Companies that use NetApp need to know how to harden their NetApp ONTAP infrastructure against ransomware as it continues to hold its position as one of the most prevalent cyberthreats. Gartner predicted that by 2025, at least 75% of IT organizations will face one or more ransomware attacks. 1Ransomware attacks have also continued to evolve, sometimes erasing backups and using new attack vectors beyond the typical phishing email.
When combatting ransomware, organizations can’t rely on one simple solution for cybersecurity. They may not be able to stop an attack from happening, but businesses can look at every area to find places where they can reduce risk and increase the chance of ransomware recovery. Your company needs to guard against internal threats, such as disgruntled employees and workers opening phishing emails that contain malware. Most companies haven’t done much with automation to control risk that comes from employees having privileged user IDs.
NetApp keeps up with the evolution of ransomware by providing 3 options for fighting it: 2 that defend against deleted backups and one that uses artificial intelligence (AI) and machine learning (ML) so users can avoid paying a ransom.
Here’s a closer look at 3 ways NetApp solutions can be used to combat ransomware:
The best approach to remediating a ransomware attack is to isolate and contain the threat, patch any vulnerabilities, and recover by restoring data to a complete, current, and accurate state. NetApp ONTAP Snapshot technology aids in recovery by creating point-in-time copies of data, which are immutable so they cannot be changed.
Snapshot also allows for rapid restores of terabytes of data in seconds so your company can meet its recovery time objectives (RTOs). Snapshot copies can be used across your environment for data protection and disaster recovery.
NetApp SnapVault With SnapLock Compliance (SLC)
If part of the primary array is compromised during a ransomware attack, you may not be able to recover to that array. NetApp SnapVault with SnapLock technology prepares your company for this eventuality by taking snapshots and putting them onto another physical cluster.
The combination of SnapVault and SnapLock makes backups incapable of being erased or compromised by providing a write-once-read-many (WORM) array that companies can use to physically relocate their data off-site. A Vault cluster can be added at a primary or secondary data center. SnapLock creates a logical air gap, reducing the amount of recovery time needed when using a traditional air gap.
NetApp ONTAP users can rely on Snapshots for local recovery and Snap Mirror for disaster recovery at a secondary location. For ransomware protection, the combination of SnapLock and SnapVault deliver immutable and undeletable backup. The Vault Cluster allows you to create a third copy of the data, regardless of location, while locking down who has access to the information and preventing information from being deleted. The software solution enables your company to use inexpensive hardware to achieve robust backup and recovery.
NetApp Cloud Insights
NetApp Cloud Insights uses Cloud Secure to help your company detect and prevent ransomware attacks. The Cloud Insights module leverages Cloud Secure to detect anomalous behavior, such as unusual changes in network traffic patterns.
Cloud Secure analyzes that behavior using artificial intelligence and machine learning, determines the nature of the threat, and sends alerts so you can respond to threats before an attack succeeds. Automatic data backup through Snapshots empowers you to lessen the impact of a ransomware attack by making a backup copy of data as close to the point of infection as possible for smaller recovery point windows. With Cloud Insights, your organization can take a zero-trust stance on security.
What You Need From a NetApp Partner
To make the most of your NetApp ONTAP architecture by protecting it against ransomware, your company needs a partner that can provide the services to set up these solutions. The idea is to create a copy of data that can be recovered quickly.
The air gap is the last resort. Your company can take existing technologies and buy a third array that can be walled off administratively and can be turned to for recovering data from the Vault.
Mainline helps with sizing of NetApp SnapVault. We can carry out the physical, on-site configuration of NetApp solutions, as well as any other third-party products for logging or alerting.
As a NetApp Star partner, Mainline delivers enterprise storage solutions that are efficient, reliable, and cost-effective. Our top-level partnership assures clients that we maintain the stringent Star partner certification requirements across the NetApp storage family of products, plus we are backed by a strong relationship with the NetApp team. For more information on how we can help you, contact your Mainline Account Representative directly, or reach out to us here with any questions.
You may be interested in:
1 Gartner, How to Protect Backup Systems From Ransomware Attacks, Nik Simpson, 21 September 2021.