Virtualization Technology News and Information
The Best Cyber Defense is Being Immutable

Cyber threats, especially ransomware, continue to evolve and impact larger swaths of the corporate world. According to Sophos' report The State of Ransomware 2024, 59 percent of organizations were impacted in the last year.

Cybercriminals have become more sophisticated, and often exploit vulnerabilities in backup systems to affect both primary and secondary data. In the recent attack on CloudNordic, the cloud provider lost access not only to its own data and backups, it lost the data of its customers too. Certain strains of malware like Locky and Crypto were developed specifically to encrypt backups.

Targeting backup systems renders victims unable to recover from those backups, and all but ensures the victim must surrender to ransom demands-demands that are many times higher than what appropriate data and system security would have cost.

Today it is imperative to have multiple levels of impenetrable data protection at every level. Only this strategy will defend backups from data loss, unauthorized access, corruption, and cyberattack.

Protection for your data protection

With backups your first and last line of defense against cyberattack, so-called "immutable" snapshots are currently the best option.

Immutable snapshots capture data at specific moments, creating a "freeze frame" of your information that remains untouchable. Once a snapshot is taken, it can be locked, thereby rendered immune to changes, and cannot be deleted, for any time period the administrator chooses. This delivers immediate protection as well as data integrity. Immutable snapshots can be taken automatically at regular intervals, or manually.

Immutable snapshots defend against any tampering by internal or external threats, and defend against accidental or intentional data damage.

In the event of loss of data from primary systems, immutable snapshots permit rapid restore to minimize downtime. Since the cost of downtime in hard dollars can easily exceed the cost of hardware or software, it's critical to be able to make a quick recovery from snapshots so data and systems are accessible nearly immediately.

If data is corrupted, immutable snapshots allow a rewind to the last known good state. This also enables version control: since multiple data versions are maintained, immutable snapshots enable admins to easily roll back to a previous copy.

Managing snapshots involves setting policies for how and when they are created, converted to immutable status, and retained; where and how they are stored to optimize capacity footprint; and when they are to eventually be deleted. Automated checksum-based data integrity features are often available to detect and address potential errors.

Immutable snapshots for cyberattack recovery

Cybercriminals are increasingly able to access and delete backups, but immutable snapshots are indestructible, offering the most robust protection. These inherent strengths allow an organization to restore its data to the prior, pre-attack state.

When an attack hits, best practices are to thoroughly assess the extent of the damage and isolate all affected systems to stop the malware from spreading, not necessarily in that order. Once the malware is removed from the systems, the recovery phase can begin.

The immutable snapshots, being impervious to alteration, deletion, or encryption by the malware vector, are then used to restore data and systems by rolling back to the most recent snapshot that is known to be free of infection.

Naturally-as in most scenarios-recovery relies on preemptive measures, like regularly creating snapshots in the first place, maintaining a series of restore points, ensuring there is ample storage capacity, and performing dress rehearsals of disaster scenarios. But there's no question that proper backups start with deploying an immutable solution from the onset.

The recovery landscape

The market's solution to cybersecurity challenges is a vast array of add-on products, but what's needed is an integrated approach that regards data protection as an essential component of the underlying storage and data management platform. The ability to perform snapshots, object locking on object-based platforms, tiering strategies, policy-driven data governance, redundancy, and access control are fundamental pieces of data protection that should be embedded into the storage itself, not added later as a need arises-at which point it is often too late.

Unfortunately, this is far from the only challenge. Cybercriminals know that whether large or small, every organization's data is its lifeblood. While large enterprises may have deeper pockets to pay steeper ransoms, and may have highly sensitive data such as personal information, they are also better able to afford stronger data protection. That said, a massive volume of data under management, located across multiple departments, multiple hardware systems, and multiple geographic locations, is far more complex to secure. Large enterprises also have larger workforces, dramatically increasing the risk of an employee inadvertently downloading malware and increasing the potential for insider threats.

On the other hand, smaller enterprises are often targeted simply because they have fewer resources, human and otherwise, with which to defend their data, and may be more likely to pay up.

Regardless of size, the best available defense is a failproof backup consisting of immutable snapshots, and the best-of-the-best scenario is when data security is understood as a fundamental part of a comprehensive storage system. This approach will deliver a far more seamless, far less complex, and far more effective means of protection than add-on solutions or third-party software.



Mircea Turcu, VP of Engineering Nexsan


Published Thursday, June 13, 2024 10:00 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2024>