Defend Your Data From a Ransomware Attack
In this article
The following article is content provided by Cohesity.
Ransomware is the fastest growing type of cybercrime. Analysts predicted ransomware will attack a business every 11 seconds by the end of 2021. And every time a cybercriminal succeeds, the organization attacked is damaged—financially and often reputationally.
More than 59 zettabytes of global data is expected to be created, captured, copied, and consumed in 2020, according to IDC2. Data is expected to grow 3X over the next five years, as compared to the previous five. As data continues to grow at this unprecedented rate, how will your legacy backup and data management product keep up?
Your backup is supposed to help protect your data from ransomware, yet its capabilities likely fall short of Cohesity's modern data management solution. Your product itself can be a prime attack target because 85% of systems targeted most by ransomware are Windows3. It might back up your data but it is not immune to sophisticated ransomware attacks. Additionally, without early ML-based detection, it likely can't proactively detect and rapidly recover from ransomware—Cohesity can.
Doesn't your organization deserve better? What would you do if you knew a comprehensive backup and data management solution purpose-built to protect, detect, and rapidly recover from ransomware was available today? Would you switch, simplify, save, and solidify your data defense?
Despite the best efforts to thwart ransomware attacks, cyber criminals are innovative, and they continue to create new malware. This means more sophisticated and targeted ransomware attacks all the time—with the same goal: Disrupt business operations in the hopes victims will pay to restore order.
No industry is immune. And because enterprises are now even more attractive targets than consumers, your organization must proactively prepare for when, not if, cyber criminals come for your data.
Success in today's digital economy means maximizing use of your organization's data for competitive advantage. Dev/test, insights, and analytics are a few ways to put your data to work—especially backup and other unstructured data, which represents 80% of all enterprise data.
Yet explosive data growth and the value of that data are attractive to ransomware hackers. These cyber criminals have begun targeting your backups more aggressively to gain full control of what has long been considered your insurance policy to business continuity.
Lightning-fast changes in how and where malware appears now make it impossible for your enterprise to combat each potential new attack. Cohesity is a comprehensive solution to defend your backup data against ransomware.
Taking a multi-layered approach to data protection is the best way to safeguard your backup data against ransomware attacks. It comes down to three important concepts that Cohesity has built in:
Malware—such as "Locky" and "Crypto"—target backups, infecting the very infrastructure you thought would be your greatest insurance policy. Compromised backup infrastructure becomes a payload for cyber criminals and time is on their side: On average, it takes organizations 197 days to identify a data breach. And 71% of recent survey respondents said remote work would increase this time. Successful ransomware attacks are often devastating: the average cost of a single attack is $3.86 million—healthcare at $7.13 million—with IT and end-user productivity loss, systems downtime, and theft of information assets representing nearly 80% of the financial impact.
The Cohesity modern multicloud data platform protects your backup from becoming an attack target better than Veritas by:
- Reducing Your Attack Surface – Many environments are architected on fragmented point products, including media and master servers, with backup software running on those servers, and siloed target storage—all of which increase exposure to ransomware. In contrast, Cohesity reduces enterprise data footprints by consolidating all backup and disaster recovery components on a single, global platform. Beyond that, Cohesity includes global variable-length dedupe across data sources and compression to further reduce surfaces available to attack.
- Strengthening Your Defense with Hyperscale Architecture – Built before cloud environments were popular, legacy environments lack the modern capabilities needed to defend against today's cyber criminals:
Immutable file system with read-only state snapshots - Cohesity's multicloud data platform is purpose built to thwart cyber attackers. Cohesity protects backups snapshots and stores backup data in an immutable state. That backup is never accessible—nor mounted for external applications. External applications can only access the backup data on Cohesity through a zero-cost clone of the original backup in read-write mode. Because of this unique design, ransomware cannot infect the immutable snapshot.
