Share this:
If you Google ‘where do ransomware attacks start?’ you will mostly likely find articles focusing on phishing emails. While this is true, most fail to mention the impact your on-premises infrastructure, specifically the architecture, has on exposing you to a ransomware attack. Furthermore, these articles just scratch the surface and neglect to mention how traditional infrastructure designs are at the root of these devastating attacks that reach the deepest depths of your critical environments.
While several vendors tout a ransomware recovery solution, the question to ask yourself is how many are actually building systems that keep ransomware in mind? Are architected to actually protect your data day 1? Are capable of limiting the risk and impact of a ransomware attack?
The answer is more surprising than you might think.
#1 Your Infrastructure Doesn’t Have Separate Storage & Compute Security Domains
Consider for a moment a traditional converged, or specifically hyperconverged infrastructure (HCI) solution. With HCI, most organizations find the simplicity of having their compute, storage, and networking services in one system beneficial. However, it becomes less helpful when planning against a ransomware attack. With HCI solutions, the storage and compute security domains are collapsed into one. This means if your server is attacked by ransomware, your data and recovery utilities are not protected from being infected as well.
The risk of the attack spreading makes it critical for enterprises to deploy infrastructure with separate storage and compute domains. A solution to separate executable programs on the operating system from critical data is needed. In this model, a compromised operating system or application may read and write to storage but can’t compromise the protective layers of the storage system that allows fast detection of ransomware and easy recovery. Only complete separation of storage allows this, which means the operating system image must also be separated from compute. Isolating the compute domain from the storage domain prevents ransomware from infecting your data protection software, and therefore ensures that you can reliably recover your operating system and application data.
#2 Your Infrastructure software & firmware is out of date and cannot be quickly or consistently updated
As mentioned above, software vulnerabilities are a key factor in triggering a ransomware attack. What most organizations don’t realize is that this can be a direct result of either user misconfiguration or a lack of a centralized management approach leading directly to out-of-date software and firmware.
Think about your data center environment for a moment. In certain instances, you might have to update your deployment cluster by cluster, or worse, device by device. In this instance keeping every single one patched and on the same version can be a management nightmare. Manual updates inevitably lead to user error and can often take weeks or months. Completing the updates one by one on hundreds or even thousands of servers usually takes enough time that once you’ve finished, a new patch has been released, making the software on your systems out of date again.
#3 You can’t easily restore your data AND operating environment
The process of recovery after a ransomware attack in theory is fairly simple: first you recover your operating system (OS) and then you recover your data. If you do your research, you’ll find that nearly every infrastructure vendor offers a ransomware recovery solution but read the fine print and you’ll see that not everyone offers recovery of both the OS and the application data and no one can do both in only a few minutes. With snapshots, it’s pretty simple to recover your data. While most can’t guarantee recovery to a known, clean version, there is still a recovery option. But restoring your application data is of little use if you can’t restore your OS.
You might think, well, I can simply reinstall the OS from scratch or maybe from a backup image I have. The issue with the former is that you would need to remember the exact setup of the system, application, and cluster. The issue with the former and the latter is that it can be an extremely tedious task and if needed on multiple servers can take hours or even worse, days. This is assuming your infrastructure services haven’t been infected as well.
#4 Your Infrastructure doesn’t leverage Zero-Trust principles
The traditional security method employed by infrastructure vendors has been straightforward perimeter security, meaning that if a user, network, or system is verified at the initial access point, no other verification is required once the system is entered. This means that anything within the security perimeter is free game. But what if you only want to give limited access? Or you unintentionally gave access to a bad actor that infiltrated the system?
This is where the idea of zero-trust becomes critical. With zero-trust principles, verification is required within the system/network at every level not only the perimeter. This is a pretty radical change and can significantly improve the security of your infrastructure. The idea of zero-trust was only just introduced in 2010, which means the infrastructure you have deployed today, likely was designed with only perimeter security levels making it extremely susceptible to a ransomware attack.
Keep your data secure with Nebulon smartInfrastructure
Nebulon smartInfrastructure was designed to reduce your infrastructure attack surface, detect data breaches, and speed recovery in the event of a ransomware attack. The way this is done is through smartDefense, a Nebulon smartInfrastructure solution that provides ransomware protection, detection, and recovery solutions.
To learn more about Nebulon Ransomware solutions, get in touch with us and learn how Nebulon can secure your critical infrastructure in the datacenter and at the edge.
Share this: