Cyber Vault Immutable Backup and Storage Snapshots
Cyber Vault is a cyber-resiliency feature for a SAN that monitors immutable backups created by Safe Guarded Copy to protect against ransomware, viruses, malware and disgruntle employee’s attempting to destroy data. Cyber resilience is the capability and the amount of time an organization takes to recover from a successful cyber security attack, where data was either destroyed or corrupted. A Cyber Vault is part of an immutable storage solution that protects backups from data destruction, by identifying malware, ransomware and viruses on SAN snapsbots, and identifies clean backups to quickly restore the most recent safe snapshot. The Cyber Vault and Safe Guarded Copy security features ensure quick restoration of production data for high availability and business continuity as a result of a security incident that damages data.
The Safe Guarded Copy and Cyber Vault Immutable Storage features together make up the immutable backup snapshots using Safeguarded Copy feature, which ensures backups cannot be changed once created, and continuously monitors each backup copy to detect data corruption, abnormal changes and other potential signs of malware incidents. The Cyber Vault is an immutable storage solution that was adopted from mainframe platform due to its proven cyber resiliency success protecting IBM z storage. An immutable backup is a protected backup of data that cannot be deleted, changed or destroyed in any way, not even by the most privileged user on the system. Our Cyber Vault includes a combination of security and SAN backup software, flash storage and integrated processes patented by IBM.
Every IT and Security professional understands cybersecurity defenses will fall short, and an incident response will be needed. As a result, cyber resiliency must play a key role in every organizations disaster recovery plan. An incident recovery plan is a disaster recovery plan for a security incident, which involves the incident response team testing their cybersecurity defenses frequently to identify the risks and impacts of the gaps in the infrastructure. Businesses that do not integrate disaster recovery plans with cyber resiliency, may not be able to successfully recover their data or may take weeks or months to recover business operations.
Organizations relying on common data protection and storage features for disaster recovery will fail to protect against cyber-attacks, and will not have cyber resiliency required for cyber security insurance, let alone business continuity and high availability of their services. Unprotected and unmonitored backups cannot ensure a backup is clean and cannot prove a quick recovery of data, which is why they will not be successful with their cybersecurity insurance claims. Read the fine print! Cyber security insurance will most likely only protect your business from liability if you backups have immutability. Furthermore, some cyber security insurance policies in 2023 will require proof backups are immutable before even being provided a quote.
According to industry experts at the Ponemon Institute, in 2021 it took companies over 320 days on average to identify and contain malware, and another 23 days to recover from the attack. Now consider the many geo-political changes that have occurred since last year, and realize the cyberattacks in Poneman Institute’s Cost of a Data Breach in 2021 were primarily commercial grade attacks. However today we seeing a significant increase in military grade attacks, of which are designed to be much more entrenched into business processes and are rarely detected by best in class cybersecurity tools. Worse yet, the military grade attacks typically have no intention of bargaining with you, they only want to destroy your data.
Military grade malware and ransomware is “file-less”, residing exclusively as a memory-based artifact (exists in RAM). Military grade malware and ransomware are part of the cyber security family known as an Advanced Volatile Threat (AVT). AVT artifacts do not write any part of its activity to the computer's hard drive, and therefore very resistant to existing anti-computer forensic strategies that incorporate file based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaves very little by way of evidence that could be used by digital forensic investigators to identify illegitimate activity. Even the best of the best security solutions seldom identify these threats that are becoming much more prevalent.
Our Cyber Vault utilizes the NIST Cyber Security Framework for implementing a number of different features and technologies to detect, protect, respond and recover data after a successful attack; including Storage Insights, Ansible, QRadar SIEM, SOAR, Guardium, CloudPak for Security (CP4S). Some common security tools capable of integration with Cyber Vault include Splunk, Python Tripwires, CSM, and others.
Cyber Resiliency encompasses intrusion detection your entire infrastructure; including individuals, inter-connected systems, external vendors, services and cloud resources. Critical to detection is timely reporting and dashboards to alert teams to unusual activities and behaviors. The Cyber Vault immutable storage and backup solution provides organizations’ Cyber Resiliency needed for high availability and business continuity due to a successful cyber-attack
In addition to deploying the Cyber Vault immutable storage and backup solution for cyber security insurance and peace of mind; organizations should also assess how likely their servers are to suffer downtime due to a cybersecurity attack. There are numerous studies that explain the built-in security, data protection and high availability features a manufacture and brand of servers possesses, as well as the average amount of downtime the server brand experiences per year due to cybersecurity attack. The factors all make a difference and should help guide our decisions when acquiring any hardware or IT assets, and will affect your cyber security insurance costs.
IBM’s solution not only helps identify data corruption caused by malware and ransomware, it identifies which copies of your data have not been affected and is able to restore a clean copy of your data very quickly.
We offer a “no charge” Resiliency Assessment to help you identify gaps, strengths, and weaknesses against best practices defined by NIST CSF. The Cyber Resiliency Analysis assesses your organization’s readiness to sustain and recover from an attack, which includes ability to continue operations, the recoverability of your data and an estimated amount of time it would take to recover from a successful attack. As a result, the assessment should provide your organization an accurate depiction of your current data protection state, help identify gaps and provide recommendations to build an effective cyber resilience plan. This service would only require a Q&A session.
If you need more advanced security tools for identifying and preventing cyber-attacks, we can help with these requirements also. We offer a “no charge” Attack Surface Analysis showing the gaps and risks from an attackers point of view, and discover what you have exposed on your perimeter that is tempting hackers. On average, about 30% of a company’s public facing assets are unknown to the security team… so one of the goals of the External Threat Analysis would be to bring these unknown targets to your attention. This assessment will illustrate how an attacker views your infrastructure, so you can better understand which of your assets are the easiest “likely” targets. The assessment utilizes a SAS based penetration testing platform, and would focus on your IPv4 and IPv6 associated assets “continuously”, identifying compromised domains, login pages, outdated applications, assets revealing internal data and services being unintentionally exposed. This service would not require anything to be installed and would be provided at no cost to your organization. As a result, your company will be provided with the assessment report that should help your teams resolve any discovered risks.
According to industry experts: 277 is the average number of days it takes a company to identify and contain a data breach, whereas malware attacks took over 320 days last year. Average time to recover data took 23 days.