Data security is no longer an option; it’s a necessity. In a world where cyber threats loom around every corner, safeguarding your valuable data has never been more critical. At Storage Field Day last month, CTERA their proactive solution to ransomware.
CTERA is a hybrid storage system that you interface via their on-prem appliance. It then copies all data to an immutable copy in the cloud, which means they have every version of every file stored safely in the cloud.
CTERA then monitors for anomalous behavior in their storage system, detecting it within seconds. This is done via behavioral analysis, not using hashes or other virus-detection methods. They are looking for things that do not look like normal user behavior. This early detection they refer to as the first pillar of their system.
The second pillar of protection is the aforementioned copy of all data stored in the cloud. They think of this as the gold copy, as it cannot be deleted of modified.
The third pillar of their response is to mitigate it. They isolate the user making the anomalous behavior, meaning they stop all writes for that user. The biggest claim CTERA made is the ability to notice the behavior and stop it within about 30 seconds. This mitigates the amount of damage a particular user can make.
Finally, they can recover any files that user changed with a single recovery action using the golden copy of all data stored in the cloud. This recovery should be fairly quick, since it only has to restore files changed by a single user.
Analysis
This is a very interesting approach that I think will become more and more common. Watch how users behave, then stop anything that looks weird. At worst a false positive slows down someone doing real work that isn’t what they normally do; at best you’re stopping a ransomware attack before it spreads.
What I’d like to see is the addition of read anomaly detection. If a user suddenly starts reading 100s more files than they typically read, it’s time to stop that as well. It’s probably an exfiltration attack. They could pretty easily use the same engine to add significant value.
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at Sullivan Strickler, which helps companies manage their legacy data
[…] CTERA’s Proactive Solution to Ransomware […]