cover background

Securely Configure Storage, Backup, and Data Protection Systems

StorageGuard™ - Validating Storage & Backup Security

Storage & backups are the most important assets when it comes to protection from ransomware.
However, they are also the only layers of IT not covered by traditional vulnerability management tools.
Introducing the FIRST Security Posture Management solution for Storage & Backups…

Watch a Demo

Use StorageGuard to Secure your storage, backup, and data protection systems.

For the first time, get complete visibility of all security risks in your storage, backup, and data protection systems.

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage, backup and data protection systems – including Dell, NetApp, Hitachi Vantara, Pure, Rubrik, Commvault, Veritas, HPE, Brocade, Cisco, Veeam, Cohesity, IBM, Infinidat, VMware, AWS and Azure.

Visibility

Detect deviation from a chosen Configuration Baseline, and securely configure your storage & backup systems

Prioritization

Prove audit compliance for your storage & backups (e.g., CIS Controls, NIST, ISO, PCI, NERC CIP, etc.)

Protection

Detect when vendor configuration guidelines aren’t implemented, and validate adherence to ransomware protection best practices

Compliance

Quickly detect and remediate vulnerabilities & security misconfigurations in your storage & backups

Ready to Speak to an Expert?

Using An Agentless Scan, StorageGuard Gives You Complete Security Oversight Of Your Storage And Backup Environment

Access Control  Lists (System)
Authenticated System Communication (Zero Trust)
Access Control Lists (Shares)
Account Lockout
Backup Isolation Principles
Multi-Factor Authentication
Default passwords
Data at-rest Encryption
End of Support Software / Firmware / OS
High-Severity Security Advisories
Hardened Management System (CLI, Web)

 

Immutable Backup Copy
Internal Communication Encryption
Logging
Password Rules
SAN Network Security Best Practices
SSL Certificates
Strong cryptography
Session Restrictions
#StopRansomware CISA Guidelines
Users and RBAC
Unused Services / Protocols are Disabled (Least Functionality)

 

StorageGuard checks the security configuration of your storage and data protection systems - ensuring those systems are hardened, meet security best-practices, and comply with standards/baselines.

For the first time, get complete visibility of security risks across these mission-critical systems, and ensure compliance with security regulations and industry standards.

StorageGuard Supports These Storage & Backup Systems

Select your role

Head of Information Security

  • How do I assess the security of my storage & backups?
  • How do I minimize the storage & backup attack surface?
  • How do I detect CVEs in my backup & data protection systems
  • How do I check recoverability in case of a cyberattack?
Find out more

Head of Infrastructure & Storage

  • How do I track configuration changes in my storage & backups?
  • How do I identify security risks in my storage & backups?
  • How do I prove audit compliance of our storage & backups?
  • How do I verify that our immutability solutions are securely configured?
Find out more

Product Comparison – Comparing StorageGuard to Existing Vulnerability Management Vendors

Qualys

Choose

Rapid7

(InsightVM)
Choose

Tenable

(Nessus)
Choose

StorageGuard vs. Qualys

Qualys does a good job of scanning vulnerabilities across your host OS, network, and web, but offers no support for storage arrays, storage network, data protection/backup systems and storage management. And this is where all your data is kept.

Features

Solution use cases

  • Vulnerability Assessment
  • Security Posture Management

Focus Area

Backup & Storage
Endpoints & Network

Main Platform Types

  • Backup systems
  • Data Protection systems
  • Storage OS
  • Storage & Backup Software
  • Network (Storage)

STORAGE & BACKUP Security Posture Management Capabilities

  • Device, OS & Software Inventory
  • Configuration CMDB
  • Vendor Security Best Practice checks
  • Validate Industry Security Guidelines
  • Configuration Baseline & Drift Detection
  • Credentialed Vulnerability Scan
  • Ransomware Protection Best Practice checks
  • Configuration Compliance & Evidence
  • End of Support / Security Updates Notification
  • Continuously Updated Library with Thousands of Checks
  • Actionable Findings
  • 1-step Remediation
  • Security Audit Reports
  • Configuration Change Reports
  • Custom Reports & Checks

Scalability

  • Enterprise-scale (distributed collection)

Integration 

Solution use cases

Vulnerability Assessment

Security Posture Management

Focus Area

Backup & Storage
Endpoints & Network

Main Platform Types

Backup systems

Data Protection systems

Storage OS

Storage & Backup Software

Network (Storage)

STORAGE & BACKUP Security Posture Management Capabilities

Device, OS & Software Inventory

Configuration CMDB

Vendor Security Best Practice checks

Validate Industry Security Guidelines

Configuration Baseline & Drift Detection

Credentialed Vulnerability Scan

Ransomware Protection Best Practice checks

Configuration Compliance & Evidence

End of Support / Security Updates Notification

Continuously Updated Library with Thousands of Checks

Actionable Findings

1-step Remediation

Security Audit Reports

Configuration Change Reports

Custom Reports & Checks

Scalability

Enterprise-scale (distributed collection)

Integration 

StorageGuard vs. Rapid7

Rapid7 does a good job of scanning vulnerabilities across your host OS, network, and web, but offers no support for storage arrays, storage network, data protection/backup systems and storage management. And this is where all your data is kept.

Features

Solution use cases

  • Vulnerability Assessment
  • Security Posture Management 

Focus Area

Backup & Storage
Hosts & Desktops

Main Platform Types

  • Backup systems
  • Data Protection systems
  • Storage OS
  • Storage & Backup Software
  • Network (Storage)

STORAGE & BACKUP Security Posture Management Capabilities

  • Device, OS & Software Inventory
  • Configuration CMDB
  • Vendor Security Best Practice checks
  • Validate Industry Security Guidelines
  • Configuration Baseline & Drift Detection
  • Credentialed Vulnerability Scan
  • Ransomware Protection Best Practice checks
  • Configuration Compliance & Evidence
  • End of Support / Security Updates Notification
  • Continuously Updated Library with Thousands of Checks
  • Actionable Findings
  • 1-step Remediation
  • Security Audit Reports
  • Configuration Change Reports
  • Custom Reports & Checks

Scalability

  • Enterprise-scale (distributed collection)

Integration  

Solution use cases

Vulnerability Assessment

Security Posture Management 

Focus Area

Backup & Storage
Hosts & Desktops

Main Platform Types

Backup systems

Data Protection systems

Storage OS

Storage & Backup Software

Network (Storage)

STORAGE & BACKUP Security Posture Management Capabilities

Device, OS & Software Inventory

Configuration CMDB

Vendor Security Best Practice checks

Validate Industry Security Guidelines

Configuration Baseline & Drift Detection

Credentialed Vulnerability Scan

Ransomware Protection Best Practice checks

Configuration Compliance & Evidence

End of Support / Security Updates Notification

Continuously Updated Library with Thousands of Checks

Actionable Findings

1-step Remediation

Security Audit Reports

Configuration Change Reports

Custom Reports & Checks

Scalability

Enterprise-scale (distributed collection)

Integration  

StorageGuard vs. Tenable

Tenable does a good job of scanning vulnerabilities across your host OS, network, and web, but offers no support for storage arrays, storage network, data protection/backup systems and storage management. And this is where all your data is kept.

Features

Solution use cases

  • Vulnerability Assessment
  • Security Posture Management 

Focus Area

Backup & Storage
Hosts & Desktops

Main Platform Types

  • Backup systems
  • Data Protection systems
  • Storage OS
  • Storage & Backup Software
  • Network (Storage)

STORAGE & BACKUP Security Posture Management Capabilities

  • Device, OS & Software Inventory
  • Configuration CMDB
  • Vendor Security Best Practice checks
  • Validate Industry Security Guidelines
  • Configuration Baseline and Drift Detection
  • Credentialed Vulnerability Scan
  • Ransomware Protection Best Practice checks
  • Configuration Compliance & Evidence
  • End of Support / Security Updates Notification
  • Continuously Updated Library with Thousands of Checks
  • Actionable Findings
  • 1-step Remediation
  • Security Audit Reports
  • Configuration Change Reports
  • Custom Reports & Checks

Scalability 

  • Enterprise-scale (distributed collection)

