Newmedia365.de

Schlagwort: protect

  • Protect Your File Data Storage from Ransomware with Holistic Security

    Protect Your File Data Storage from Ransomware with Holistic Security

    Protect Your File Data Storage from Ransomware with Holistic Security

    by Stefan Radtke, Field CTO EMEA, Qumulo

    A holistic approach to security is needed to protect your data from ransomware
    When it comes to ransomware, an ounce of prevention is worth 3x the cure

    Your business continuity plan may look much the same when it comes to recovering your data – whether the data loss is caused by a natural disaster or a ransomware attack. Earlier this year, I covered Qumulo“s built-in security controls to help you protect your data from malware as part of a holistic security posture. In this series we are going to focus on ransomware in the context of disaster recovery and business continuity because, with the advent of ransomware as-a-service (RaaS) and the huge ransoms being paid, attacks are on the rise. For instance, the FBI has investigations into more than 100 variants of RaaS, many of which have been used in multiple ransomware campaigns. While recent ransomware incidents have been highly publicized, many more have been kept private to protect the victim“s reputations.

    Business-critical data is being encrypted for ransom and cyber criminals are getting paid for the sake of business continuity

    According to Sophos“ 2021 State of Ransomware, a report based on data from 5,400 decision makers representing over 30 countries – organizations on average, got only 65% of their data back after paying the ransom. But the cost to business continuity, the downtime, is what hurts organizations the most. The report states the average ransom paid by mid-sized organizations was US $170,404. However, the average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc. was US$1.85 million.

    How does ransomware get in? Let me count the ways…

    Cyber criminals use clever tactics to infiltrate a company“s environment at multiple layers and deploy ransomware. One of the most common is social engineering-a phishing email where a company insider is tricked into sharing credentials or downloading malware and letting the threat in.

    USB drives, partner networks, unpatched vulnerabilities, and easy-to-obtain passwords-all are potential threat vectors for malware to gain entry. New hybrid work models may create more. This is why it“s important to take a holistic approach to security to prevent entry, detect it when it happens and stop it from spreading to other parts of the network. Last but not least, a holistic approach includes having a business continuity plan in place that includes data backup and disaster recovery from ransomware.

    Ransomware: The Anatomy of an Attack

    Ransomware can infect just about any device with an operating system or digital connection including network devices, IoT devices, desktop computers, servers, digital cameras, printers, and zip drives. The goal of most ransomware attacks is to exfiltrate data and/or encrypt data to force organizations to pay for keys to decrypt their data. Attacks typically happen in phases:

    Gain access to the network and at least one initial device

    Infect as many additional devices as possible to gather information
    Exfiltrate data
    Deploy additional modules that; for example, encrypt data
    Encrypt data for extortion
    In the first phase, the intruders continue to gather more information about the infrastructure (users, data flows, network topologies, devices). Then, at a later stage, they start to exfiltrate data and/or load additional malware to start other threads that can access data and encrypt files.

    This is why an efficient risk management strategy is needed that focuses on attack vectors to prevent infection or detect early phases at the point on the network and compute devices where the infection occurred. Data storage is at the end of the infection cycle. The longer the malware runs, the further the infection spreads, complicating disaster recovery and resumption of operations.

    An Overview: Qumulo“s Holistic Security Architecture

    A holistic security approach to malware detection captures data from as many devices as possible to identify suspicious events at the entry point(s) for analysis and correlation. Upon detection, action is taken to stop the ransomware from gaining access to subsequent layers including your file storage.

    Implementing a holistic security approach that includes network, compute, device and event-monitoring techniques, together with data correlation and analysis, is preferable over siloed security solutions that are embedded in the storage system. The goal is to keep the ransomware from getting anywhere near your file data.

    The Qumulo File Data Platform is built with security at its core and includes a broad spectrum of modern technologies and data services designed to keep data safe. Qumulo“s software architecture is a purpose-built file system with a natively developed protocol stack. It uses no third-party code for file data access protocols. Bi-weekly software updates include Qumulo image and operating system and updates and fixes are built in by Qumulo including any common vulnerability and exposure (CVE) issues.

    HOLISTIC DOMAIN: PREVENTION

    The most common malware attack exploits happen outside your storage system and you want to prevent them from getting there. The first objective of ransomware is to get behind your firewall and into your network-where the bad actor can watch, move around, and plan the attack. Here are many of the easy-to-use security features that are built into the Qumulo file system software to reduce the threat surface available to ransomware and other exploits.

