In this blog

IBM recently announced a new offering in their cyber resiliency portfolio. Spectrum Sentinel is a solution designed to simplify the deployment and operation of cyber resilient backup and DR for Epic EHR (Cache or IRIS) and SAP HANA environments. Until now, customers wanting to protect these environments from ransomware and cyberattacks would have to manually create processes that integrated multiple tools. Spectrum Sentinel is a unified solution that integrates the IBM Security and Storage cyber-resiliency offerings into a single product.

Cyberattacks are becoming more advanced every day and continue to evolve to work around modern cyber resiliency strategies. One example of this is the use of delayed action malware that will sit dormant for 90 days or more to ensure that even long-term backups have been infected prior to going active. Many companies would prefer to pay the ransom than attempt to restore three-month-old data. It is clear that the best way to fight against this type of attack is to detect the malicious activity as early as possible.

How it works

The two ingredients required for an effective cyber resiliency strategy are early detection and fast recovery of the data. IBM FlashSystem storage features the ability to take instant, immutable copies of production data on primary storage – this allows production data to be restored from a recent snapshot with no data copy delay. Because the snapshots are immutable, this creates a virtual air-gapped backup that cannot be affected by the initial malware attack. This process provides application-consistent snapshots via IBM's Copy Data Management snapshot orchestration solution.

However, being able to rapidly recover data from an immutable snapshot is only useful if the attack is detected quickly and action is taken in real time. IBM's Cyber Vault architecture incorporates IBM's QRadar SIEM Security offering that can detect signs of data corruption as they happen. Once any malicious activity is detected, the Cyber Vault solution can initiate immutable snapshots across the environment. Using machine learning, the solution can identify what data has been affected and quickly isolate any infected backups so that only known good snapshots will be used for restoration. And the solution quickly adapts to new threats due to QRadar's threat intelligence, which actively pulls in feeds via multiple open source standards.

What makes Sentinel different?

IBM Spectrum Sentinel takes this architecture one step further by integrating and tuning the solution for specific enterprise workloads. The analysis engine inspects inside files and databases for metadata and content changes, and finds corruption with up to 99.5% confidence. In the event of a threat detection, it can automatically generate detailed forensic reports for later analysis. It is currently available for Epic Iris, Cache, and SAP HANA environments, with future announcements for additional enterprise workloads planned for 2023, such as VMware, Oracle, and MS SQL.

The primary goal of Spectrum Sentinel is to simplify the ordering and deployment of a pre-integrated cyber resiliency solution for mission critical enterprise workloads. This also helps to eliminate gaps in functionality that occur when customers are forced to create piecemeal solutions. IBM has key agreements with Epic and SAP that allows for tight integration for current and future releases, making this a truly unique solution for enterprise customers.

Explore IBM Sentinel

WWT is an IBM-designated global and regional systems integrator (SI) and solution provider, and we know how important data protection is for modern companies. We encourage your organization to take a holistic approach to data resilience.