Beyond Prevention – How a Cyber Resilient State Can Provide a Ransomware Defense

Protect Your Business From Vulnerability With A Resilient, Flexible IT Infrastructure. Collaboratively Assess The Level Of Readiness & Response For Current Capabilities. Protect Your Data. Enable Resilient Models. Deployable Solutions. Rapid Recovery.

Planning and protection against a cyber threat are extremely important for every organization. Many customers look at the most secure area of their IT Infrastructure and judge the cybersecurity level. At the same time, the bad actors are constantly monitoring the weakest secured area of the organization and open the door. The world's most valuable resource is no longer oil, but data. In this blog, I would like to share how to protect your data and defend Against Cyber Attack.

Enterprise storage resides on Block Storage, Object Storage, or File Storage. Many organizations put significant emphasis on protecting primary storage. Some organizations leave their backup infrastructure-less secure than their primary data.

Protect Backup Data against Cyber Threats: IBM has an industry-leading data protection solution called IBM Spectrum Protect, which can store backup data in all storage media such as disk, tape, object, cloud, and more. IBM Spectrum Protect Operations Center using backup data analysis can alert admins for any suspicious activity. IBM Spectrum Protect portfolio delivers pervasive, end to end encryption capabilities. Customers utilize Spectrum Protect Node replication to replicate the backup data to the isolated location such as Write Only Read Many -WORM Tape/ Object Storage media. Furthermore, these backup copies can be sent to a physically secure off-site location. IBM also supports snapshots as well, which is the traditional backup and recovery method that delivers the lowest RTO (Recovery Time Objective).

Best advice for 2020: As always, the best defense against ransomware is to have current, tested backups of all critical data. Keep those backups isolated from your network so they, too, aren’t encrypted by the ransomware.

IBM Tape Storage offers a cost-effective, long term backup and archive WORM storage, with a true physical air gap and total separation from ransomware and cyber-attacks. The tape is used to optimize data protection costs and mitigates the risk of ransomware for data-centric organizations. At a cost of less than half a cent per GB (Gigabyte), it is also an extremely cost-effective solution.

IBM delivers four key capabilities of cyber resiliency that delivers across the block, file, object, tape, software-defined storage, and cloud.

IBM DS8880 Safeguarded Copy prevents sensitive point in time copies of data from being modified or deleted due to user errors, malicious destruction or ransomware attacks. Here’s how it works. Safeguarded Copy provides functionality to create up to 500 recovery points for a production volume. These recovery points are called Safeguarded Backups. The Safeguarded Backups are immutable, hidden and non-addressable by a host. The data within these backups can only be used after a Safeguarded Backup is recovered to a separate recovery volume providing a "logical air gap" functionality. Finally, these recovery volumes can be accessed using a recovery system and used to restore production data, providing a rapid and operational recovery capability.

Isolation is the degree of separation of snapshot or backup data from the rest of the network. Isolation can be achieved though logical means by utilizing DS8000 Safeguarded Copies or IBM Cloud Object Storage (COS) with IBM Resiliency Orchestrator. Isolation can also be achieved through a physical air gap with IBM Physical Tape and Spectrum Protect.

Immutability, or tamper-proof storage, prevents any attacker, external or internal, from changing or deleting data. IBM offers multiple WORM (Write Once, Read Many) storage solutions such as DS8000 Safeguarded Copies, WORM Tape, Spectrum Scale Immutable file sets, IBM COS retention vaults, and Spectrum Protect for data retention.

Performance is an important capability of the cyber resilience framework. How fast can your organization recover from a cyber-attack? While tape excels at isolation and immutability of your backup data, it can take several hours for recovery. For those companies that need to recover in minutes instead of hours, IBM offers high performing recovery options with DS8000 Safeguarded Copy and the Spectrum Protect family.

Ease of reuse or the ease of access to your backup data is important for testing recovery procedures, validating backups, and restoring data into a sandbox environment to find a valid recovery point in the event of a ransomware incident. DS8000 Safeguarded Copy and Spectrum Protect Plus provide instant restore capabilities to get your organization back on its feet.

The pain points that organizations face are evolving as cyber-attacks increase. There is a need for a more precise, immediate response to cyber events. This response, to be effective, needs to be planned, prepared, and tested well before experiencing a live attack, where the stress and pressure of the attack overwhelm the organization as it tries to recover. Data storage systems and technologies lie at the heart of efforts to build IT environments that are resilient to logical data corruption in all its forms. IBM Storage offers a broad spectrum of market-leading cyber resilience solutions that help the 21st-century businesses survive and thrive.

Protecting data with IBM Object Storage - WORM manner

IBM Cloud Object Storage maintains integrity in a WORM manner to protect data against deletion or modification.

Cyber resilience for the 21st century

Cyberattacks designed to deny access to or destroy data are likely to remain a major business risk for the foreseeable future. The use of technology and operational processes for prevention of cyberattacks will be necessary, and measures to recover from successful attacks will also be an important part of a well-designed security posture. By leveraging proven technologies and approaches such as the NIST Framework and the discipline of risk management, IBM Storage offerings can be used to create and implement cyber resilience solutions that will help 21st-century businesses thrive well into this century.

Sanjay Patel

IBM Spectrum Storage

[email protected]