Tuesday, February 16, 2021

Navigating cybersecurity in an uncertain world

Far from being defeated, ransomware and other cyberattacks are going from strength to strength. Threat actors are now pooling their criminal knowledge to create powerful cartels, on a mission to find new and ever more insidious ways to disrupt businesses and make huge profits as victims scramble to recover. To have any chance of winning the battle, IT professionals need to shift their focus because the pandemic has to some extent rewritten the rules.

So if it is inevitable that you will be the victim of cybercrime, in addition to taking preventative steps like deploying anti-virus security software and other counter measures, the best way to protect your data is to place a copy somewhere where you can be certain thieves won’t be able to reach it.

Today, the most secure and inaccessible form of storage, which is readily available to every business at a reasonable price point and capable of scaling from terabytes to even exabytes, is LTO Ultrium tape.

For streaming large, contiguous volumes when the tapes are accessible, LTO-8 technology is more or less equivalent in streaming performance to consumer grade flash and certainly much faster than the SATA HDDs most commonly used for private cloud object storage solutions).

 But in the new world in which we now live, these relatively manageable inconveniences pale into comparison when set aside what tape delivers to companies who suffer a ransomware attack and are locked outside all of their data. The best and most compelling recent example of this is what happened to Spectra Logic.

 Because ransomware is now so widespread, it’s very likely there are more companies benefiting from tape assistance than the news would have us be aware of. That certainly seems to be one of the takeaways from the ESG Tape Landscape report for 2020 available from the LTO Program. Amongst survey respondents, the most common mechanism used to recover from cyber attack is tape backup. And of those using isolated storage protection, 61% were using tape to put in place the crucial air gap that is almost impossible for online cyberattack to penetrate.

In my mind there is no doubt that in spite of being a very familiar and traditional storage platform, tape support for backup and archiving should remain a key part of the circular fort of layered defences against the threat of cyberattack and ransomware.


 

Tuesday, February 09, 2021

Qualstar Makes Tape Storage Interfacing With Atto ExpressSAS 12Gb H1280 GT PCIe 4 SAS HBA

Qualstar Corporation makes it easier to manage a tape-based storage solution with the addition of Atto Technology, Inc.’s ExpressSAS 12Gb H1280 GT SAS/SATA HBAs to its catalog.

This HBA is one of only two on the market that utilizes the x8 PCI Express 4.0 host interface, offering the fastest available direct connection to SAS storage devices.

The ExpressSAS H1280 GT 12Gb PCIe 4 SAS HBA provides 12Gb/s transfer speeds for SAS. It has 8 external ports, which can be configured for redundancy, and can support as many as 2,048 end devices. Built-in latency-reducing technology ensures a consistent stream of data to the storage device. This, in turn, speeds up write times and reduces tape wear because it will not need to make multiple passes due to data flow interruptions. Additionally, all 12Gb/s HBA adapters include Atto PowerCenter Pro, an integrated software RAID solution that brings the performance and protection of RAID to attached storage devices.

Qualstar is dedicated to continually expanding its range of products to address all of our customers’ potential needs,” says Arun Vaishampayan, VP, global sales, Qualstar. “Atto ExpressSAS HBAs provide the superior functionality that our customers have come to expect, and we are excited to be able to offer it directly to them through this partnership.”

Specifications aside, ExpressSAS H1280 GT is notable for its effortless, user-first design. It is compatible with Windows, macOS, and Linux and with intuitive but software tools provided by Atto. A low-profile design provides better airflow over the device and also makes installation easier. And if anything goes wrong, a bevy of diagnostic and monitoring tools can pinpoint the failure – even down to individual cables.

ExpressSAS 12Gb/s HBAs are a great interfacing solution for customers managing tape-based data storage solutions,” says Tom Kolniak, senior director, marketing, product management, and alliances, Atto. “Given our 30-year proven track record and Qualstar’s commitment to excellence, this partnership is a natural fit.

 

Wednesday, December 16, 2020

Quantum Acquires Square Box Systems

Quantum Corp. acquired Square Box Systems Ltd, in data cataloging, user collaboration, and digital asset management software.

The acquisition builds on Quantum’s recently expanded portfolio that classifies, manages, and protects data across its lifecycle by adding technology advancements to further enrich video, digital images and other forms of unstructured data. This acquisition will strengthen its ability to provide software solutions to help companies unlock the business value contained in their data, both on-premises and in the cloud.

