ST2401
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
MANAGEMENT: RANSOMWARE<br />
"Backups are a vital safety net in the event of an attack. However,<br />
their effectiveness in ransomware scenarios is heavily dependent on<br />
how they're managed and protected. By targeting backups,<br />
ransomware attackers aim to incapacitate an organisation's ability<br />
to restore data independently, thereby increasing the likelihood of a<br />
ransom being paid. That is why backups require air-gapped,<br />
immutable storage, i.e. a physical gap between the backup data<br />
and the network that blocks attempts to access or alter that data<br />
through network-based attacks."<br />
of ransomware. The main advantage of postdiscovery<br />
backup-based detection is its<br />
integration within existing backup software,<br />
making it a non-intrusive addition to data<br />
protection strategies. But its retrospective nature<br />
makes it somewhat limited.<br />
Since it relies on periodic snapshots of the<br />
system and lacks visibility into actual file<br />
operations, for example, being completely blind<br />
to read operations, backup-based detection<br />
can miss nuanced details of file operations and<br />
changes. This oversight can lead to missing<br />
early signs of an attack, potentially rendering it<br />
insufficient in preventing significant data loss,<br />
especially in the case of fast-moving<br />
ransomware strains.<br />
REAL-TIME FILE SYSTEM-BASED<br />
DETECTION<br />
In contrast, real-time detection methods<br />
operate directly on the live file system. They<br />
continuously monitor file operations, user<br />
behaviours, and system changes, offering a<br />
more dynamic and immediate response. The<br />
advantages of this approach are many:<br />
Immediate threat identification: Real-time<br />
monitoring allows for the rapid detection of<br />
suspicious activities, crucial in intercepting<br />
ransomware before it spreads extensively.<br />
Blocking suspicious activities: This method<br />
proactively blocks users or machines<br />
performing suspicious activity, preventing<br />
the ransomware from executing its payload.<br />
Granular data for machine learning: By<br />
monitoring each file operation in real-time,<br />
this approach provides a wealth of detailed<br />
data, which is invaluable for AI-driven<br />
models, enhancing their accuracy and<br />
ability to adapt to new ransomware tactics.<br />
Comprehensive coverage: Real-time<br />
monitoring ensures protection for all files,<br />
including those excluded from backup.<br />
While backup-based detection plays a crucial<br />
role in identifying ransomware post-attack, realtime<br />
file system-based detection offers a more<br />
proactive and comprehensive defence.<br />
By enabling immediate identification and<br />
response to ransomware activities, and by<br />
providing high quality, detailed data for<br />
advanced AI models, file system-based<br />
detection stands as a more robust and effective<br />
solution for protecting file servers against the<br />
evolving threat of ransomware.<br />
NEVER PAY THE RANSOM<br />
Ransomware is a continuously escalating threat<br />
that demands a multi-layered approach. It's<br />
critical to focus on early detection, integrate<br />
reactive and preventative measures, and<br />
implement air-gapped, immutable backups - a<br />
robust safety net in case of an attack.<br />
The stand-out solution in the current<br />
cybersecurity landscape is the adoption of realtime<br />
file system-based detection. Unlike its<br />
backup-based counterpart, real-time detection<br />
immediately identifies threats and blocks<br />
suspicious activities as they happen. The<br />
granular activity data gathered by this method<br />
enhances the efficacy of AI-driven models,<br />
leading to more accurate and adaptive<br />
ransomware defence strategies.<br />
The fight against ransomware is an ongoing<br />
battle that requires vigilance, innovation, and<br />
adaptation. organisations must stay ahead of<br />
potential attackers by employing a combination<br />
of backup strategies, real-time detection<br />
methods, and continuous evolution of their<br />
cybersecurity practices.<br />
But if you take only one thing from this guide,<br />
it should be this: never pay the ransom.<br />
More info: www.ctera.com<br />
www.storagemagazine.co.uk<br />
@STMagAndAwards Jan/Feb 2024<br />
STORAGE<br />
MAGAZINE<br />
33