Monday, February 17, 2020

Backup Software’s Expanding Efforts to Help Defeat Ransomware in Data Center

Ask anyone how to defeat ransomware and software from cyber security providers may first come to mind. These include Avast, Bitdefender, Malwarebytes, Sophos.

Mention using backup software to defeat ransomware and people may look at you like you have lost your mind. Crazy or not, backup software now incorporates features that serve as a secondary perimeter to defend vs. ransomware attacks.

Prevention is Best
You will get no argument from me on this point. Every organization should deploy cyber security to stop a ransomware attack before it ever starts. Once ransomware detonates, an organization may pay a heavy price. In a worst case it pays a ransom to hopefully get its data back. Even if it never pays a ransom, it still pays a heavy toll in lost productivity and business disruption as it recovers data.

However, here’s the catch. An organization cannot assume that cyber security software will suffice in protecting it vs. ransomware. Cyber security software cannot detect and prevent vs. all strains of ransomware. Ransomware changes too rapidly and enters organizations in too many ways for any cyber security software to successfully work in every instance. This puts the onus on every organization to have a means to recover in the likely event that ransomware detonates in their environment.

Backup Software’s Expanding Efforts
To help cyber security software deal with ransomware attacks, an organization may now turn to backup software. Many backup software solutions go beyond core backup and restore capabilities. They now offer their own means to detect, prevent, and recover from ransomware attacks. Backup software solutions vary in the type and number of techniques they use. Here are 4 methods already found and used in a few products:

Honey Pot
Using this technique, the backup software provider places its own files, or honey pots, on production application and file servers. These files serve no other purpose but to detect if ransomware exists in the production environment. Should ransomware detonate and change or encrypt any of these files, the backup software will detect this file change during the backup. The backup software will, in turn, alert the organization that such a file change occurred.

Backup Software Integrated with Anti-Malware Software
Integrating anti-malware and backup software brings together the best of both backup and cyber security software. The backup software continues to focus on what it does best – backing up and recovering data. The anti-malware software comes into play as it may scan data during backups or recoveries. If it detects ransomware in the backup, it alerts to its presence.

Monitoring and Alerting on Changes to Backup Data Files
Many backup software products now store backup files on network file shares. While efficient, it does potentially expose these files to any ransomware that can access these file shares. Once it accesses them, it can encrypt or delete them making them unusable for recovery. To help prevent this, some backup software monitors the locations of backup files for any unusual or suspicious activity.

Predictive Analytics
Some backup providers now incorporate AI and ML into their solutions. This software examines and compares the data contained in backup files and looks for unusual changes in data between backups. If it detects anomalies between backups, it generates alerts to prompt organizations to examine that data.

Powerful Antidote to Ransomware Attacks
No one solution – backup or cyber security software – yet possesses all the answers to prevent ransomware from ever detonating. However, used together, these 2 software products provide organizations with a powerful antidote to ransomware attacks. Used together, they equip almost any organization to detect, prevent, and recover from a ransomware attack should one occur.