Square Box Systems’ flagship product is CatDV, an agile media management and workflow automation software platform that helps organizations with large volumes of media and metadata to organize, communicate and collaborate more effectively. IT leverages AI and ML technology to make it easier for businesses of any size to catalog and analyze digital assets such as video, images, audio files, PDFs, and more; enable search across local and cloud repositories; and provide access control across the full data lifecycle for secure sharing and data governance.

There is huge untapped value contained in video, digital images, and other valuable file data,” says Jamie Lerner, president and CEO, Quantum. “This acquisition will not only help our customers make better business decisions based on their data, but it represents another key step in Quantum’s transformation by adding data enrichment technology to our portfolio. We are also adding a growing, profitable software business unit with strong gross margins that is in the late stages of transitioning to a cloud-based SaaS business.

Expanding into new markets
Headquartered in the UK, Square Box Systems grew by more than 20% in the last year and has over 1,500 commercial software deployments and tens of thousands of individual users worldwide, including many customers that use CatDV with Quantum StorNext.

CatDV is used today in post-production, corporate video, sports, government and education markets, and has potential to expand to other markets using designed plug-ins for expanded use cases such as genomics research, autonomous vehicle design, geospatial exploration, and any use case dealing with large unstructured data. IT is integrated with aN ecosystem of storage vendors and other technology providers, and Quantum is committed to maintaining this open ecosystem and multi-vendor support.

As CatDV grows and becomes a bigger player across the industry, there’s more we want to do, building on CatDV’s success and taking it to a new level,” says Rolf Howarth, founder and CTO, Square Box Systems, now principal architect at Quantum. “I am excited at the prospect of working with Quantum, taking CatDV into new markets and solving new business problems, at the same time as continuing to work with our existing customers and partners.”

Dave Clack, former CEO of Square Box Systems and GM, cloud software and analytics, Quantum, adds: “Joining forces with Quantum makes CatDV much stronger: becoming part of a larger organization with its visionary leadership team, whilst gaining access to an amazing pool of talent, gives CatDV more opportunity to better serve our existing and future customers. The direction of both firms is already aligned; a clear focus on data management, orchestration at scale, cloud, and automation of service delivery, all unlocking amazing returns for our clients.”

Opportunity to Provide Turnkey Solution to Small Media Workgroups
Many of the largest studios, broadcasters, and content producers have complex workflows, and have the budget and infrastructure to deploy customized and integrated media asset management (MAM) systems to manage their workflows end to end. In these larger environments, Quantum has integration and will continue to partner with these MAM vendors to provide the best solutions to these customers. 

However, smaller workgroups such as those in corporate video, education, and houses of worship have a need for a more simple, turnkey solution that provides basic functionality to be able to index, search, and manage their content on a shared storage platform. Quantum intends to combine the CatDV software with StorNext to provide an all-in-one workgroup appliance and better serve the needs of this market with a differentiated offering.

 

Tuesday, November 17, 2020

ATTO Technology Unveils ATTO SiliconDisk RAM-Based Ethernet Fabric-Connected Storage Appliance

 100X faster than flash, SiliconDisk represents a new tier in the storage pyramid

ATTO Technology, Inc., has unveiled ATTO SiliconDisk, a new, no-compromise storage solution that combines cutting-edge speed and performance with the flexibility and sharing capabilities of Ethernet connectivity.

ATTO SiliconDisk is a scalable, state-of-the-art RAM-based storage appliance that is 100 times faster than flash-based storage solutions. Designed to be quickly set up for access by multiple servers, SiliconDisk far exceeds current SSD solutions for performance and extensibility with under 600 nanoseconds of latency, four 100Gb Ethernet ports and 25GB/s of sustained throughput. Best of all, SiliconDisk requires no special software, no application changes and no re-architecting of data centers, just plug and play.

System architects recognize that there’s a storage performance gap even with flash technology, which is fast but not enough to overcome the challenges modern data loads impose. ATTO SiliconDisk represents a new tier in the storage pyramid, addressing the gap between RAM and traditional storage.

“SiliconDisk is similar in concept to the very first SCSI product ATTO released as a start-up 32 years ago,” said Timothy J. Klein, president and CEO, ATTO Technology. “Of course, this one is far better, faster and this time it’s shareable. We are quite excited about this new product line.”

