Virtualization Technology News and Information
Article
RSS
CISOs Guide to Storage & Backup Ransomware Resiliency

By Gil Hecht, CEO of Continuity

CISOs rely on information from across the organization about security, particularly from the various IT departments. Unfortunately, the information being fed to CISOs about the state of cybersecurity risk is incomplete. There is a blind spot present - a gaping hole. Data about the security posture of their storage and backup systems is either woefully deficient or missing entirely.

That is one of the reasons why CISOs set strategy and approve the procurement of solutions to keep data and systems safe, yet the organization continues to suffer from breaches and attacks. Despite implementing vulnerability management, extended detection and response (XDR), threat monitoring, security information and event management (SIEM), and other technologies, they always seem to be one step behind the cybercriminal fraternity. That state of affairs is likely to remain until the inherent risk posed by vulnerable storage and backup systems is addressed.

False Sense of Security

Part of the problem is that storage and backup systems are thought of as back-end and don't pose the same level of risk as other layers of IT closer on the perimeter. This can lull storage admins, infrastructure managers, and CISOs into a false sense of security.

Research from Continuity makes it clear that this is a misconception, and a dangerous one at that. The average enterprise storage device has around 15 vulnerabilities or security misconfigurations. Of these, three are considered a high or critical risk. Therefore, it is vitally important that CISOs understand the magnitude of the threat posed by insecure storage and backup systems and what they need to do about it.

Using The Wrong Tools

There are scores of vulnerability scanners, patch management, and configuration management systems in existence. Organizations rely on them to locate areas of potential weakness, remediate them, and deploy patches to resolve known vulnerabilities. These systems do a great job at inventorying and scanning networks, operating systems (OSes) and enterprise applications. But they are typically sketchy when it comes to inventorying and assessing storage and backup issues.

Shockingly, they often miss security misconfigurations and Common Vulnerability and Exposures (CVEs) on popular storage systems from the likes of Dell EMC, NetApp, or Pure, and backup systems from the likes of Veeam, Rubrik, and Veritas. Yet such systems host the crown jewels of enterprise data.

Superficial scans of storage and backup infrastructure can lead CISOs to believe that these systems lie outside the reach of cybercriminals. Nothing could be further from the truth. Hackers are notorious for finding ways to obtain privileges to user accounts and finding their way into storage and backup systems. From there, they can wreak havoc.

Storage and Backup Risks

The fact is that hundreds of active security misconfigurations and CVEs currently exist in various storage and backup systems. Our research shows that on average, about 20% of storage devices are currently exposed. That means they are wide open to attack from ransomware and other forms of malware.

A study of enterprise storage devices detected more than 6,000 discrete storage vulnerabilities, backup misconfigurations, and other security issues. At the device level, the average storage device is riddled with vulnerabilities, some of them severe. In addition, there are currently about 70 CVEs in storage environments that could be used to exfiltrate files, initiate denial-of-service attacks, take ownership of files, and block devices. Many of these CVEs are several months old. A few of them are a year or more old. This means that approved patches exist but are not deployed.

Don't think the bad guys aren't aware of this. They prefer the easiest possible route into the enterprise. Why come up with a genius plan to breach defenses when all you need to do is scan for some common vulnerabilities and mount an incursion from there?

Storage Security Features Not Implemented

Modern storage devices often include ransomware detection and prevention capabilities. Some include the capability to lock retained copies, protect critical data from tampering and deletion, and air gap data. However, in breach after breach, such features were found to either be misconfigured or not implemented at all - leaving the organization exposed.

Misconfigured backup and storage systems impacts cybersecurity in other ways. Zoning and masking mistakes may leave LUNs accessible to unintended hosts. Replicated copies and snapshots may not be properly secured. Audit logging misconfigurations make it more difficult for the organization to detect brute force attacks and spot anomalous behavior patterns. They can also impede forensic investigation and curtail recovery efforts. And a surprising number of storage and backup systems still operate with their original default administrative passwords. These factory settings can be easily exploited by unauthorized employees and malicious actors to inflict serious damage.

These are just a few of the many security challenges that are present within enterprise infrastructure. There are many other areas to check. The bottom line is that storage and backup systems generally have a significantly weaker security posture than the compute and network infrastructure layers. It is a ticking time bomb ripe for exploitation by criminal gangs.

How to Protect Storage and Backup Systems

Storage and backup systems must be fully secured to protect data and ensure recoverability. StorageGuard finds the security risks that other vulnerability management tools miss. Developed specifically for storage and backup systems, its automated risk detection engines check for thousands of possible security misconfigurations and vulnerabilities at the storage system and backup system level that might pose a security threat to enterprises data. It analyzes block, object, and IP storage systems, SAN/NAS, storage management servers, storage appliances, virtual SAN, storage networking switches, data protection appliances, storage virtualization systems, and backup devices.

Continuity's StorageGuard ensures these systems will never be the weakest link in cybersecurity. Its comprehensive approach to the scanning of storage and backup systems offers complete visibility into blind spots, automatically prioritizing the most urgent risks, and remediating them.

Discover how secure your storage & backup systems are.

Earlier this year, we interviewed 8 CISOs to get their insights on new data protection methods and the importance of securing storage & backup, including: John Meakin, Former CISO at GlaxoSmithKline and Deutsche Bank, Joel Fulton, Former CISO at Symantec and Splunk, Endré Jarraux Walls, CISO at Customers Bank, and George Eapen, Group CIO (and former CISO) at Petrofac.

Download the Report: CISO Point of View: The ever-changing role of data, and the implications for data protection & storage security

##

ABOUT THE AUTHOR

Gil-Hecht 

Gil Hecht has been serving as CEO of Continuity since he founded the company in 2005. He is responsible for building Continuity's leadership in the Cyber Resiliency and Cyberstorage space and establishing the vision for the company. Before founding Continuity, Gil was the Founder, Chairman and CEO of Savantis Systems, a leading provider of database virtualization solutions. 

Gil is an avid Storage and Backup security advocate, and one of the main contributors to the recently published NIST special publication titled: ‘Security Guidelines for Storage Infrastructure'. 

Published Tuesday, January 17, 2023 7:57 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2023>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
2930311234