    Locked-down Linux OS-a minimal Ubuntu image to reduce risk surface
    Bi-weekly product updates – with built-in security features and patches
    The file system runs completely in user space (LD/LDAP)
    Role based access control (RBAC)-specifies what each user group can do with predefined roles and delegates least privileges
    Restrictions to SMB and NFS file access to hosts on network
    Access-based enumeration (ABE)-privileges required
    The ability to hide SMB shares (the exact path is needed to mount the share)
    Data encryption (data at rest is encrypted by default))
    Data on the wire can be encrypted and set per share
    Ransomware prevention — Limit accessibility to shares and exports

    HOLISTIC DOMAIN: DETECTION

    Integration with modern security information and event management (SIEM) solutions capture data from devices and offer holistic approaches to detect and stop malware infections. One important aspect for detective controls is central event capturing and correlation. The advantage of a centralized SIEM approach is that it provides a common solution for all data center or cloud instances and services. Data can be gathered easily, and indexed, filtered, analyzed, searched, and visualized. Automated or semi-automated actions can be triggered when suspicious activities are detected. This is the most effective approach because ransomware is being identified and stopped before it reaches your file system.

    Qumulo sends audit logs to SIEM solutions to detect threat activity.

    Qumulo sends audit logs in industry-standard syslog format to SIEM solutions on the market including Splunk, Elastic Search, AWS Cloudwatch, and Azure Sentinel.

    In addition, intrusion detection systems (IDS) can detect patterns of dangerous network traffic; for example, anomalous domain name server (DNS) queries used to exfiltrate data packets that are correlated to an exploit technique. Many companies are using intrusion prevention systems (IPS) for detection controls with advanced fire walling and exploit-detection capabilities that block some categories of attacks.

    Implement automated responses using the Qumulo API

    The Qumulo File Data Platform supports all major security software on the market through its auditing feature. In addition, Qumulo“s API allows you to initiate automated mitigation actions from any attack surface should a malicious activity be detected. There are multiple ways to leverage the Qumulo API with direct API calls and Qumulo provides Python libraries to simplify API script development and the Qumulo Core CLI.

    On the network, once the IDS system has detected a suspicious or even malicious activity for a file, the system can trigger automated events to mitigate risk. Qumulo provides a rich REST API which allows automating all kinds of management tasks on the cluster including malware mitigation tasks in case of a security event:

    Set a quota for a directory or set the full system to 0. Any new write activity is prevented (but overwrites might still be possible).
    Set a share to read-only or restricted IP addresses
    Remove privileges for a user(s)
    Take or restore a snapshot
    Start an antivirus on-demand scan
    Recent history has shown that even good security controls can be overcome by ransomware; and therefore, a means to recover and resume operations is needed. Qumulo“s file system supports disaster recovery strategies with some very effective and easy-to-implement data services that are built into Qumulo Core including erasure coding, immutable snapshots, cloud backup, and snapshot policy replication.

    In the next article I“ll cover the third holistic domain: the recovery and resumption of operations (roll back) after a ransomware attack.

    Stefan Radtke
    Dr. Stefan Radtke, Field CTO EMEA, has spent his career working in technology and is the principal evangelist of universal-scale storage for Qumulo. He started as employee #1 in EMEA in 2017 as Technical Director where he built a fantastic multi-national technical team. Recently he took over the role of the Field CTO and he is now focusing on building a strong technical team for Cloud Q. He“s a certified AWS Solution Architect Professional and Azure Solution Architect Expert.

    Über Qumulo, Inc.
    Qumulo ist marktführender Anbieter eines radikal einfachen Enterprise Filedaten-Managements in hybriden Umgebungen. Die hochleistungsfähige Filedaten Plattform von Qumulo wurde entwickelt, um Daten in ihrem nativen Format zu speichern, zu managen sowie Workflows und Anwendungen zu erstellen – auf Massive-Scale Niveau, On-Premises sowie in der Public Cloud. Qumulo hat das Vertrauen von Fortune-500-Unternehmen, von großen Film- und Animationsstudios bis hin zu einigen der größten Forschungseinrichtungen der Welt, um den gesamten Datenlebenszyklus mit grösster Einfachheit zu managen (Daten-Ingestion, Transformation, Daten-Publishing, Archivierung, dynamische Skalierbarkeit, automatische Verschlüsselung, Real-Time Daten-Transparenz, kosteneffiziente Kapazität). Eine fortschrittliche API versetzt Kunden in die Lage, Qumulo ganz einfach in ihr Ökosystem und ihre Workflows zu integrieren. qumulo.com.

    Kontakt
    Qumulo
    Stacey Burbach
    4th Ave #1600 1501
    WA 98101 Seattle, WA 98101, United States
    +1 855 577 7544
    lia@pr-emea.net
    https://qumulo.com

    Die Bildrechte liegen bei dem Verfasser der Mitteilung.

