All RackTop Systems Sponsored Tech Note

Defending Against the Widening Threat Landscape with Racktop BrickStor SP

In 2021, public records show that one in five businesses in Canada was hit with an information security breach. Larger businesses were most often targeted at 37% of the reported incidents, followed by medium businesses at 25%, and small businesses reporting at 16%.

If we break these numbers down, large businesses make up 0.2% of the reports at 2,936 organizations, medium businesses make up 1.9% at 22,725 and small businesses come in at 97.9% with a count of 1.2 million.

Of the $10B spent nationally in 2021 on information security remediation, almost half of that ($4.4B) came from large businesses, $2.9B from medium businesses, and the smallest amount, $2.4B from small businesses.

Put these together and we get a disproportional 62% of information security incidents targeting the top 2.1% of businesses. Budgets allocated to remediation follow this pattern with almost three-quarters of the money spent coming from that same sector.

Large organizations recognize that they’re a major target and invest appropriately. Smaller businesses however tend to look at these same statistics and conclude that they’re not significant targets, failing to take steps to protect their assets as a result. This turns them into even bigger targets in the process.

While it is true that the largest entities out there are more likely to experience an incident, the need for cybersecurity is universal.

BrickStor SP

RackTop presents BrickStor SP (Security Platform), a cyberstorage solution that functions as a high-security NAS by front-ending block storage and providing SMB and NFS access through a high-speed access/analytics/audit/encryption engine.

Rolling Snapshots

A rolling snapshot of every file on the system is taken every minute, allowing for easy rollback to a known-good state.

When data is compromised through ransomware attacks and the like, it is relatively easy to recover the file and also examine what changes were made as part of a forensic investigation.

Professionals who are regularly involved in ransomware recovery know that undoing the rapid encryption process of a ransomware attack and detecting internal data modifications that are out of the normal patterns, such as hiding embezzlement, changing academic results, and are are two very different things.

Active Defense

The core strength of the BrickStor SP platform is high-speed monitoring and remediation of unusual activity with the filesystem. Normal activity is constantly analyzed and factored into its learning engine. Abnormal activity is flagged and halted in short order, generating an alert to be dealt with by appropriate staff and/or processes.

Data exfiltration, where files are being copied rapidly from the storage system to local devices, is caught as soon as it goes over the system’s threshold for “normal” activity. High-speed data modifications, such as those found in ransomware attacks, are stopped in their tracks.

The Tech Field Day Showcase demonstration showed a ransomware process known to be able to encrypt files at speeds in the range of hundreds of thousands of files per second was stopped after changing only four, which could be recovered via the rolling snapshot functionality.

One Size Fits All

One of the refreshing aspects of BrickStor SP is its market placement, or lack thereof. The product can easily scale from being a single VM front-ending on-board storage from a server’s directly-attached disks, to RackTop’s own SAS-attached hardware offerings, to front-ending large block-based SANs. Whether we’re coming into the game as a small organization or a large one, there’s a fit.

For the small organization with limited oversight capacity, BrickStor SP can be left to its own devices, providing data encryption, active defense and reporting. Larger organizations can customize this to meet their own processes such as requiring approval before active defense mitigation steps are taken. The administrative overhead of running the system can be as little or as much as is required by the business.

Regardless of how hands-off or hands-on the deployment, BrickStor SP learns from user patterns and provides an audit trail for post-incident forensics.

A Thought on “Cyberstorage” as a Term

“Cyberstorage” initially seems like a strange word because the prefix “cyber” traditionally has nothing to do with security. It’s all about maximizing human intent by leveraging machine processes, for better or worse. Cybernetics, cyberbullying, and Kubernetes all fit into this. Modern definitions broaden this to include anything to do with machines or the Internet, but this still doesn’t have anything to do with security, so what’s with the term?

The major threat that the BrickStor SP solution is addressing is the one presented by human elements being influenced for improper access to information. Traditional information security is good at addressing who should be accessing something, but it tends to assume that the weak human link is much stronger than it is, or at least that there’s little to be easily done about it. The RackTop approach gets into the patterns of how they should be accessing things and takes action based on suspicious activity regardless of the permissions granted. It’s taking the zero trust concept beyond the individual and factoring in the activity itself.

Cyberstorage actively polices human/storage interaction and may well be one of the more aptly-named “cyber-” technologies out there.

The Whisper in the Wires

Most organizations don’t have a team of people managing their cybersecurity policy and response. Many are lucky to have a team managing IT at all. The BrickStor SP product lends itself well to either, which is a refreshing turn in an industry that tends to focus on the top of the market.

Smaller companies that need a fire-and-forget solution that can prevent a breach in real-time and report the incident will find exactly what they’re looking for in this solution. Conversely, those who have large data sets with complex and granular access policies and controls will appreciate BrickStor SP’s flexibility to adapt to these. Best of all, there’s an easy migration path within the platform as the business grows.

Pricing is a discussion to be had with RackTop’s sales folks, but it’s well worth having that conversation.

Watch the RackTop BrickStor Showcase and more on the Tech Field Day website for more information.

About the author

Jody Lemoine

Network Greasemonkey, Packet Macrame Specialist, Virtual Pneumatic Tube Transport Designer and Connectivity Nerfherder. The possible titles are too many to count, but they don’t really mean much when I’m essentially a hired gun in the wild west that is modern networking.

Leave a Comment