fbpx
cover background

StorageGuard™

Storage & backups are the most important assets when it comes to protection from ransomware.
However, they are also the only layers of IT not covered by traditional vulnerability management tools.
Until now…

Free Trial

StorageGuard secures your storage & backup systems,
to help you protect your data.

For the first time, get complete visibility of all storage & backup security risks.

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices – including Amazon, Azure, Brocade, Cisco, Cohesity, Commvault, Dell EMC, Hitachi, HP, IBM, Infinidat, NetApp, NetBackup, Pure, Rubrik, Veritas, Veeam, and VMware.

Visibility

Continuous scanning and analysis of data storage & backups

Prioritization

Automatic detection
of security risks

Protection

Knowledge base of security configuration best practices

Compliance

Overall health and
compliance reports

Download datasheet

StorageGuard Supports These Storage & Backup Systems

Select your role

Head of Information Security

  • How do I assess the security of data storage & backups?
  • How do I minimize the storage & backup attack surface?
  • How do I prioritize storage & backup security risks
  • How do I assess data recoverability in the event of a cyberattack?
Find out more

Head of Infrastructure & Storage

  • How do I identify and resolve storage & backup security issues?
  • How do I prove adherence to our security configuration standards / baseline?
  • How do I keep track of storage & backup configuration changes?
  • How do I automate validation & enforcement of storage & backup security best practices?
Find out more

Product Comparison

Qualys

Choose

Rapid7

(InsightVM)
Choose

Tenable

(Nessus)
Choose

StorageGuard vs. Qualys

Qualys does a good job of scanning vulnerabilities across your host OS, network, and web, but offers no support for storage arrays, storage network, data protection/backup systems and storage management. And this is where all your data is kept.

Features

Solution use cases

  • Vulnerability Assessment
  • Security Posture Management

Focus Area 

  • Data Storage
  • Host and Desktops 

Supported Platform Types

  • Storage OS
  • Storage Software
  • Network (Storage) 
  • Host / Mobile OS, DBMS
  • Host Software
  • Network (Ethernet) 

Main Features

  • Security configuration assessment
  • Vulnerability scanning
  • Policy and Compliance (Audit) 
  • Threat detection
  • Storage & Backup Asset Inventory and Discovery
  • Storage & Backup Attack Surface Mapping and Visualization
  • One-click remediation

Scalability

  • Enterprise-scale (distributed collection)

SCAP support

Configuration Change Tracking

API 

  • REST
  • SQL

Policy & Compliance

Integration 

Solution use cases

Vulnerability Assessment

Security Posture Management

Focus Area 

Data Storage

Host and Desktops 

Supported Platform Types

Storage OS

Storage Software

Network (Storage) 

Host / Mobile OS, DBMS

Host Software

Network (Ethernet) 

Main Features

Security configuration assessment

Vulnerability scanning

Policy and Compliance (Audit) 

Threat detection

Storage & Backup Asset Inventory and Discovery

Storage & Backup Attack Surface Mapping and Visualization

One-click remediation

Scalability

Enterprise-scale (distributed collection)

SCAP support

Configuration Change Tracking

API 

REST

SQL

Policy & Compliance

Integration 

StorageGuard vs. Rapid7

Rapid7 does a good job of scanning vulnerabilities across your host OS, network, and web, but offers no support for storage arrays, storage network, data protection/backup systems and storage management. And this is where all your data is kept.

Features

Solution use cases

  • Vulnerability Assessment
  • Security Posture Management 

Focus Area 

  • Data Storage
  • Host and Desktops

Supported Platform Types 

  • Storage OS 
  • Storage Software
  • Network (Storage) 
  • Host / Mobile OS, DBMS
  • Host Software 
  • Network (Ethernet)

Main Features

  • Security configuration assessment
  • Vulnerability scanning
  • Policy and Compliance (Audit) 
  • Threat detection 
  • Storage & Backup Asset Inventory and Discovery
  • Storage & Backup Attack Surface Mapping and Visualization
  • One-click remediation

Scalability

  • Enterprise-scale (distributed collection)

SCAP support 

Configuration Change Tracking

API 

  • REST
  • SQL

Policy & Compliance  

Integration  

Solution use cases

Vulnerability Assessment

Security Posture Management 

Focus Area 

Data Storage

Host and Desktops

Supported Platform Types 

Storage OS 

Storage Software

Network (Storage) 

Host / Mobile OS, DBMS

Host Software 

Network (Ethernet)

Main Features

Security configuration assessment

Vulnerability scanning

Policy and Compliance (Audit) 

Threat detection 

Storage & Backup Asset Inventory and Discovery

Storage & Backup Attack Surface Mapping and Visualization

One-click remediation

Scalability

Enterprise-scale (distributed collection)

SCAP support 

Configuration Change Tracking

API 

REST

SQL

Policy & Compliance  

Integration  

StorageGuard vs. Tenable

Tenable does a good job of scanning vulnerabilities across your host OS, network, and web, but offers no support for storage arrays, storage network, data protection/backup systems and storage management. And this is where all your data is kept.