  • Acronis Cyber Protect – Einigkeit macht stark

    Acronis Cyber Protect – Einigkeit macht stark

    Datensicherheit, Datensicherung und Datenschutz wurden in der Vergangenheit üblicherweise separat betrachtet und mit unterschiedlichen Softwareapplikationen adressiert. Mit seiner neuen Cyber Protect-Lösung kombiniert und koordiniert Acronis diese drei unverzichtbaren Elemente eines fachkundigen und vertrauenswürdigen IT-Betriebs. Die Vorteile liegen auf der Hand: eine erheblich vereinfachte Administration, ein Plus an Sicherheit und – nicht zuletzt – eine Senkung der Betriebskosten.

    Das Unternehmensnetzwerk vor kriminellen Angriffen zu schützen, für den Fall unvorhersehbarer Systemausfälle gewappnet zu sein und darüber hinaus rechtliche Datenschutzregularien zu beachten, sind zeitraubende und komplexe Herausforderungen, die oft eine schnelle und umfassende Unternehmensdigitalisierung behindern. Zu diesem Ergebnis kommt eine aktuelle Bitkom-Umfrage unter 502 deutschen Unternehmen mit mehr als 20 Mitarbeitern. Demnach ist das Verhältnis zum Thema: IT-Sicherheit ist in vielen Unternehmen widersprüchlich. So haben 61 Prozent der Unternehmen Angst vor unberechtigtem Zugriff auf sensible Unternehmensdaten, gleichzeitig betrachten 57 Prozent der Befragten die Anforderungen im Hinblick auf die IT-Sicherheit aus Unternehmenssicht als zu hoch.

    Genau diese Diskrepanz beseitigt Acronis mit seinem neuen Cyber Protect-Konzept. Als aktuell einzige Lösung dieser Art integriert Acronis Cyber Protect die Cyber Security-, Data Protection- und Verwaltungsfunktionen unter einer Benutzeroberfläche, um Endpunkte, Systeme und Daten umfassend zu schützen. Herkömmliche Endpoint Protection-Produkte verlangen einen hohen Verwaltungsaufwand – etwa zur Pflege von Lizenzen, zur Installation von Updates und Patches, die Durchführung von Kompatibilitätsprüfungen nach Updates oder die Verwaltung mehrerer Richtlinien – und das alles oft mit unterschiedlichen Benutzeroberflächen. Acronis Cyber Protect arbeitet dem gegenüber mit einem Protection Agenten, einer zentralen Management-Konsole und einer Lizenz. Die Komplexität wird eliminieren, Ausfallzeiten werden minimieren und die Produktivität gesteigert.

    Als Sicherheitslösung der neuesten Generation verfügt Acronis Cyber Protect über eine Vielzahl innovativer Funktionalitäten: So ermöglicht eine fortschrittliche KI-basierte Technologie die verhaltensbasierte Erkennung von Zero-Day-Malware- und Ransomware-Angriffen. Neben Image-Backups kompletter Systeme, Datei-Backups und einem schnelle Disaster Recovery, unterstützt Acronis Cyber Protect die Erfassung spezieller Metadaten für forensische Sicherheitsuntersuchungen. Eine einstellbare URL-Filterung, Schwachstellenbewertungen, sowie eine zentrale Patch- und Remote-Verwaltung runden das Leistungsprofil ab.

    Die Lösung eignet sich als Datensicherungslösung, sowohl für die Workstations der Mitarbeiter, als auch für unternehmensintern betriebene Server. Natürlich integriert sich das Produkt auch optimal in die Terminal Server von united hoster. Die Ablage der gesicherten Daten erfolgt DSGVO-konform in der united hoster Cloud in unserem Rechenzentrum in Frankfurt/Main.

    Mit Acronis Cyber Protect bietet ihnen united hoster ein hochfunktionales Werkzeug im Kampf gegen sich ständig weiterentwickelnde Bedrohungsszenarien. Es entlastet sie von täglich anfallenden, zeitraubenden Routineaufgaben und verschafft ihnen Freiräume für die Planung und Umsetzung strategischer Digitalisierungsprojekte.

    Werfen Sie einen Blick in die Zukunft der IT-Sicherheit und testen Sie Acronis Cyber Protect 14 Tage lang unverbindlich und kostenfrei.

    Jetzt informieren und testen!

    Clouddienste brauchen eine sichere Plattform. Infrastruktur und Hosting-Lösungen für Privat- und Geschäftskunden. Wir finden die richtige Lösung für Sie!

    Kontakt
    united hoster GmbH
    Alexander Pelz
    Max-Eyth-Str. 21
    72622 Nürtingen
    0711 169173 50
    info@united-hoster.de
    https://www.united-hoster.de

    Die Bildrechte liegen bei dem Verfasser der Mitteilung.