Security vs Protection – The Same, but Different

Though the words “security” and “protection” are mostly interchangeable in regular use of the English language, when talking about data, it’s a different story.

When we talk about data security, we are referring to securing data from becoming compromised due to an external, premeditated attack. The most well-known examples are malware and ransomware attacks.

Data protection, however, refers to protecting data against corruption usually caused by an internal factor such as human error or hardware failures. We generally address data protection by way of backup or replication – creating accessible versions of the data that may be stored on different media and in various locations.

Of course, these backups can be used for data recovery in either scenario.

 

Under attack

We have seen a dramatic rise in ransomware attacks in recent years, with startling results. According to the FBI, in Q1 of 2016, victims paid $209M to ransomware criminals. Intermedia reported that 72% of companies infected with ransomware cannot access their data for at least 2 days, and 32% lose access for 5 days or more. According to a July 2016 Osterman Research Survey, nearly 80 percent of organizations breached have had high-value data held for ransom.

 

security-vs-protection-1So what is ransomware?

Ransomware is a form of malware that is covertly installed on a victim’s computer and adversely affects it, often by encrypting the data and making it unavailable until a ransom is paid to receive the decryption key or prevent the information from being published.

Most infamously, Sony fell victim two years ago to a crippling attack that shut down its computers and email systems and sensitive information was published on the web. The Sony breach was a watershed moment in the history of cyber attacks. It is believed that the attackers were inside Sony’s network for over 6 months, giving them plenty of time to map the network and identify where the most critical data was stored.

The attack unfolded over a 48 hour period. It began by destroying Sony’s recovery capability. Backup media targets and the associated master and media servers were destroyed first. Then the attack moved to the DR and Production environments. Only after it had crippled the recovery capabilities did the attack target the production environment. After Sony recognized the attack, they turned to their Data Protection infrastructure to restore the damaged systems. However, they had lost their ability to recover. Sony was down for over 28 days and never recovered much of its data.

In Israel, the Nazareth Illit municipality was recently paralyzed by ransomware. Tts critical data was locked until the municipality pays the attackers the ransom price.

 

security-vs-protection

What do we propose?

While Dell EMC offers a range of products and solutions for backup and recovery on traditional media such as tape and disk, data is increasingly sitting in publicly-accessible domains such as networks, causing a heightened threat to data security. To address the shift in data storage, in particular the growing trend towards application development and storage in the cloud, Dell EMC is utilizing its decades of experience in the area of securing data with the most stringent requirements and the most robust and secure technology set in the market, to architect and implement solutions. The new technologies will lock out hackers from critical data sets and secure a path to quick business recovery. One such solution is Isolated Recovery Solution (IRS).

IRS 101

Essentially, IRS creates an isolated environment to protect data from deletion and corruption while allowing for a quick recovery time. It comprises the following concepts:security-vs-protection-3

  • Isolated systems so that the environment is disconnected from the network and restricted from users other than those with proper clearance.
  • Periodic data copying whereby software automates data copies to secondary storage and backup targets. Procedures are put in place to schedule the copy over an air gap* between the production environment and the isolated recovery area.
  • Workflows to stage copied data in an isolated recovery zone and periodic integrity checks to rule out malware attacks.
  • Mechanisms to trigger alerts in the event of a security breach.
  • Procedures to perform recovery or remediation after an incident.

*What is an air gap?

An air gap is a security measure that isolates a computer or network and prevents it from establishing an external connection. An air-gapped computer is neither connected to the Internet nor any systems that are connected to the Internet. Generally, air gaps are implemented where the system or network requires extra security, such as classified military networks, payment networks, and so on.

Let’s compare an air gap to a water lock used for raising and lowering boats between stretches of water of different levels on a waterway. A boat that is traveling upstream enters the lock, the lower gates are closed, the lock is filled with water from upstream causing the boat to rise, the upper gates are opened and the boat exits the lock.

In order to transfer data securely, air gaps are opened for scheduled periods of time during actual copy operations to allow data to move from the primary storage to the isolated storage location. Once the replication is completed, the air gap is closed.

 

Dell EMC’s Data Domain product currently offers a retention lock feature preventing the deletion of files until a predefined date. IRS takes such capabilities further. The solution will continue to evolve to simplify deployment and provide security against an even broader range of attacks (rogue IT admins, for example), IRS solutions will make life more difficult for hackers and data more secure. In IT, “security” and “protection” have been treated as two independent, orthogonal concepts. The new, destructive style of attacks changes that relationship. The two teams must partner to make a coherent solution.