Features

Solution use cases

  • Vulnerability Assessment
  • Security Posture Management 

Focus Area

  • Data Storage
  • Host and Desktops 

Supported Platform Types 

  • Storage OS 
  • Storage Software 
  • FC Network 
  • Host / Mobile OS, DBMS
  • Host Software
  • IP Network

Main Features

  • Security configuration assessment
  • Vulnerability scanning 
  • Policy and Compliance (Audit) 
  • Threat detection
  • Storage & Backup Asset Inventory and Discovery
  • Storage & Backup Attack Surface Mapping and Visualization
  • One-click remediation

Scalability 

  • Enterprise-scale (distributed collection)

SCAP support 

Configuration Change Tracking 

API 

  • REST
  • SQL

Policy & Compliance  

Integration  

Solution use cases

Vulnerability Assessment

Security Posture Management 

Focus Area

Data Storage

Host and Desktops 

Supported Platform Types 

Storage OS 

Storage Software 

FC Network 

Host / Mobile OS, DBMS

Host Software

IP Network

Main Features

Security configuration assessment

Vulnerability scanning 

Policy and Compliance (Audit) 

Threat detection

Storage & Backup Asset Inventory and Discovery

Storage & Backup Attack Surface Mapping and Visualization

One-click remediation

Scalability 

Enterprise-scale (distributed collection)

SCAP support 

Configuration Change Tracking 

API 

REST

SQL

Policy & Compliance  

Integration  

FAQs

Don’t quite understand why securing storage is so important?
Want to understand how StorageGuard works? You’ve come to the right place! 

We have our network and OS covered. Why do we need to scan our storage & backups?

Perimeter-based defense is not enough to protect against threats. The storage system is where all data is kept. Your existing vulnerability scanning solutions cover everything today, except for your storage, backup and storage management systems.

When a hacker gets control of a desktop, the damage is minimal. But when a hacker gets control of the storage systems, they have access to ALL THE DATA! This includes backup, copies, recovery copies, and production Data. They can delete it, corrupt it, or sell it.

What are the possible impacts of an unsecured storage & backup systems?

Attackers with access to a storage system could delete data volumes, encrypt data volumes, make data volumes inaccessible, corrupt / delete data recovery volumes and snapshots. A single storage array serves hundreds of database and application servers, thus a compromised storage system would cripple at least dozens business services and applications. 

Why is storage & backup security essential for Ransomware protection? (~Why now)

There has been a major shift in the threat landscape, with the emergence of ransomware-as-a-service. The first step taken by threat actors is to knock out an enterprise’s ability to recover from an infection, by exploiting vulnerabilities in storage and storage management configurations.

A hacked storage system is the equivalent of hacking two hundred servers!

This greatly improves the incentive for enterprises to pay the ransom, after the critical data is exfiltrated and then encrypted. And it has significant implications for CISOs and Heads of Storage and requires a drastically different approach to cybersecurity.

Storage also plays a critical role in the ability to recover from a cyberattack, since storage is where replicas, snapshots and backups are kept.

What kind of checks does StorageGuard perform?

Automatically identifying storage security misconfigurations and vulnerabilities. Our checks repository is constantly updated with security recommendations based on the following publications –

  • Vendor Security guides and articles: Dell EMC, IBM, Hitachi, NetApp, INFINIBOX, Brocade, HPE, Pure and others
  • Information Security standards: NIST, ISO/IEC, PCI DSS, CIS Control, FFIEC and more
  • Security advisories, bulletins and CVEs (MITRE / vendors)
  • Community feedback – security configuration baseline suggestions by users

The checks cover a wide range of areas: authentication, authorization, administrative access, malware protection, services and protocols, interfaces and ports, anti-ransomware, SAN access control, encryption, audit logging, NAS access control, object access control and more.

Which storage and backup systems does StorageGuard support?

StorageGuard supports storage arrays, storage networking, data protection appliances, storage virtualization, storage management, storage software and plugins. 

How is securing storage & backups different than securing servers?

  • Different network model (SAN vs TCP)
  • Different access control features (zoning, masking)
  • Scanning agents cannot be installed on the majority of storage systems (closed systems / appliances)
  • Some of the systems run non-standard operating systems
  • Some of the systems are only accessible through vendor-specific commands / programs (CLI/API)
  • Difficulty to identify the attack surface; including all hosts installed with storage CLI/API kit
  • Lack of storage security expertise within IS/IT
  • Poor support by existing Security Vulnerability Scanning solutions – in terms of coverage and depth

Our Awards 2021-2022

Data Security Solution Provider of the Year 2021

Top 10 Enterprise Security Startups 2021

Vulnerability Management Solution of the Year 2022

Talk To An Expert

Get in touch to see how you can detect, prioritize, and fix all security risks in your storage & backup systems.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our Privacy Policy I Agree