DataLock policies – Cohesity's write-once-read-many (WORM) capabilities for backup allow certain roles to set unchangeable DataLock policies on selected jobs. For example, a security officer can now store backups in WORM format with a time-bound setting, enforcing data protection that cannot be deleted even by an administrator or that same security officer.
Multifactor authentication (MFA) – Any person accessing a Cohesity backup must authenticate using two forms of verification.
Policy-based air gap – IT staff can automatically replicate data to another immutable Cohesity cluster on-premises or in the public cloud to ensure an additional copy of the data is always available at another immutable site.
Ransomware attacks are evolving fast. And they're looking to exploit your data and applications, whether they reside on-premises or in the public cloud. While legacy products lack capabilities to help you detect attacks, Cohesity detection features keep your team one step ahead.
Only Cohesity features a single, global SaaS-based user interface and security dashboard that enables your team to automate monitoring, quickly recognize change, and take action fast on your data and applications, regardless of whether they reside on-prem or across public clouds:
- Automatic monitoring – In the fight against ransomware, Cohesity's machine-driven learning gives you an advantage.
- Cohesity offers insights people may miss by automatically and continuously monitoring the data ingested from primary sources.
- Recognize patterns and changes – Cohesity's machine learning-based algorithm establishes patterns and automatically scans for data ingest/change rate anomalies to flag a potential ransomware attack in the IT production environment. If the data change rate of your primary files is out of the normal pattern range—based on daily change rates per logical data, stored data after global deduplication, or historical data ingest—Cohesity anomaly detection expedites remediation by sending a notification to your IT administrators as well as to Cohesity's support team.
- Quickly take action – Once notified, your IT administrators as well as Cohesity's support team can work together to determine next steps.
In addition to monitoring backup data change rates to detect potential ransomware attacks, Cohesity uniquely detects and alerts for file-level anomalies within unstructured files and object data. For example, with Cohesity Spotlight—a Cohesity Marketplace application that runs directly on the Cohesity platform—your team can easily search audit logs to determine anomalous file-access patterns. This includes analyzing the frequency of files accessed, number of files being modified, files added or deleted by a specific user or an application, and more. These capabilities help ensure a ransomware attack is detected fast.
Should the worst case happen and attackers request ransom, ensure your business and users enjoy the fastest recovery possible—at scale.
Cohesity has these capabilities that other products don't to get your team back to work fast:
- Deep visibility for a clean recovery you can trust – Cohesity mitigates risk by ensuring you don't re-inject a cyber vulnerability into your production environment during data restore. A detailed dashboard shows your team the health status and cyber vulnerability index of your backup snapshot. Recover to a clean point in time and meet your business SLAs.
- Unlimited scalability – Because Cohesity is architected on hyperscale architecture, it allows IT admins to grow their Cohesity clusters limitlessly and store unlimited snaps and clones without any performance impact. And your data is close which makes for faster recovery versus pulling data back from off-prem.
- Global actionable search – Cohesity's unique, global search capability allows you and your teams to quickly locate data and infected files and take appropriate corrective actions. This includes finding a malicious file across all workloads, and taking necessary action to contain it. Cohesity search can also provide a cleanest point in time to recover recommendation.
- Instant mass restore – Ransomware seldom strikes just one or two VMs or files. It's a disaster recovery scenario that requires a robust, modern solution that can instantly recover hundreds of VMs, including bare metal, instantly— at scale, to any point in time. Unlike other solutions that can take days, if not weeks to recover a large number of VMs, Cohesity's instant mass restore is proven, world-class efficiency.
With legacy backup products, you'll likely have to sacrifice time, money, or customer trust because of a ransomware attack. Not with Cohesity.
Cohesity's comprehensive approach to defending your data against ransomware—across on-prem and multiclouds—protects your backup data, provides early detection, and enables you to rapidly recover with instant mass restore. As a result, your organization experiences zero data loss and gains the confidence to refuse a ransomware payment.
Protect, detect, and rapidly recover from ransomware attacks with Cohesity.