 

~Assaf Natanzon @ANatanzon

The Robot Rock Cortex

The Robot Rock Cortex

Hurtling through the IT multiverse on leading edge of a ray of light this week Inside the Data Cortex:

  • Mark wants to replace everyone with a robot. Including The Rock.
  • Stephen rejects this and believes The Rock is the biggest movie star in the world. Both worry about Nick Nolte…and Ricky Martin?!?
  • Mark’s hero? Attila The Hun. Then he kills the vibe by deciding this week we’re talking about APIs. It is so disappointing.
  • Ransomware, Isolated Recovery Services, APIs for Services Providers, level based targeting, the stuff which will never be standardised, test automation and doubling your salary to slum it.
  • This time in books, Stephen wades further into the creation of the United States in “Revolutionary Summer” while in “The Great Crash, 1929” Mark discovers we are not stupid, just human. A Neal Stephenson recommendation, Asimov did it before you and in “The Price of Prosperity” the Emperor Augustus puts a tax on the childless.


Download this episode (right click and save)

Subscribe to this on iTunes

Follow us on Pocket Casts
Stephen Manley @makitadremel Mark Twomey @Storagezilla

Ransomware, have you heard of it?

Ransomware, have you heard of it?

Would you talk a left and walk down this alley without a second thought? No? What if a colleague told you that there might be something good in there? Of course not.

Then why would you do it with an embedded link, PDF, or other document on your computer?

 

Ransomware is not a new term but it is often overlooked. Everybody is far more familiar with malware, viruses, and spyware. However, ransomware has risen in public consciousness lately as more businesses are faced with paying a ransom to regain access to their data. The FBI reports that nearly $18 million have been lost since early 2014 due to one specific threat: CryptoWall. This, however, is not the only ransomware threat. Reveton, Cryptolocker and TorrentLocker have claimed multiple victims and there will be more to come.

 

Ransomware follow a traditional ransoming scheme with one twist. Historically, prominent people or items were ransomed for large quantities of money or property. With ransomware, however, the amounts often range from only $100 to $10,000. Typically the amounts are smaller to help the perpetrators stay under the radar of authorities. If the ransom amount is small, companies find it is easier to just pay rather than suffer greater losses in time, productivity, legal costs, regulator fines, etc.

 

Why is ransomware so effective right now? We all are to blame. We fail to update our systems for new security enhancements and bug fixes.  Many organizations’ change control policies leave open windows between a security release update and their application. Criminals exploit that window. The lack of reliable, up-to-date backups makes the attack more effective. Business aren’t sure they can get their data back, so they have to pay!

 

Small and medium businesses are most exposed because it is difficult to maintain in the proper protections. Often companies look at costs for security and backup software as a luxury and build a homegrown solution. While manually/scripting database dumps to a locally attached NAS (Network Attached Storage) system or the cloud may work for daily operation, but it doesn’t protect against ransomware.

 

Ransomeware helps us remember why traditional backup is still relevant. Ransomware can replicate itself out to network storage and other systems, propagating and encrypting everything it touches. While snapshot-based protection techniques make the data immediately readable without the necessity reconstruction or proprietary formats, it leaves the data exposed. Backing up your environment has never been more important and ensuring you are doing it correctly, based on industry best practices, is a must. One size and one technique won’t address all your challenges.

 

Why is somebody from EMC’s Core Technology Group writing about ransomware? We will not be scanning for malware, virus or ransomware signatures. We won’t keep your users from walking down the dark alley. But we will keep your data safe and recoverable. We are your protection of last resort. Your data will be there, secured, consistent and recoverable. EMC now has a Special Ops Team to deliver Isolated Recovery Solutions (finally – a good IRS).

 

This team is comprised of some of the best minds across EMC ecosystem and designed specifically to help protect the world against data threats. Their expertise spans the primary storage, data protection and implementation to help you fully understand these types of dangers and how best to defend against them. They can help you understand planning and design, data isolation and replication, data validation, and advances in restore and recovery.  You will learn more about concepts like Air Gapping, physically isolating secure and unsecure networks from each other and how a complete and true disaster recovery plan can help to minimize or eliminate the impact any attack can have.

Go HERE for more information on this team and what they can do to help you protect your business from the Various Nefarious out in the cyber world.

 

Steven Weller @stvnwllr