Why Storage Is the Last Line of Defense for Data Security

Since ransomware attacks occur frequently, various measures are put in place to protect against them, including:

• Prevention before attack: Vulnerabilities are quickly identified and rectified, and ransomware is analyzed and quickly identified.
• Interception during attack: Known ransomware is accurately detected and removed, and unknown attacks are identified immediately.
• Tracing after attack: Paths are analyzed for timely blockage, and features are saved to libraries for future prevention.

Many security vendors would advise enterprises to enhance their security awareness, and to periodically back up their important data to minimize exposure to risks. However, despite having so many measures in place, storage is an absolutely essential part of ransomware protection.

Ransomware is hard to prevent and hard to fend off

Ransomware is different from common computer viruses. If common viruses were hoaxes, ransomware would be a well-planned conspiracy. Behind targeted ransomware is a profit-oriented criminal who won’t stop until they reach their goal. Ransomware has the following features:

Many different camouflage methods: The camouflaged malware can gain access to the system through storage media, phishing emails, website Trojans, social networks, malicious insiders, and zero-day vulnerabilities (where security vulnerabilities that have not been resolved yet), and it is not possible to guarantee successful interception.

Prolonged latency: Ransomware is evolving and becoming increasingly complex. Attackers aiming for big returns have been known to invest a lot of time and money into researching and carefully planning their attacks for weeks or even months to maximize their chances of success.

Traditional security systems use a passive approach

According to Northrop Grumman’s Defense in Depth (DiD) model, there are five lines of defense against ransomware attacks.

Perimeter and network security are built into the network layer where the key to protecting against ransomware is to prevent and block known threats and detection from the malware. Endpoint and application security are deployed at the host layer. They update system and software patches, making it harder for cybercriminals to exploit vulnerabilities. Both network-layer and host-layer measures are passive forms of defense, meaning that firewalls and antivirus software can only prevent attacks from known viruses.

Common protection methods such as network firewalls and antivirus software cover the first four layers, but data protection at the fifth layer has been lacking for a long time.

Because of ransomware’s high invisibility and camouflage, it’s often too late when victims detect it. Attackers tend to lurk for months, encrypting the data and demanding a ransom after they gain higher privileges and possess large amounts of critical data. Victims are often unprepared to resist, leaving their data at high risk of breach even when blocking it is available.

At this point, if the first four layers of defense have failed, the victim will likely be extorted into paying a huge ransom. As the last line of defense, storage systems must proactively form the fifth layer of defense.

How Storage Defends the Last Line

Storage systems protecting against ransomware need to be able to accurately detect threats and prevent tampering.

Anti-tampering: Even if data is encrypted by ransomware, storage systems can handle it with ease. The system deploys anti-tampering techniques so that historical data backups or snapshots cannot be tampered with or deleted. In case of attacks, data can be quickly recovered to reduce losses.

Accurate detection: The storage system should detect abnormal I/Os caused by ransomware attacks immediately. The accuracy of Huawei storage system in identifying ransomware is as high as 99.9%. Data protection is initiated upon ransomware detection to quickly minimize data losses.

The Huawei Ransomware Protection Storage Solution is a four-layer protection system which protects data through ransomware detection, production storage recovery, backup storage recovery, and isolated storage recovery.

With ransomware attacks becoming more rampant, having the best possible comprehensive defense system — covering network, host, and data layers — is a top priority. As the last line of defense, a storage system can provide data security that isn’t offered in traditional security systems. The three-layer protection mechanism of prevention before attack, block during attack, and recovery after attack can empower organizations to say “no” to extortion.

Learn more about the Huawei Ransomware Protection Storage Solution.

Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.