples of Attacks

  • Ukraine Mobile Provider: During the Russia-Ukraine conflict, a cyberattack destroyed servers, storage, and backups, disrupting the country’s largest mobile operator.

  • United Health: Backup systems were breached, delaying recovery and magnifying operational impact.

Key takeaway: Weak configurations in storage and data protection systems can make or break recovery success.

Anatomy of a Modern Cyber Attack

  1. Initial Access: Attackers exploit compromised credentials, phishing, vulnerabilities, or social engineering to infiltrate.

  2. Privilege Escalation & Reconnaissance: They identify high-value assets using techniques like AD enumeration, network discovery, and credential harvesting.

  3. Targeting Storage & Backup Systems: Once attackers gain control, they can:

    • Corrupt or delete backups

    • Disable immutability

    • Exfiltrate sensitive data

Organizations must assume breach and prepare defenses accordingly.

Who Owns Storage and Backup Security?

A live poll revealed:

  • 76%: Shared responsibility between IT & InfoSec

  • 24%: IT Infrastructure

  • 0%: Information Security only

Conclusion: It’s a collaborative effort.

  • InfoSec sets policies, standards, and compliance frameworks.

  • IT implements and enforces those controls within backup and storage environments.

Auditing often spans multiple groups (e.g., GRC, internal audit, external auditors), underscoring the need for coordination.

Key Recommendations

1. Establish a Secure Configuration Baseline

  • Define and maintain hardening baselines per platform.

  • Cover key areas: authentication, encryption, RBAC, logging, remote access, etc.

  • Continuously validate baseline adherence to prevent drift.

  • Use tools like StorageGuard to automate scans and generate reports.

2. Implement Dual Authorization

Also known as:

  • Four-Eyes Principle

  • Two-Man Rule

  • Dual Control

This requires two users to authorize critical changes. It’s not a substitute for MFA, but an additional layer of protection against malicious insiders and compromised accounts.

3. Isolate Your Backup Environment

  • Avoid shared services with production (e.g., Active Directory).

  • Use dedicated credentials and networks.

  • Disable unnecessary protocols and services.

  • Enforce least privilege access.

  • Maintain air-gapped or offline backups.

StorageGuard helps validate isolation and configuration status across environments.

4. Stay on Top of Vendor Advisories

  • Track firmware, OS, CLI software, plugins, etc.

  • Create and maintain an inventory of versions and patches.

  • Use automation to match advisories with your installed base.

  • StorageGuard includes a continually updated advisory knowledge base and alerts you to exposures.

5. Adopt Best Practice Security Measures

  • Forward logs to SIEM (Splunk, QRadar, etc.)

  • Replace insecure protocols (HTTP, SNMP, LDAP) with secure versions.

  • Use both retention-locked snapshots and backups.

  • Harden NTP configurations to prevent time-based immutability bypass.

  • Enforce ACLs and zero-trust communication principles.

  • Avoid storing all backups on a single platform.

About StorageGuard

StorageGuard, part of the Dell ETC program, offers:

  • Agentless, read-only scanning

  • Customizable security baselines

  • Drift detection & remediation workflows

  • Vendor advisory correlation

  • Audit-friendly compliance reports

It’s built to simplify enterprise-scale storage and backup hardening, regardless of vendor or environment.

Final Thoughts & Next Steps

Action Items:

  • Define your configuration baselines

  • Enforce dual authorization

  • Isolate your backup infrastructure

  • Monitor vendor advisories

  • Regularly validate and improve your posture

Explore more resources at:

Webinar FAQs

What are the biggest cybersecurity risks to storage and backup systems?

Storage and backup systems are increasingly being targeted by cyber attackers. Threats include:

  • Misconfigured settings and weak access controls

  • Exploited vulnerabilities in backup software

  • Destruction or encryption of backup copies

  • Disabling of immutability settings

  • Insider threats or credential abuse

Who is responsible for securing storage and backup platforms?

It’s a shared responsibility:

  • Information Security (InfoSec) defines policies, conducts vulnerability scanning, and manages compliance.

  • IT Infrastructure implements hardening guidelines, configures platforms, and manages day-to-day controls.

Storage and backup security requires collaboration between both teams.

What is a secure configuration baseline and why is it important?

A secure configuration baseline is a set of approved settings designed to:

  • Harden your environment

  • Align with vendor best practices and regulatory standards

  • Maintain operational resilience

It helps prevent configuration drift and ensures systems remain compliant over time.

How can I isolate my backup environment for better security?

To isolate backup environments:

  • Avoid connecting backup systems to Active Directory

  • Use dedicated credentials and VLANs

  • Disable unused services and ports

  • Limit user access based on least privilege

  • Ensure at least one backup copy is air-gapped or offline

What role does StorageGuard play in protecting storage and backup systems?

StorageGuard by Continuity Software:

  • Scans configurations without agents

  • Validates adherence to secure baselines

  • Identifies misconfigurations and drift

  • Tracks vendor advisories and patch needs

  • Provides actionable remediation guidance

It helps enterprises maintain strong, continuously validated security postures.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our Privacy Policy I Agree

Welcome — Continuity is now Core6 !

Our name has changed, but our products, team, and commitment to customers remain the same.
You can now find us at www.core6.com.

Continue to Core6