By bridging that gap SiliconDisk becomes essential for next-generation data processing:

  • increases performance predictability under peak loads
  • provides guaranteed ultra-low latency for critical applications
  • RAM-based persistent storage boosts processing and performance capabilities

Data is instantly stored and retrieved making the SiliconDisk ideal for accelerating real-time data analytics. Artificial intelligence and machine learning, financial trading and medical imaging applications can capture and analyze data instances 100x faster than before. Every node on a high-availability shared fabric can have access to RAM-level storage data.

SiliconDisk is the first and only 1U DRAM-based solid-state storage appliance with multiple 100GbE port connectivity. The four channels of ultra-fast 100GbE are integrated into a single chip and linked to high-speed RAM, all managed by ATTO xCORE storage controller technology to eliminate all bottlenecks in performance.

Completing the package of exclusive, built-in technologies are ATTO RToptimizer™ and ATTO Infinite Write Endurance™. RToptimizer delivers real-time performance analytics of storage network connections, storage utilization, as well as overall SiliconDisk data performance for quick and accurate solution optimization. With Infinite Write Endurance, RAM used in SiliconDisk has no “per write” flash performance penalties or worry of memory wear-out.


 

Tuesday, November 10, 2020

How Spetra Logic Overcame a Ransomware Attack

If you’re in the data storage business, the last thing you want to do is “announce” a ransomware attack. But that’s actually counterintuitive. We were hit with ransomware, and as a data storage business, we feel it is important to share the story in order to help others prepare.  

As Senior Director of IT, I’m not usually involved in the small, day-to-day glitches that occur. I’ve got a great team of IT professionals, and they rarely have to involve me in such normal operations. Thursday morning, May 7, 2020, would prove to be anything but “normal operations.”On that day, at roughly 9:20 a.m., I had two members of my staff report that lots of little things (none of which were related) were breaking. This was not normal. When a third staff member came in to report the same, there was a pause and then a scramble. We all thought the worst – have we been breached? We’re now in the hall and running to the data center.  

One of my guys jumped on a server to see if we could figure out what was happening. Searching the files, he found a ransom note. Our hearts dropped, but our feet hit the floor. We ran around physically cutting the cord between servers so they couldn’t communicate with other servers to spread the virus further. Then we brought them all down.It was now 10:45 a.m. and we heard one of the strangest sounds we had ever heard -- complete silence. Our data center hadn’t been silent since we moved into it in 2012. We’d planned for this situation for years, but it was still uncharted waters for all of us. Once we got the machines down, we had a minute to breathe. The ransom note informed us that we had been hit by the “Netwalker” virus. With a rough calculation, I figured the ransom would be around $3.6 million, and we had five days to pay it off in bitcoin or we were on our own. 

I had one person checking on backups to figure out exactly what we had for a disaster recovery scenario. We rely on CommVault for our daily backups to both Spectra tape and Spectra BlackPearl® NAS. In addition, we augment those backups with VM snapshots and StorCycle® software for data migration.  

 We realized that our email server was not compromised. At least we could still communicate with the rest of the company and the rest of the world. We put as much protection around it as possible and brought it back up. 

By noon, I emailed the appropriate individuals and groups throughout company. I also contacted the FBI, explained the situation, and they promised that someone from their cybersecurity team would call me back.  

I assigned a group to start bringing up department servers completely disconnected from the network. We realized that if a server had 100TB of data, it now showed up as a single 100TB encrypted file. Out of a total of 600 servers, including virtual machines, we had 150 servers that were compromised.  

By 2 p.m. we confirmed a few things that helped us take heart. We had tape backups from the previous Friday. Our total possible data loss would be three working days – not what you want to have happen, but we would be within my SLA. Tape would get us back to the beginning of the week, but we’re a transactional company; every minute represents thousands of transactions. We run disk snapshots of our Nimble Flash arrays daily. We confirmed that we had uncompromised disk images for about 90 percentof our systems.  

Our legal department informed me that they’d bought “ransomware insurance” a few months earlier -- something the IT team was not initially aware of. It was a stroke of luck. By roughly 4 p.m., our insurance company set us up with a security consulting firm that deals with these issues. They told us exactly what to do to “stop the bleeding.” I put my team on split shifts around the clock. They were either working or getting a few hours of sleep.  

Around 7:30 p.m., we were on a call with the FBI cybersecurity team. They’ve dealt with this a lot and said our only options were to negotiate with the threat actors or rebuild our data center from scratch. We were roughly 10 hours into the ordeal, and it already felt like it had been days. 

