Introduction
Ransomware is one of the biggest threats facing any company today, and for good reason. The raw numbers of ransomware attacks are going up- Symantec reported that infections in 2021 doubled from the previous year, and that pace shows no signs of slowing down. Similarly, the sophistication of ransomware payloads and attack strategies is going up at least as fast. Modern ransomware attacks do not just attempt to lock down a single infected server. Instead, they attempt to lock down the entire IT operation. And the main target of these modern attacks is not systems- it’s data.
Solving The Problem of Data Sprawl
Data storage requirements are growing faster than ever. Gartner warned of exponential data growth a decade ago, and that trend is also showing no signs of slowing down. In many companies this need for space has led to a pattern of buying storage systems such as SANs and NAS devices ad-hoc. And the old systems don’t just go away- just because you’ve bought a new SAN, the thinking goes, doesn’t mean that the old SAN is no longer usable. But this has significant downsides when it comes to data management and protection. More places data is stored means that there is more surface area for ransomware to attack. This is doubly dangerous if those old SANs are no longer supported with updates or security patches.
It is more important than ever to consolidate storage systems for data analysis purposes. A large inventory of storage systems makes it hard to know what data truly matters, meaning that many organizations keep a lot of data on disk that is no longer of any value. Smaller, more manageable footprints of data storage systems means that data can be analyzed in real-time, from one platform. This makes it easier for an organization to merge old and new data together based on defined use cases, and only keep the data that they truly need.
Protecting Your Data With Pure Storage
Solving for these problems is the heart of Pure Storage’s Consolidate, Connect & Protect strategy. In short, Pure’s solutions enable you to:
- Consolidate all your data together on one performant and flexible platform
- Connect your new and old data and analyze it for health and viability to your business
- Protect it from threats like ransomware using industry-leading security features
The Importance of Backups
Once you’ve consolidated all your data (and fine-tuned it to ensure that it is in the finest shape it can be in), you will certainly want to protect it. The first line of defense when it comes to protection is backups- and unfortunately, bad actors know this too. PurityOS has specific security features to protect your backups, no matter what backup software vendor you use. Two of them that work extremely well together are Immutable Snapshots, and SafeMode.
Immutable Snapshots
First up is Immutable Snapshots. Ordinarily, a backup software will store the first days/weeks of backup snapshots on a separate part of the Data Storage device. This asynchronous copy of your data means that it can be recovered quickly if required. It also means that snapshots on the SAN (or NAS) are a prime target for ransomware. Making your snapshots Immutable means that once a snapshot is taken, it cannot be modified or deleted by anyone- including someone with administrative access to the PurityOS console. When you set up your system, you enable the policies that dictate deletion schedules. Once those policies are set, those snapshots are untouchable outside of the preset policy.
SafeMode
The next level of protection that PurityOS has available is called SafeMode. This takes the idea of Immutable to the next level by requiring two specific and independent storage administrators to work in concert with Pure’s Support team to make changes to things such as Immutable Snapshot policy. This separation of control function makes it nearly impossible for a malicious attacker of any kind to delete the policies that protect the snapshots.
p.p1 {margin: 0.0px 0.0px 10.0px 0.0px; font: 9.0px Helvetica; color: #354257}
Figure 1 – SafeMode works on the PurityOS level, freeing you to use whatever backup software/method you want and still get industry-leading protection.
Additionally, if Pure Support does receive requests that are deemed suspicious to be immediately reported back to the storage admins at the site that is being attacked.
Conclusion
The scope and scale of modern ransomware attacks means that the IT Security mindset has to focus on “when” they will suffer an attack, not “if.” Much like zero-trust in the network and identity space, we need to take every possible precaution against attacks in the Data Storage and Backup/Recovery space. Pure Storage’s Consolidate, Connect & Protect strategy is a great place for any organization to start.
