The problem ransomware it is there for all to see and causes enormous damage to businesses and professionals. Naivety in opening attachments, phishing attacks, failure to apply patches, inadequate security measures to protect the corporate network and individual endpoints are levers that attackers use every day.
Although attention is often focused on ransomware, it is not only these malicious components that are responsible for data loss and the blocking of entire work processes in the company. Indeed, ransomware – as we have often remembered – is usually the last, most obvious and dramatic manifestation of a cyber attack that began much earlier.
Not just ransomware: increasingly complex attacks that use automation and manual tools
Ransomware is increasingly targeting backups: solutions that ensureimmutability of the data they help prevent data loss and damage to company information. QNAP NAS allow you to protect backups by making the data stored in them immutable: in this way nothing and no one can modify the contents of files and folders once the elements are stored in the storage device.
Correctly applying at least the 3-2-1 backup rule, which also includes the memorization offsite of a copy of the archives of backup, your company information is safe. Protection is ensured in case of physical accidents, disasters of various kinds and theft of the storage device (provided that the data is protected using “strong” cryptographic solutions). QNAP also provides a handbook containing the essential operations to secure the NAS, together with all the practical tools to achieve the goal.
However, i business systems and the networks they don’t use policy adequate, in terms of account management, assignment of privileges, sharing of resources, segmentation, can show the possibility of lateral movements starting from workstation of collaborators and employees not sufficiently protected.
Storage professionals with QNAP
With this article we continue the events dedicated to those who wish to benefit from useful advice for innovating their own corporate infrastructure choosing the right mix of hardware devices, software solutions and technologies. The goal is to help professionals and companies promote digital transition increasing the productivity and competitiveness of the company.
The entire editorial project, developed in collaboration with QNAP, is focused onimportance of the data and on the activities that must be implemented to preserve its value. The videos that we offer as a corollary to each article are “pills” that in about 5 minutes describe the main needs of professionals and SMEs in the field of data management suggesting the best strategies to face today’s challenges and become “Storage professionals with QNAP“.
What are lateral movements
Il lateral movement in the security field it is the activity of an attacker who, after having acquired initial access, tries to move from one system to another, expanding his radius of action and advancing his objective. Instead of being confined to a single device or host, attackers use lateral movement to explore the network, acquire elevated privileges and gain access to confidential resources and data.
The philosophy is to create the greatest possible damage which does not manifest itself on “day zero” but remains “under the radar” for a long time, even hundreds of days. As he remembers QNAPthe attacks are based on a mixture of automation and manual tools.
QNAP ADRA protects NAS, servers, workstations and all devices connected to the corporate local network
Securing the network and individual systems, interventions which cannot be ignored, is not sufficient if we do not look at the company network as a whole. It is necessary to “close the circle” by enriching the company infrastructure with a tool Network Detection and Response (NDR)capable of monitoring in real time what is happening at the network level, reporting anomalous or suspicious activities and isolating potentially harmful users or systems.
Threats to the security of the network and company data
As we underlined at the beginning, a large part of modern cyber attacks find fertile ground because the safety guidelines are not correctly applied in the company. We often lose control over administration credentialswith many users who can unconditionally access a wide range of resources on the local network.
There are the problem of poor network segmentationwith workstations having direct visibility into servers and devices mission critical; poor or imperfect management of patch with the failure to apply essential security updates; the use of weak passwordseasy to “force” with simple attacks brute force; the presence in the company of system legacy (both hardware and software) no longer supported by their respective manufacturers, therefore subject to vulnerability which cannot be corrected with the application of official patches (because they are not available).
What emerges from the many accidents which increasingly involve high-profile companies, is that the attack starts from a device that is already within the infrastructure. Opening a malicious attachment, a phishing attack or spear phishing (the latter aimed at the specific company reality), the absence of patches on an employee’s system (for example at the level of the web browser, software for managing email, productivity, collaboration and communication activities operating system) are the “spark” that a remote attacker can be used to bring the “fire” to the entire company structure.
What is QNAP ADRA
QNAP ADRA is a smart device that analyzes network traffic in real time by detecting lateral movements and blocking hostile activities before problems can occur.
QNAP’s idea is to use one network switches equipping it with an “ad hoc” operating system, designed to inspect the type, content, senders and recipients of all data packets in transit. ADRA is somewhat unique on the market: it presents itself as an effective and powerful solution for SMEs that benefits from an intelligent approach to corporate network securityentirely implemented in hardware.
One smart switch NDR how ADRA is able to protect downstream NAS by extending its line of defense not only to QNAP products but also to data storage solutions from other manufacturers, server machines, printers, video surveillance cameras, NVR, to company staff workstations. The latter are often used as a bridgehead to launch an attack towards the critical portions of thecorporate infrastructure and in general towards any other device connected to the company’s LAN.
ADRA therefore also embraces third-party products and tools, taking charge of infrastructure security in its entirety.
Between advantages of ADRA is also to offer effective protection against attacks fileless: they rely on the RAM of the attacked devices without writing anything at the file system level). They are among the most complex attacks to detect using traditional security solutions.
What QNAP ADRA is not
The QNAP intelligent switch does not replace other products that already deal with security: for example firewalls, antimalwareanti-spam, patch management and security assessment centralized, the solutions for endpoint protection and so on. All these tools must always be correctly implemented and used in the company.
ADRA is therefore not integrated firewall functionality and it is not anti-malware: being basically a switch, it allows communications between network devices but intercepts all packets and examines them accordingly. In fact, it operates at level 2 of the ISO/OSI stack, certainly not at the application level or in any case at the data level as the vast majority of software products that we all know do.
Il…