Data survival or commercial disaster?

How to strengthen your protection against ransomware attacks

Sponsored Feature If you've detected a lull in the news cycle about ransomware attacks and think perhaps the number of breaches has subsided, you're right.

But while there may be fewer news items about this common type of cybercrime, it doesn't mean security administrators should let up their guards anytime soon. Because though the attacks may be fewer in number, the impact of those which are successful is now much more painful than in the past.

According to Cybersecurity Ventures, the global annual cost in damages of ransomware is predicted to reach $42 billion by the end of this year and $265 billion by 2031. In addition to fewer but heavier attacks, cybersecurity firms are also seeing additional ransomware trends in the second half of 2024 that include:

- bad actors targeting larger, higher-profile organizations, resulting in more severe losses.

- attackers and insider threats becoming more sophisticated, requiring faster and more comprehensive prevention and recovery solutions.

- businesses focusing on ransomware prevention as well as data recovery because the cost and downtime from successful attacks can be devastating, especially for critical industries such as healthcare,financial services and government.

As such, the importance of threat prevention strategies - detecting and blocking ransomware attacks before significant damage occurs - becomes more critical.

"Ransomware is one of the most profitable dark projects in the history of the internet," says Kaushik Ghosh, Product Management Leader for Nutanix Unified Storage. "While the number of instances may be subsiding, the bad guys are earning more profits with bigger payloads. Data protection has never been more critical than it is today. Enterprises need to have a strategy for when an attack does take place."

Why centralized management is a must

Several recent incidents indicate just how likely that scenario is. Earlier this year, Bank of America reported a ransomware attack targeting Infosys McCamish Systems, one of its service providers. This breach impacted more than 55,000 customers and involved unauthorized access to numerous personal details, such as names, addresses, phone numbers, US government Social Security numbers (SSNs), account numbers, and credit card information. This breach is still being repaired halfway through the calendar year.

Other notable ransomware attacks in 2023 and 2024 include AT&T seeing the records of 7.6m current and 65m former customers breached. Elsewhere MOVEit, a managed file transfer (MFT) application that provides secure file transfer services used by thousands of organizations and government agencies, had 77m records accessed by hackers. Ticketmaster Entertainment, LLC, was hit too, seeing a whopping 560 million customer records breached.

There are several reasons why these ransomware attacks continue to enjoy success. Few data management providers have all the tools needed to detect and weed out ransomware attackers at the enterprise level. As a result, many enterprises evolve their own DevSecOps processes in piecemeal fashion using various security tools. However, those can become increasingly complicated over time, requiring constant re-licensing and specific staff members to handle individual responsibilities.

For some enterprises, it makes sense to adopt a cyber-resilience approach to security which accepts that attacks are going to be inevitable and builds multilayered defenses spanning hybrid IT and cloud environments. This would include all major storage protocols, including NFS (network file system), SMB (server message block), AWS S3, and iSCSI.

Protection of these individually enables admins to focus on minimizing the subsequent damage from a ransomware attack. But perhaps nothing beats having one security partner that can do it all in one application. San Jose, Calif.-based Nutanix claims to be one of those few offering full-backstop storage and security management that can work with any existing enterprise environment.

Nutanix Unified Storage was built as a software-defined data platform that integrates block, file, and object storage with consistent data services across hybrid multicloud environments. Powered by Nutanix Data Lens, it provides advanced data services such as analytics, ransomware protection, lifecycle management, and data auditing. Nutanix Data Lens, aligned with NIST cybersecurity standards, can detect and block threats at the storage layer in minutes and activate a 1-Click recovery mechanism to restore the latest optimal file snapshot.

Nutanix, which started out in 2009 as a pioneer of hyperconverged infrastructure, has evolved greatly in the last several years to become the full-service data services management and security platform it now is, Ghosh added. It also offers centralized policy management and consistent protection across the organization.

"We prioritize mitigation and prevention with fast recovery, because prevention can be more effective at limiting the damage and downtime from a successful attack," he explained. "We also ensure that data is backed up and recoverable quickly, with features like instant virtual snapshot recovery rather than relying on tape backups. This maintains flexibility and avoids vendor lock-in, so data and workloads can be easily migrated to modern infrastructure as needed."

Nothing is ever "bolted on"

Nutanix also provides a wide range of data services beyond storage, including VMs, Kubernetes, and databases. Rather than compromising on user experience by "bolting on" additional services, it has instead built an integrated solution.

"Our focus is on user experience and design," Ghosh said. "Nutanix prioritizes ease of use in its products, with a dedicated design team in Berlin that helps create a seamless user experience."

Nutanix Cloud Platform, the company's central control module, runs Nutanix Unified Storage (across all nodes, physical or on the cloud) and Data Lens. They all have been built to present a unified approach to protect apps and data in a consistent way across those disparate environments – including core, edge and cloud, Ghosh explains. Nutanix Prism Security Dashboard enables holistic views of all networks and their configurations, allowing for effective management of apps, whether they include VMs or containers.

Because these components are interconnected, they can help enable organizations to rapidly detect a threat, limit its impact on the system and recover data quickly. Most often, ransomware hits are detected inside a 20-minute window, and the system allows for a one-click data recovery.

Joint testing with the Enterprise Strategy Group (ESG) found that Nutanix Data Lens detected ransomware activity and blocked files from the impacted user and their machines within 14 minutes of the start of an attack automatically, then identified the last known good restore point, enabling recovery operations to begin.

Streamlined management and fast scaling

Here's one example of a current Nutanix enterprise deployment, which takes into account a holistic application of all that Nutanix provides.

The University of Kansas Medical Center IT team has been working with Nutanix for around eight years. With just a small band of dedicated IT professionals at its disposal, the facility was struggling to deal with the volume and complexity of everyday management tasks required to keep its systems up and running as its infrastructure continued to expand, and in 2021 decided to move its campus video surveillance system onto the platform.

"One of the issues we would run into with storage and the fiber channel fabric was that whenever we had to do an upgrade on one piece, everything else had to be upgraded," reported Jeff Blomendahl, the University of Kansas Medical Center IT Manager. "Even a simple upgrade to the SAN often required a lot of prep work."

The University subsequently expanded its Nutanix Cloud Infrastructure deployment to incorporate more than 40 nodes, using Nutanix Prism to simplify management and help streamline its IT workflows. While it still uses VMware, the University continues to update its environment to use the native Nutanix AHV hypervisor to minimize its licensing costs. Scaling up to incorporate additional storage and capacity is simple – Blomendhahl just throws on and builds out another node - which makes it easier to keep up with new demands and applications.

Data security continues to represent a significant concern for organizations today, regardless of their size, geography, or industry vertical. Nutanix Data Lens is designed to help strengthen an organization's data security posture by providing it with the tools to detect, block, and recover from disruptions and the granular visibility into unstructured data to monitor threats that are on the inside.

The idea is not to let any anomalous activity slip through the cracks and you can download a free trial of Nutanix Data Lens here.

Sponsored by Nutanix.

More about

More about

More about

TIP US OFF

Send us news