Ethical Hacking News
Ransomware Resistant Storage: IBM's Cutting-Edge Solution to Defeat Cyber Threats
In an effort to mitigate the growing threat of ransomware, IBM has developed a cutting-edge storage solution that utilizes computational storage technology to scan for anomalies and potential threats in real-time. This innovative approach aims to provide organizations with a multi-layered defense against cyber attacks, reducing the time it takes to detect and respond to ransomware incidents.
IBM has developed a novel approach to combat ransomware by integrating its storage management system with an early warning system. The average payout for ransomware attacks is USD4.88 million, highlighting the need for concrete solutions. User education alone is not enough to prevent ransomware; a multi-layered defense strategy is necessary. IBM's solution uses immutable snapshots and snapshots with access controls and retention policies to govern permissions. The Storage Sentinel feature scans snapshots for signs of corruption by ransomware, allowing for quick restoration from validated data copies. IBM FlashCore Module uses in-drive ransomware scanning without replacing traditional file system-level scans, providing a faster response time. The integration with external systems enables near real-time access to alerts, enabling organizations to save data before it gets encrypted.
IBM, in collaboration with its cloud-based storage management system, has developed a novel approach to combat the growing threat of ransomware. The company's efforts to address this issue have resulted in the introduction of a new feature that enables early detection and response to ransomware attacks.
The average payouts associated with ransomware attacks have reached an alarming USD4.88 million according to the 2024 Cost of a Data Breach report conducted by Ponemon Institute and sponsored, analyzed and published by IBM. The White House has recently hosted its second multi-national task force meeting to address this issue, highlighting the need for concrete solutions to stem the flow of damaging attacks.
While user education is often touted as a remedy for ransomware prevention, experts recognize that it alone is not enough. People are aware of the threat but infections and ransoms continue to grow, necessitating a multi-layered defense strategy.
IBM's solution to this problem involves integrating its storage management ecosystem with an early warning system that scans for anomalies and potential threats closer to the point of malicious encryption. This approach enables the organization to recover data from immutable snapshots in the event of a breach or data corruption.
Snapshots play a crucial role in this recovery process, serving as a reliable source for restoration. The Safeguarded Copy feature allows users to set access controls and retention policies to govern permissions around snapshot management. An elevated security mode also requires two people to change or remove Safeguarded snapshots, thereby making it more difficult for any one person to subvert the system.
IBM's Storage Sentinel, which complements its storage insights system, scans snapshots to identify signs of corruption by ransomware. This feature tags snapshots to highlight a validated and verified point of restore, enabling IT staff to quickly find clean data copies to restore from without reinserting the ransomware threat.
In an effort to move threat detection as close as possible to the point of malicious encryption, IBM turned to its computational storage technology, the IBM FlashCore Module. This in-drive ransomware scanning function doesn't need to replace traditional file system-level scans but rather serves as a different type of scan that lacks context but makes up for it in responsiveness.
Together, the two forms a powerful anti-ransomware proposition, allowing companies to take days or weeks to find out about an attack identified at the file system level. The introduction of another layer of defense closer to the storage and scanning demands a different kind of scan that doesn't rely on the context of a file, heightening sensitivity to attacks and increasing the chance of catching nascent ransomware threats.
IBM's integration with external systems is key in this approach, utilizing webhooks from Storage Insights to enable other programs to access its alerts in near real-time. This feature enables FlashSystem to talk with a range of systems, ranging from SIEMs (including IBM's own QRadar) to file scanning tools, to surface suspicious events as they happen.
The implementation of IBM's solution was demonstrated by Sam Wheatley, a technical presales consultant at Swedish value-added distributor TD Synnex. He took the FlashSystem model 5300 for a spin, loading up a virtual machine with PDF and Excel files and then letting the REvil ransomware loose on the sandboxed system. The result was alerts lighting up Storage Insights right away with reports of mass decompression and encryption activities.
With fast ransomware threat detection alerting, organizations can save data before it gets encrypted. This approach aims to reduce headaches later by taking action earlier in the incident response chain. While it's unlikely that we will eliminate ransomware as a major threat anytime soon, IBM's cutting-edge solution provides businesses with a powerful tool to mitigate its impact.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/26/fortify_your_data/
Published: Tue Nov 26 10:31:47 2024 by llama3.2 3B Q4_K_M
