InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
The threat from increasingly sophisticated ransomware attacks continues to grow. Unfortunately, no single solution can completely protect an organization from ransomware attacks. In this piece, we look at the role immutable storage services can play in
a ransomware protection strategy.
An isolated recovery environment (IRE) is a dedicated, secure recovery environment equipped with resources to verify and recover data from an immutable backup copy. Immutable data architecture means that data, once written, can never be changed, and so
it cannot be encrypted by ransomware. An IRE with immutable storage does not replace a traditional backup but is meant as a tertiary solution for critical data.
IREs with immutable data vaults (IDVs) provide the highest level of security and recovery against a ransomware attack, but they also come with the highest cost and complexity. An IRE solution will rarely replace your full backup solution, so this
is an additional recurring cost generally calculated per gigabyte of data. Costs for even moderately sized firms can add up to hundreds of thousands of dollars a year, in addition to other backup and recovery costs.
A wide range of on-site and cloud storage technology providers offer immutable storage products and services, including NetApp, Cisco Systems, Amazon Web Service (AWS), Microsoft Azure, Dell EMC PowerProtect Cyber Recovery and IBM Services Cyber Vault.
When investing in any form of backup solution, cloud or on-prem, organizations should consider:
When investigating immutable backup solutions, keep in mind that:
Immutable storage may make sense in some scenarios, beyond your standard backup solution. For example, financial companies and highly regulated industries may feel the added security and peace of mind is worth the investment. Other companies may feel
the ever-increasing cost of paying a ransom more than justifies the additional investment in a tertiary recovery solution.
However, immutable storage is not a ransomware prevention strategy; it is a recovery strategy. Whether or not you decide to employ it, many other steps can and should be taken to build
a ransomware defense-in-depth strategy. Make sure you cover these basics first. For example, typical security controls like keeping up-to-date on system patches is the first step to minimizing the risk that ransomware will be successful. Other controls
to consider include:
Regardless of what solution you use, recovery strategies can go wrong in many ways. Restoring from backup can be time-consuming. Whatever strategy you select, make sure your recovery time objectives (RTOs) and recovery point objectives (RPOs) are sufficient
for your business needs. Immutable storage isn’t that useful if it takes you a year back in time on a system restore or if it takes weeks to restore from backup.
Other ways backup and restore strategies can go wrong include:
Few organizations can afford the cost of backing up all their data to an IRE service. While putting only your most critical data in an IRE backup is a good alternative to minimize costs, there are steps you can take to harden your existing environment
and gain many of the benefits without paying for a service.
Here are a few key points to remember before considering an IRE service:
IRE services are a developing segment of the security market. However, their cost and complexity will continue to play a large role in the overall decision process for years to come.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 2, 2021
By IANS Faculty
As the end of the year approaches, security leaders are starting to plan their strategic and tactical roadmaps for the year ahead. Here is a list of three security initiatives to consider in 2022.
November 30, 2021
The most valuable server and endpoint security metrics for security teams tend to help improve the security program overall. Here is a list of key server and endpoint security metrics to use for reporting.
November 23, 2021
Understand how data lakes differ from SIEMs, and guidance for planning, building, and securing a security data lake.