Ransomware gets a lot of attention from IT professionals and data protection vendors alike. Ransomware however, is only one door that bad actors can use to compromise the data center. Another door is application or operating system vulnerability. While several backup vendors offer very specific ransomware detection, few provide any assistance with advising on the vulnerability of operating systems or applications.
Today, verifying application vulnerability is largely a manual process for most organizations. Typically, an IT staffer periodically checks a threat list to cross-reference running operating systems and applications with known vulnerabilities. The most obvious challenge to this approach is its manual nature, which leads to inconsistent checking and human error.
Another concern is that the approach doesn’t typically cover going back and re-checking if a vulnerability is reintroduced into the environment because of a recovery or reusing the backup data for dev and test. For example, a developer may request a restoration of a copy of an application from a backup, after the production copy is updated to address the vulnerability, thereby overwriting the updated copy and exposing the organization to the threat all over again.
Even if the organization implements some level of automation, there are concerns over how and where the environment scan executes. Done at the wrong time or done inefficiently may impact performance of the production environment.
Cohesity CyberScan – Closing the Availability Door
Cohesity CyberScan is available in the Cohesity MarketPlace. CyberScan scans backup images for operating system files or applications that have registered vulnerabilities. The solution works in conjunction with the Tenable.io service so that the solution always has the latest list of known vulnerabilities.
Unlike manual solutions where scans are done inconsistently, CyberScan can execute scans on-demand or at the end of each backup job. Unlike other scanning tools that need to scan production environment, CyberScan scans the backup data within Cohesity’s runtime environment. This helps the IT team to discover vulnerabilities within their production environment and take corrective action. Scanning that backup data set makes sense because scanning overhead doesn’t impact production and doesn’t have to wait to crawl the entire network to perform its audits.
CyberScan also helps in achieving predictable recovery by giving backup operator visibility into the snapshot’s health and recoverability status. In the development example described above, CyberScan lists the known vulnerabilities along with vendor recommended solution that can help address cyber exposure.
Cohesity now has a full complement of security features within its marketplace that work with the solution’s backup capabilities. At its core, Cohesity snapshots are immutable, meaning ransomware can’t corrupt to them. The Cohesity file-system features AES-256, FIPS compliant encryption, keeping the file system secure.
In addition to the system’s immutable snapshots and WORM, the company added a robust anti-ransomware capability earlier this year that enables organizations to prevent their backup from becoming a target, machine learning driven detection and swiftly respond to ransomware attacks with global search and recovery at scale. Lastly, Cohesity also works with anti-virus solutions to make sure backups are virus free. Add to all of this, CyberScan which provides verification of application/operating system vulnerabilities and it becomes obvious that Cohesity is raising the bar on helping IT detect, prevent and recover from cyberattacks.
Storage Switzerland advises IT professionals to create a security checklist for its data protection vendors. That checklist includes:
- Protecting the Backup Store with Immutability
- Leveraging Encryption on the Backup Store
- Detecting Active Ransomware in Production
- Detecting Dormant Ransomware in the Backup Set
- Remediation Before Restoration into Recovery
Inspired by the Cohesity announcement, we’d add protection from vulnerabilities to our checklist. The world is almost too focused on ransomware, yet the many attacks exploit vulnerabilities. The infamous WannaCry attack is a good example.