Researchers warn that ransomware attacks are no longer a theoretical risk. It is a real threat that every organization should be mindful of. Is this the end of data privacy as we know it? And where does this leave the stewards of data that invest millions of dollars to keep customer data safe?
At VMware Explore 2023, we met with Commvault – one of the kingpins of the backup and recovery industry – to talk about the newest strains of ransomware attacks, and the preventive solutions they’re offering their customers.
Snooping In
Moving from generic tools and techniques and the resulting drama, attackers have resorted to more silent attacks that guarantee maximum impact. Lately, they have been using a new attack technique to that end – a strategy known as “living off the land”.
“We see a lot of these bad actors living off the land, just using existing commands and things that are in the systems, that aren’t being detected as malware,” said Thomas Bryant, Commvault’s Director of Product Marketing.
This strategy buys them most time, allowing them to evade detection even after they have been active in the environment for weeks.
Hiding for long is just in their interest. It lengthens their reach, and increases the possibility of inflicting a deeper impact. For victim organizations, it makes the clean-up messy and time-taking.
One may wonder – what happens when the attackers get to the data? The short answer is, they encrypt it. The long answer is, they go through a dirty process of changing things around in the environment – settings and policies in particular – as means to that end, before touching the data in the final steps.
“Customers are seeing more and more with threat actors coming into their environment, they’re trying to get into the data protection systems, and do things, like change retention policy,” said Bryant.
Changing the retention period, say back to the default one day, does a critical thing for attackers – it slims down the chances of a full and swift recovery because it leaves no good points-in-time to roll back to.
“Why do you back up data? It’s to recover data,” reminded Bryant. This renders the whole point of doing backups moot.
Commvault Metallic ThreatWise
It may come as a surprise to many, given Commvault’s long history as a backup and recovery company, but it also has its own line of proprietary data protection technologies, which helps build a well-defended environment.
For Commvault, data security is a multi-pronged approach. The company brings to offer a set of solutions that each provides a certain type of surface area coverage helping companies prepare for, respond to, and recover from attacks.
Unfortunately, ransomware is not a problem that can be prevented. It can only be corrected so far. But mercifully, there are ways to check the progress early on and minimize the blast radius. Commvault taps into one such technique to deliver ransomware protection.
Commvault Metallic ThreatWise is an early-warning solution designed to stop full-scale attacks from unfolding. A highly intelligent threat detection system, ThreatWise uses virtual decoys to detect and distract – think honey pots, but much more advanced. These decoys roam the environment, surveying the critical parts of the infrastructure that often serve as targets of bad actors.
This does two things – give operators deep, fine-grained visibility into the entire attack surface, and keep attackers from reaching real resources. To the attackers, these decoys appear as legitimate internal resources that they end up engaging with. Instantly, the decoys send back signals to the admins intimating them about the activity.
To expedite remediation, ThreatWise integrates with a wide ecosystem of security tools, helping contain threats at the roots.
A lot of the companies requiring data protection are still in the early phases of their multi-cloud journey. We asked Commvault how it helps those companies manage data protection in the multi-cloud environments.
Re-platforming data has several intricacies. Not only are they moving and shifting data from one infrastructure to another, but they may also be switching hypervisors or management software, said Bryant.
“We must think of re-platforming that data at the same time and validating it so that it comes up when you need it,” he added.
Commvault allows users to add cloud platforms natively, and activate data protection for workloads agentlessly. The solution uses native data protection capabilities of cloud vendors to achieve this continued protection.
Commvault is working towards enhancing its solutions with AI/ML technologies to unlock real-time detection and swifter recovery as a natural progression to a safer future.
Wrapping Up
There are several ways to approach data security. To have security fully enmeshed in every part of the network is a start. A more targeted approach is to have an early warning system in place that reports back every suspicious event in the environment instantly. It must make no mistake in detection, and send out just the right amount of alerts required to keep the environment safe, but not keep the teams busy all day long. It seems that Commvault has a solid understanding of these key requirements of data security in the age of ransomware, and delivers them through ThreatWise.
For more information, be sure to check out Commvault’s website for trials, demos and direct communication with their sales team. Also, check out Commvault’s presentations from the recent Security Field Day event to learn more about their latest data protection solutions.
