Ransomware and the threats to your data are scary – and unlike most of the ghosts and ghouls walking your neighbourhood this Halloween they’re real which makes then REALLY scary. Even more frightening is that the malware itself is changing and evolving as time goes on so that not only are organizations facing encryption or deletion of their data, but now face the possibility of their company secrets or customer data is exfiltrated, stolen, and potentially leaked. I’m not going to bore you with the spooky stats around the threat ransomware and malware pose, there’s dozens of reports and cybersecurity sites you can go to like IBM’s annual “Cost of a Data Breach” report, Sophos’ State of Ransomware report and many others you can scare yourself to sleep with.
Figure 1: The risks to your data from ransomware
Stats aside, the key point here is that the threat of ransomware to your data is real, and it’s not going away. Ransomware gangs are even expanding their target lists to launching attacks against not just company data, but to cripple their recovery capabilities by targeting the backup software protecting that data.
Yes, most backup solutions these days, include some cyber security and resiliency measures to help protect against these threats. Maintaining an immutable copy of the backup data is the most common defense, with many even offering secured air-gapped copies of the backup stored in the cloud like Metallic Recovery Reserve. However, these are just ways to store a safe copy of the backup data to recover from, but don’t help actually find if there’s a problem. That’s where machine learning and AI driven Anomaly Detection comes into play.
Metallic Recovery Reserve provides secure, air-gapped copies of your backups
Essentially, anomaly detection establishes a baseline of what “normal” is for the data you’re protecting and will alert you should anything abnormal occurs. This could be a sudden change in file sizes, ownership, creation/deletion, and any number of other changes n the behaviour of the data. Most backup solutions that do provide this are limited to only looking at the data sets they have stored as backup copies, and if you’re only backing up once or twice a day, that leaves a lot of opportunity for something to happen and you not find out about it until it’s too late.
These types of anomaly detecting backup vendors are REACTING to something that’s already happened. It’s the smoke alarm telling you that the house is on fire…and that’s usually too late to prevent damage, and you can only really jump right to triage and recovery mode. But what if you could get an early warning? What if you could catch these bad actors before they light your data house on fire?
This is where PROACTIVE ransomware detection steps in. In the case of Commvault and Metallic, we go beyond just scanning our own backup data looking for threats, we’re actively monitoring the live environment keeping an eye out for trouble. This concept is sometimes called “shifting left” as we move earlier in the incident timeline to catch things before they happen.
One of the technologies leveraged by Commvault is often referred to as a “HONEY POT’. This acts as the proverbial “canary in the coal mine” and monitors your production environment for suspicious activity. Keeping an eye on your live data environment to give you that earlier warning and enable a faster incident response.
Now let’s get to the real TREAT then – Threat Deception.
Threat deception technologies, like Metallic ThreatWise go beyond even what honey pots do to actively defend your data and TRICK the bad actors into revealing themselves. Quite simply, ThreatWise plants a number of sensors, visible only to these bad actors, that simulate real data assets to trap the hackers into attacking the wrong target. To them, the sensors look like real data targets of value and they can’t tell the difference between these decoys and the Real McCoy.
Unlike other backup anomaly detection, ThreatWise is designed to actively engage threats the moment they begin. By planting these trip wires across production environments, ThreatWise delivers early warning signals into zero day and advanced cyber threats during recon, discovery, and lateral movement – before bad actors reach their targets.
Now through this deception you really get proactive and take that battle for the security of your data to a new level. ThreatWise, and our patented cyber deception capabilities, are unique to Commvault – that’s right, no other backup solution in our industry today can offer this kind of cyber defense and protection!
Earlier warning, active deception, immutability, air-gaps, and the industry’s broadest workload coverage all combine to make Commvault a solid partner to protect and respond to the growing threats to your data. So this Halloween, why not turn the tables and pull a trick or two on ransomware! TO learn more about ThreatWise you can reach out to us to arrange a demo or even request a free trial and see for yourself (https://metallic.io/threatwise-cyber-deception). To learn about our complete portfolio of features to help defend you from Ransomware you can visit https://www.commvault.com/ransomware
And for all treat and no tricks (although there may be some surprises) – join us for Commvault Connections 22 here