![]() But a bit more than 1 in 9 attacks actually see the inside of an inbox – making it critical that your “early detection and blocking” of attacks includes endpoint protection that stops both known and unknown threats.Īnd by “endpoint”, I don’t just mean workstations and laptops I mean every system on the network. Most cybersecurity practitioners put the emphasis on the most common initial attack vector of most ransomware attacks – phishing – putting a layered strategy in place to keep malicious email from ever reaching an inbox. ![]() But the preventative and protective layers of your cybersecurity strategy should be most effective well before an attacker ever gets to the point where they are trying to encrypt or delete backups, right? Let’s break cyberstorage down into a few specific goals to help find ways to achieve cyberstorage practically while the industry attempts to catch up and create some form of a unified solution:ġ) Early Detection and Blocking of Attacks – I believe that Gartner has it in mind that this “detection” and “blocking” is done as part of the storage system. In short, Gartner says, “ Cyberstorage provides active defense against cyberattack on unstructured data.” They paint a picture of the technology timeline in the Hype Cycle shown below:Īnd while the Hype Cycle report is looking for storage-vendor specific solutions that may take as many as 10 years to come to fruition, as with any cybersecurity need, there are many ways to achieve the same end goal – and in a much shorter period than 10 years!Ĥ white-label posters to help you educate your end-users on how not to get hit by ransomware. The solutions can be pure software, a dedicated appliance or fully integrated with the data storage solution.” Last year, Gartner put out the Hype Cycle for Storage and Data Protection Technologies, 2022, coining a since-repeated phrase that denotes having backup storage that is resilient to cyberattack: cyberstorage.Īccording to Gartner, cyberstorage “ protects storage system data against ransomware attacks through early detection and blocking of attacks, and aids in recovery through analytics to pinpoint when an attack started. Threat actors aren’t fools they understand the mitigation steps taken by today’s brightest IT organizations and look for ways to circumvent security controls to locate, exfiltrate, and delete backups to leave the victim organization with paying the ransom as their only option.īut the good guys have been diligently evolving as well. In other cases, it’s attacks specific to a backup vendor designed to find user accounts with application-specific privileges to eliminate relevant backups via APIs. ![]() ![]() In some cases, the search for backups is rendered as a complex sub-attack that uses known vulnerabilities to gain access to SAN and NAS devices before finding and deleting backup files. The identification and destruction of backups has long been a known threat tactic used as part of ransomware attacks, with the obvious logic being, “If you don’t have backups, you have no choice but to pay the ransom.” What started as simple scripts designed to find specific file types has evolved. The growing threat against backups by cybercriminals in the course of an attack has the industry looking for a stronger definition of what should be included when considering where and how your backups are stored. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |