ProLion CEO Robert Graf identifies the key ways that storage administrators and managers can improve transparency and security
In response to the constant threat posed by ransomware, many companies have focused their IT security efforts on end-point protection software to defend against the threat of attacks. But according to ransomware solution provider ProLion, protective measures such as firewalls and endpoint security are just one component of the wider, deeper approach that is needed to properly defend IT networks and assets against cyber-attacks.
ProLion CEO Robert Graf points to file servers as the part of an organisation’s network where cyber-attacks do the most damage – but which currently are most lacking in transparency and security. In many organisations, file servers are often a blind spot where unusual IT activities caused by a security breach go unnoticed until it’s too late to respond effectively and contain the damage inflicted. It’s for this reason that storage administrators have a crucial part to play in defending against the ransomware threat.
“Despite ransomware’s high profile, organisations still underestimate the threat it poses to their operations and IT assets,” said Graf. “One wrong click by an employee is enough to infect the entire operational technology (OT) network of a company, as the threat can spread very quickly from a local computer to the Network Attached Storage (NAS). Research shows that an average ransomware variant can encrypt nearly 100,000 files totalling 53.93 GB in under forty-three minutes. Most cyberattacks cause days of downtime as the storage team embarks on the tedious process of unencrypting and recovering data.”
“Ransomware can also lie dormant in storage systems for weeks and then cause enormous damage when it becomes active,” Graf continued. “Systematic monitoring of the storage environment can not only to identify and stop attacks or user misbehaviour more quickly but can also contribute to a more targeted and efficient recovery of affected files. A security solution that monitors all file server activity can help identify attacks quickly, slow them down and afterwards avoid long recovery cycles for the data and files that were affected.”
Graf explains below the five key IT security responsibilities for a storage administrator to take on:
- Continuously update block lists
Graf: “Ransomware strains and malicious file types that are already known can be specifically blocked by storage administrators. However, malware evolves extremely quickly, making it very difficult for internal IT teams to constantly monitor new attack patterns in addition to their core tasks.
“With the help of the right software, cyber-attack patterns can be monitored around the clock with corresponding detection algorithms continuously updated. Individual file types can also be added manually if required.”
- Use AI to analyse user behavioural patterns
Graf: “AI-supported software designed for monitoring file servers can assist in shedding light on what has historically been an unknown. Modern solutions use algorithms to analyse user behaviour in file systems. In this way, threats can be detected and stopped in a matter of seconds. This type of software can significantly improve attack detection times, meaning the encryption or theft of data can be limited or stopped altogether.”
- Identify the point of attack
Graf: “Through accurate documentation of data access patterns of all users, cyberattacks can be detected at an early stage and traced back to the affected users and end devices within a very short time. Infected user accounts and devices can be deactivated manually or automatically. Appropriate alerts are then sent to IT departments in real time to isolate any infected devices or compromised accounts.”
- Fast and targeted recovery
Graf: “A monitoring and auditing solution that tracks and documents file and data access provides user-level data visibility. As such, cyber-attacks and resulting changes to files can be quickly traced and any infections, deletions and changes are fully documented. Through this precise identification of damaged files, data can be restored from a snapshot in a matter of clicks.
“Even accidentally deleted files can be restored on an individual basis using these tools. Without the ability to precisely identify infected files and attack times, storage teams used to have to restore entire file folders from backups. This was not only incredibly time-consuming but important updates could also be lost, creating extra work for departments.”
- Integrate with existing security solutions
Graf: “A reliable solution requires multiple layers of protection. When deciding on a security solution that supports a transparent storage environment, it’s important to ensure that the application can be integrated with existing security solutions, such as a SIEM (Security Information & Event Management) platform. Successful integration is crucial to transparency and effective protection.”