I ransomware they remain one of the most damaging threats globally. Once ransomware has made its way into corporate infrastructure, it disrupts the operational continuitycause serious damage to the company in terms of availability and integrity of data, damage its image and reputation, can expose it to risks of sanctions due to the failure to use adequate security measures, the online publication of personal data and confidential information.
IBM is addressing the ransomware threat through the introduction of new ransomware-based technologiesartificial intelligence, strictly related to hardware. At the moment, Big Blue explains that its initiatives aim to protect corporate realities larger in size, but the idea is to take inspiration from the same approach for the market too mainstream.
IBM Storage FlashSystem: Protect enterprise data at the storage medium level
Current products IBM Flash System they examine incoming data down to the block level without impacting performance when writing. They use technologies to detect situations in which data is damaged aided by artificial intelligence. This way you can detect all of those anomalies which could be the indicator of the start of a cyber attack. The solution proposed by IBM allows, at the same time, to react to the attack by responding in a timely manner and restoring the immutable copies of company data.
The immutability of data is the ultimate goal to which more and more companies are looking: in particular the approach WORM (Write Once, Ready Many) allows you to enable data writing only once, allowing only subsequent reading operations. In this way, on the one hand, the effects of human errors can be avoided and, on the other, ransomware can be prevented from encoding company data following a malware infection.
New technology enabled through technology FlashCore Module (FCM), introduced in IBM Storage FlashSystem products, is designed to continuously monitor I/O activity using machine learning models that detect anomalies such as ransomware in less than a minute.
Storage Defender helps increase security in modern hybrid and multi-cloud IT environments, intervening with its action at the file system level, on virtual machines, databases, applications, containers and workload SaaS.
Hardware ransomware protection on SSDs
IBM’s idea is not new (and the technology proposed by the company has already reached its fourth generation…). However, it is based on a mixed hardware-software approach which obviously sees the storage units as the main protagonists.
Phison e Cigent have jointly developed an SSD platform that protects against ransomware and data theft with mechanisms built directly into the firmware of the solid-state drives. THE controller Crypto-SSD NVMe from Phison bring ransomware protection to hardware and use Cigent Dynamic Data Defense Engine per Windows (D³E).
Cigent D3E protects data throughout their lifecycle, offering defenses based on the prevention and detection of insider threats, enabling the prompt identification of suspicious behavior within the company.
Other solutions, entirely hardware-dependent and operating at the level of firmware SSD side, are under study. SSD-Insider++, for example, represents the effort of some researchers who have exploited the intrinsic writing and deleting mechanisms of memorie flash NAND.
The creators of the project explain that the firmware of the SSD drive enriched with SSD-Insider++, detects and blocks ransomware “incursions” with 100% effectiveness while nullifying any attempt at unwanted data encryption within 10 seconds of starting the process.
According to the research team, SSD-Insider++ would have highlighted FRR/FAR values (False Rejection Rate e False Acceptance Rate) close to 0% in most cases.
Opening image credit: iStock.com – Zephyr18