Maximize Power of Lines of Defense Vs. Cyber-Attacks with IBM Storage FlashSystem and Storage Defender
Storage Defender combines software sensors with inline data corruption detection that comes from FlashSystem Flash Core Modules.
This is a Press Release edited by StorageNewsletter.com on April 23, 2024 at 2:02 pmBy Raul Raudry, storage product marketing, currently performs marketing activities for IBM Storage Defender product, IBM Corp.
Today, cybercrime is good business. It exists because the profits are high while the risks are low. Far from stopping, cybercrime is constantly increasing. In 2023, the FBI received a record number of 880,418 complaints with potential losses exceeding $12.5 billion. This is a nearly 10% increase in complaints and 22% increase in losses compared to 2022.
According to the 2024 IBM X-Force Threat Intelligence Index, ransomware has become the most common attack observed globally in the past 4 years. Knowing the havoc caused by ransomware, organizations invest in creating lines of defense vs. this threat, so it is not surprising that today, cybersecurity is the number one expense in business technology.
When a cyberattack strikes, the ransomware code gathers information about target networks and key resources such as databases, critical files, snapshots and backups. Showing minimal activity, the threat can remain dormant for weeks or months, infecting hourly and daily snapshots and monthly full backups. Once the ransomware has collected all the information it needs, it begins the actual attack, encrypting and making critical files and databases unusable. File encryption is fast and the attack can cripple critical business data in a matter of minutes.
Take data resilience to next level
Fortunately, ransomware attacks can be detected and several lines of defense can be built in advance to contain and control the threat. To help organizations face the different variants and strategies used to perpetrate an attack, IBM provides end-to-end data resilience solutions to efficiently defend organizations from ransomware and other malware attacks.
IBM Storage FlashSystem provides storage protection based on immutable copies of data logically isolated from production environments. These Safeguarded Copies cannot be modified or deleted through user errors, malicious actions or ransomware attacks. IBM Storage FlashSystem also offers inline data corruption detection through its new Flash Core Modules 4 (FCM4), which continuously monitors statistics gathered from every single I/O using ML models to early detect anomalies at block level.
For its part, IBM Storage Defender is a purpose-built end-to-end solution that simplifies and orchestrates business recovery processes through a unified view of data protection and cyber resilience status across the hybrid cloud with seamless integration into security dashboards. It deploys AI-powered sensors to rapidly detect anomalies in VMs, file systems, databases and other applications hosted in Linux VMs.
Better together
These IBM Storage solutions are a flagship in the cyber resilience industry. Both have capabilities that complement each other, and working together can substantially improve the overall capacity for early threat detection, data protection and fast recovery. The way they interact in a coordinated manner is explained below:
Click to enlarge
To improve threat detection, Storage Defender combines its software sensors with the inline data corruption detection (IDCD) that comes from the company’s FlashSystem Flash Core Modules. This dual source provides more data to the ML models, reducing false positives and producing more accurate results.
Additionally, Storage Defender can help clients restore production systems more quickly, identifying the most recent trusted copy and its location. These protected copies can be in primary storage or traditional backups. If the copy is presented on primary storage, the client can use the value of that system to restore operations in minutes rather than wait for restoration over the network.
As an additional layer of protection, workloads can be restored in an isolated ‘Clean Room’ environment to be analyzed and validated before being recovered to production systems. This verification allows clients to know with certainty that the data is clean and business operations can be safely reestablished. Clean Room environments can be configured through integration with partner solutions.
Business benefits
The coordinated interaction between Storage Defender and Storage FlashSystem improves the lines of defense to fight ransomware more efficiently, delivering the following benefits:
- Unified and clear view of the overall data resilience status across primary and auxilliary storage.
- Automated creation of Safeguarded Copies logically isolated from production environments that cannot be modified or deleted during ransomware attacks.
- Ransomware detection at block level in 60s or less.
- Detailed information about validated Safeguarded Copies and their location, so they can be used as a trusted source of data to recover business operations quickly.
- Ability to restore a Safeguarded Copy within 60s or less.
- Clean room environment to verify that workloads can be safely restored to production.
- Alerts to Security Operations Center (SOC) and other incident teams to help coordinate the execution of recovery plans.
Today, only IBM can provide end-to-end data resilience across the entire hybrid cloud. It continues its commitment to further improve the synergy capabilities between Storage Defender and Storage FlashSystem, delivering the best solutions to maximize BC despite ransomware attacks and other data loss risks.