 This attack started on a Thursday morning. By the wee hours of Monday morning, we’d stopped the bleeding and did a full triage to assess our options. We had roughly 24 hours before we had to pay the ransom or lose that option altogether. Keep in mind, at this point, we hadn’t recovered a single file. It had taken that long just to secure all servers and ensure that we had stopped the virus from spreading.  

We had a meeting with all involved players: The FBI, our security team, our legal department, and my entire staff. I told them we weren’t going to pay the ransom. In actuality, I never considered it an option. Once we confirmed that we had a backup on tape, we had the confidence to walk away from any options involving paying or negotiating the ransom.  

We knew what our recovery effort would be. This wasn’t just about restoring some files; this was a full-on disaster recovery operation, including complete wipes and rebuilds of every server. Based on feedback we got, it was estimated that it would take four to six weeks for us to get back up and running. With that in mind, we started rebuilding. It took five days to get the company back up; it took another week or so to get all of our systems back online; and it took another two weeks after that to get all of the kinks in connections worked out.

 Postmortem 

So, how did this happen? In late March, roughly a month before the attack, we’d sent hundreds of employees home to work remotely due to COVID-19. We went from a 99 percent on-premise work environment to a 99 percent remote-office environment -- overnight. Cybercriminals were all too aware of what was happening in the world, and they exploited it. In fact, I’ve come across some scary facts since this event. According to VMware Carbon Black, ransomware attacks have increased by 900 percent this year. And the security firm McAfee recently reported that Netwalker cybercriminals have made more than $25 million in ransom payments since March. 

One of our employees was VPN’d in on a private laptop. They opened a piece of malware that would have been stopped by our virus protection software, Sophos, but Sophos wasn’t installed on that system. It never would have been allowed pre-COVID, but we were acting quickly to respond to the pandemic, and unfortunately, one risk averted was another risk created.  

Lessons Learned 

Data First – Have multiple copies of data on multiple mediums in multiple locations. The best IT experts in the world can’t help you get your data back if every copy is compromised. We never could have taken the bold step we did if we had not had those tape copies. Our data had been encrypted by the virus as fast as disks could carry it. You have to have a copy of data that can’t be touched. Tape provided an air-gap, an electronically disconnected copy of data that could not be accessed. 

Even if you’re willing to pay a ransom, encryption-by-ransomware is messy. There’s no guarantee you’ll get the decryption tool if you pay the ransom, and there’s no guarantee it will work. We relied on both tape backups and disk snapshots to restore our systems. We are now exploring ways to replicate our disk snapshots to a dark site. The decentralization of data can create management challenges, but we’re exploring some pretty promising ways to centrally manage it

 Experts Second – Have cybersecurity experts onboard or close at hand. Not all companies are large enough to justify a full-time cybersecurity team. Four years prior to this, we had had three test servers that were not protected by our VPN become infected. Our production LAN was protected by the firewall. The servers were easily cleaned and restored from backups. That experience was useful, however. A few of the protections we put in place then helped us during this event. We actually do an amazing job of security here, but we don’t deal with the aftermath of an attack on a daily basis the way cybersecurity experts do. Having ransomware insurance was a brilliant way to have a cybersecurity team there in an instant. You’re never 100 percent safe. These attacks happen to organizations of every size and level of expertise, from world governments to the biggest names in industry. You don’t want to go this alone. The cybersecurity team we had access to was able to help decrease the amount of downtime we experienced as well as take other actions such as verify that no data had actually been stolen or accessed. This avoided a nightmare that many organizations are strapped with for years afterward.  

Balance Third– Good IT security is a balance of culture and security strategy. No matter what the level of security you deploy, you could always add more. At some point, however, that will start to impact your user experience and possibly the goals of the company which are accomplished through IT. Will you allow the use of Macs andPCs? Will you allow remote access, or require everyone to work on premise? How much will your virus protection software filter? Will vital communication be blocked due to extreme protection? It’s all a balance. You may think you’re willing to accept a risk that you really aren’t willing to accept once it hits. Figure this out ahead of time. Consult with security experts to develop a strategy that balances risk and IT policy.  

In the end, we overcame the attack with virtually no data loss and absolutely no data stolen. One of our servers was not being backed up appropriately. Data for that server had to be reconstructed. It was time consuming and costly.  

As difficult as it was, this is what success looks like after such an attack: Assess your infrastructure, your access to experts and your approach to IT security. There’s no lock that can’t be broken into, but by taking this approach, you will be able to minimize the damage and assure business continuance.