Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
VMblog Expert Interview: CTERA CTO Aron Brand Explains Cyberstorage and How Ransom Protect Defends Against Double Extortion Ransomware

interview ctera brand 

In a recent interview with VMblog, Aron Brand, CTO of CTERA, discussed the company's ambitious plans to become a leader in "cyberstorage" – an approach that deeply integrates cybersecurity into storage solutions. Brand explained how CTERA's Ransom Protect suite uses deception technology, honeypots, and AI-powered detection to combat double extortion ransomware tactics, which not only encrypt data but also steal and threaten to release sensitive information. He highlighted Ransom Protect's multiple layers of security, including immutable backups, to ensure data remains safe and accessible even if ransomware manages to encrypt files.

VMblog: CTERA recently announced ambitious plans to become the leader in what Gartner defines as "cyberstorage." Can you explain this term, and how does it relate to your approach to cybersecurity?

Aron Brand: CTERA is first and foremost a storage vendor, but cybersecurity is at the core of everything we do. We don't just bolt on security as an afterthought - it's deeply woven into the very fabric of our solutions. When Gartner talks about "cyberstorage," they refer to making data protection an inherent part of how storage is designed and delivered.

Gartner predicts that by 2028, 100% of storage products will include cyberstorage capabilities focused on active defense beyond recovery. (Gartner, 2024 Strategic Roadmap for Storage.)

Let me give you an analogy that resonates with me. Think about how a submarine is constructed. You can't just build it with incredibly thick, heavy armor plating everywhere. If you did that, it would be virtually impenetrable, sure, but it would also sink straight to the bottom of the ocean!

Instead, submarines are built with compartments. That way, if one section is breached, you can contain the damage and seal off that area, while preserving the rest of the vessel and keeping the crew safe.

That's our philosophy at CTERA. We layer security intelligently, with multiple compartments and failsafes. So if an attack manages to penetrate one layer, we can quickly isolate and neutralize the threat before it spreads through the entire system.

This compartmentalized approach allows us to provide incredibly robust security without compromising performance or usability for our customers. And that's really what cyberstorage is all about - making bulletproof data protection an integral part of the storage experience, not an inconvenient afterthought.

VMblog:  You've recently announced that your product provides protection against "double extortion" ransomware tactics. Can you explain what this tactic means, and how does your product address this problem?

Brand: Double extortion ransomware is a severe threat where attackers not only encrypt victims' data but also steal it and threaten to release or sell the sensitive information if the ransom isn't paid. This data exfiltration tactic adds immense pressure, as the potential public exposure and legal consequences of a data breach can lead to reputational damage, loss of trust from customers and partners, regulatory fines, and more.

To combat this, CTERA's Ransom Protect suite integrates deception technology within the file system itself in the form of honeypots--decoy files that mimic real assets to attract and monitor attackers. These are strategically deployed across the network infrastructure, including CTERA's Edge Filers. Any interaction with the honeypots, which have no legitimate reason to be accessed, is a clear indicator of malicious intent.

When attackers take the bait, their activities trigger alerts, and the system automatically isolates the threat with the aid of real-time AI detection that analyzes behavior patterns. This innovative approach ensures high security while gathering invaluable attack insights to refine threat detection and continually update defensive strategies against evolving ransomware tactics like double extortion.

I'm really proud that we're the first vendor in the file storage market to integrate a honeypot directly into the file system, which makes it incredibly easy to enable.

VMblog: Does Ransom Protect only protect against the data theft aspect of double extortion ransomware, or does it also prevent the encryption of company data?

Brand: Ransom Protect does a lot more than just protect against data theft. It has multiple layers of security to ensure your company's data stays safe and accessible, even if ransomware tries to lock it up.

First, it uses advanced AI to constantly monitor for any unusual activities that could be a ransomware attack happening. If it detects something suspicious, it immediately alerts the IT team and blocks the offending user.

Second, Ransom Protect doesn't rely just on looking for known ransomware signatures. It can detect brand-new, never-before-seen ransomware strains too, which is really important because ransomware keeps evolving to get past old defenses.

Perhaps most importantly, the product gives the IT admins a mission control-type dashboard where they can see everything happening in real-time, so they can quickly understand the situation and fight back against the attack.

VMblog: No AI solution is foolproof, so what if the ransomware still manages to impersonate a "good" user and damage files?

Brand: Even if ransomware does succeed in encrypting some files, CTERA's file system continuously keeps immutable backup copies stored away-in an air-gapped location that the ransomware can't reach. The data is stored in object storage, at a remote location, protected with different administrative permissions. So in one click, the IT team can recover those encrypted files from the snapshots, and you're back up and running, no ransom payment needed. We have some clever tricks up our sleeve that enable rolling back the data in time to a point before the attack - even across slow WAN links - with the users virtually not feeling a thing.

The best part is that setting up this powerful protection is really easy - the IT team just turns it on for the Edge Filers. So you get top-notch ransomware defense without the complicated work.

VMblog: How is AI-powered cyber defense changing the industry?

Brand: In the coming years, we will witness a paradigm shift as AI-powered technologies take center stage, enhancing threat detection, predictive capabilities, and overall security postures.

Organizations will harness the power of AI algorithms to analyze vast troves of behavioral audit data, enabling real-time identification of anomalies and potential cyber threats. This will pave the way for automated, instantaneous responses, significantly reducing the risk of successful attacks.

Moreover, AI will play a role in predicting security incidents before they occur. By learning from historical data and identifying patterns, these systems will implement proactive measures, fortifying defenses and staying one step ahead of malicious actors.

Perhaps most significantly, adaptive security will become the norm, with AI dynamically adjusting "alertness" levels and access controls based on the sensitivity of the data and ongoing threat analysis. This intelligent approach will strike a better balance between accessibility and robust protection.

VMblog: You have seen record-breaking results in 2023 - what do you think has contributed to that and what does that mean for 2024?

Brand: Our success in 2023 can be attributed to several factors, from our products to strategic alliances. One of our focuses for last year was continuously enhancing our product line to include cutting-edge technologies, such as advanced AI-driven security features, seamless integration of edge and cloud storage solutions, and robust data protection mechanisms like Ransom Protect.

Forming strategic partnerships with leading technology providers has also given us the space to integrate with other enterprise IT environments seamlessly, while our strong customer-centric approach and commitment to our users' success have helped us build and maintain a new customer base with a direct impact on results.

For 2024, we want to continue this focus on products, partnerships, and customers and have plans to keep refining our current offering while releasing new features tailored to specific industry needs and compliance requirements. We're also investing in even more security innovations, constantly working to improve our customers' experience and empower our partners - both new and existing - to engage with CTERA in ways that help them meet their business objectives.  

VMblog: Where can readers learn more about Ransom Protect?

Brand: You can visit our website here or you can go directly here to watch a demo of Ransom Protect, with the new honeypot functionality.

##

Published Tuesday, May 07, 2024 7:30 AM by David Marshall
Filed under: ,
Get This Featured White Paper: Innovative AI Strategies Supporting Trusted Data Recovery
You may also be interested in this white paper: Mind the Gap: Understanding the threats to your Microsoft 365 data
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Datacenter
Global Digital
haf
DTX
DTW-NA
innovatrix
Economist Impact
GISEC
IPS MP
global-digital-cx
vExpert
Calendar
<May 2024>
SuMoTuWeThFrSa
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678