Integration  

Solution use cases

Vulnerability Assessment

Security Posture Management 

Focus Area

Backup & Storage
Hosts & Desktops

Main Platform Types

Backup systems

Data Protection systems

Storage OS

Storage & Backup Software

Network (Storage)

STORAGE & BACKUP Security Posture Management Capabilities

Device, OS & Software Inventory

Configuration CMDB

Vendor Security Best Practice checks

Validate Industry Security Guidelines

Configuration Baseline and Drift Detection

Credentialed Vulnerability Scan

Ransomware Protection Best Practice checks

Configuration Compliance & Evidence

End of Support / Security Updates Notification

Continuously Updated Library with Thousands of Checks

Actionable Findings

1-step Remediation

Security Audit Reports

Configuration Change Reports

Custom Reports & Checks

Scalability 

Enterprise-scale (distributed collection)

Integration  

FAQs: Storage & Backup Security

Don’t quite understand why securing your storage and backups is so important? Want to see how StorageGuard detects security misconfigurations? You’ve come to the right place!

We have our network and OS covered. Why do we need to scan our storage & backups?

Perimeter-based defense is not enough to protect against threats. The storage system is where all data is kept. Your existing vulnerability scanning solutions cover everything today, except for your storage, backup and storage management systems.

When a hacker gets control of a desktop, the damage is minimal. But when a hacker gets control of the storage systems, they have access to ALL THE DATA! This includes backup, copies, recovery copies, and production Data. They can delete it, corrupt it, or sell it.

What are the possible impacts of an unsecured storage & backup systems?

Attackers with access to a storage system could delete data volumes, encrypt data volumes, make data volumes inaccessible, corrupt / delete data recovery volumes and snapshots. A single storage array serves hundreds of database and application servers, thus a compromised storage system would cripple at least dozens business services and applications. 

Why is storage & backup security essential for Ransomware protection? (~Why now)

There has been a major shift in the threat landscape, with the emergence of ransomware-as-a-service. The first step taken by threat actors is to knock out an enterprise’s ability to recover from an infection, by exploiting vulnerabilities in storage and storage management configurations.

A hacked storage system is the equivalent of hacking two hundred servers!

This greatly improves the incentive for enterprises to pay the ransom, after the critical data is exfiltrated and then encrypted. And it has significant implications for CISOs and Heads of Storage and requires a drastically different approach to cybersecurity.

Storage also plays a critical role in the ability to recover from a cyberattack, since storage is where replicas, snapshots and backups are kept.

What kind of checks does StorageGuard perform?

Automatically identifying storage security misconfigurations and vulnerabilities. Our checks repository is constantly updated with security recommendations based on the following publications –

  • Vendor Security guides and articles: Dell EMC, IBM, Hitachi, NetApp, INFINIBOX, Brocade, HPE, Pure and others
  • Information Security standards: NIST, ISO/IEC, PCI DSS, CIS Control, FFIEC and more
  • Security advisories, bulletins and CVEs (MITRE / vendors)
  • Community feedback – security configuration baseline suggestions by users

The checks cover a wide range of areas: authentication, authorization, administrative access, malware protection, services and protocols, interfaces and ports, anti-ransomware, SAN access control, encryption, audit logging, NAS access control, object access control and more.

Which storage and backup systems does StorageGuard support?

StorageGuard supports storage arrays, storage networking, data protection appliances, storage virtualization, storage management, storage software and plugins. 

How is securing storage & backups different than securing servers?

  • Different network model (SAN vs TCP)
  • Different access control features (zoning, masking)
  • Scanning agents cannot be installed on the majority of storage systems (closed systems / appliances)
  • Some of the systems run non-standard operating systems
  • Some of the systems are only accessible through vendor-specific commands / programs (CLI/API)
  • Difficulty to identify the attack surface; including all hosts installed with storage CLI/API kit
  • Lack of storage security expertise within IS/IT
  • Poor support by existing Security Vulnerability Scanning solutions – in terms of coverage and depth

Our Awards

Data Security Solution Provider of the Year

Top 10 Enterprise Security Startups

Vulnerability Management Solution of the Year

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our Privacy Policy I Agree