Immutable Backup and Storage Snapshots Safe Guarded Copy

Safe Guarded Copy is a cyber-resiliency solution for SAN that creates immutable backups to protect storage against ransomware, viruses and other types of malware and even disgruntle employee’s attempting to destroy data. Cyber resilience is the capability and the amount of time an organization takes to recover from a successful cyber security attack, where data is either destroyed or corrupted by malware, ransomware or a disgruntle employee. Safe Guarded Copy is an immutable storage and backup feature of a flash storage SAN that protects snapshots from destructive malware, ransomware, and other internal and external threats. The Cyber Vault feature continuously monitors snapshots to ensure there are no signs of data corruption, and can automatically identify and restore the most recent safe snapshot very quickly. The goal of the Safe Guarded Copy and Cyber Vault is to ensure quick restoration of production data for high availability and business continuity as a result of a security incident that damages data. In comparison to competing immutable storage and immutable backup solutions on the market, the Safe Guarded Copy and Cyber Vault solution cuts the restoring of backup data down from days to hours.

The Safe Guarded Copy Immutable backup snapshots protects data by preventing changes once created, not even by the most privileged user on the system. Immutable backups are protected snapshots that cannot be deleted or changed in any way. Immutable backup snapshots are taken continuously by default, and can also be initiated by abnormalities detected by Cyber Vault. Cyber Vault monitors each backup copy to detect signs of data corruption, abnormal changes or any other potential signs of a ransomware or malware incident. Cyber Vault's immutable backup snapshots do not impact the production environment as it utilizes resources strictly dedicated to a clean room area in logical partitions or VMs to run data validation processes that does not impact production workloads. The Safe Guarded Copy and Cyber Vault immutable storage and backup solution that was adopted from mainframe platform due to its proven cyber resiliency success protecting IBM z mainframe storage. Our Safe Guarded Copy and Cyber Vault are security features of the IBM FlashSystem software, which utilize integrated processes patented by IBM.

IT and Security teams realize cybersecurity defenses will fall short, and an incident response will be needed. As a result, cyber resiliency must play a key role in every organizations disaster recovery plan. An incident recovery plan is a disaster recovery plan for a security incident, which involves the incident response team testing their cybersecurity defenses frequently to identify the risks and impacts of the gaps in the infrastructure. Businesses that do not integrate disaster recovery plans with cyber resiliency, may not be able to successfully recover their data or may take weeks or months to recover business operations.

Organizations relying on common data protection and storage features for disaster recovery will fail to protect against cyber-attacks, and will not have cyber resiliency required for cyber security insurance, let alone business continuity and high availability of their services. Unprotected and unmonitored backups cannot ensure a backup is clean and cannot prove a quick recovery of data, which is why they will not be successful with their cybersecurity insurance claims. Read the fine print! Cyber security insurance will most likely only protect your business from liability if you backups have immutability. Furthermore, some cyber security insurance policies in 2023 will require proof backups are immutable before even being provided a quote.

According to industry experts at the Ponemon Institute, in 2021 it took companies over 320 days on average to identify and contain malware, and another 23 days to recover from the attack. Now consider the many geo-political changes that have occurred since last year, and realize the cyberattacks in Poneman Institute’s Cost of a Data Breach in 2021 were primarily commercial grade attacks. However today we seeing a significant increase in military grade attacks, of which are designed to be much more entrenched into business processes and are rarely detected by best in class cybersecurity tools. Worse yet, the military grade attacks typically have no intention of bargaining with you, they only want to destroy your data.

Military grade malware and ransomware is “file-less”, residing exclusively as a memory-based artifact that exists in RAM. Military grade malware and ransomware are part of the cyber security family known as an Advanced Volatile Threat AVT. AVT artifacts do not write any part of its activity to the computer's hard drive, and therefore very resistant to existing anti-computer forensic strategies that incorporate file based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaves very little by way of evidence that could be used by digital forensic investigators to identify illegitimate activity. Even the best of the best security solutions seldom identify these threats that are becoming much more prevalent.

The Safe Guarded Copy and Cyber Vault software and processes utilizes the NIST Cyber Security Framework for implementing a number of different features and technologies to detect, protect, respond and recover data after a successful attack; including Storage Insights, Ansible, QRadar SIEM, SOAR, Guardium, CloudPak for Security CP4S. Some common security tools capable of integration with Cyber Vault include Splunk, Python Tripwires, CSM, and others.

Cyber Resiliency encompasses intrusion detection your entire infrastructure; including individuals, inter-connected systems, external vendors, services and cloud resources. Critical to detection is timely reporting and dashboards to alert teams to unusual activities and behaviors. The Safe Guarded immutable storage and backup feature provides organizations’ Cyber Resiliency needed for high availability and business continuity due to a successful cyber-attack

In addition to deploying the Safe Guarded immutable storage and backup solution for cyber security insurance and peace of mind; organizations should also assess how likely their servers are to suffer downtime due to a cybersecurity attack. There are numerous studies that explain the built-in security, data protection and high availability features a manufacture and brand of servers possesses, as well as the average amount of downtime the server brand experiences per year due to cybersecurity attack. The factors all make a difference and should help guide our decisions when acquiring any hardware or IT assets, and will affect your cyber security insurance costs.

IBM’s solution not only helps identify data corruption caused by malware and ransomware, it identifies which copies of your data have not been affected and is able to restore a clean copy of your data very quickly.

We offer a “no charge” Resiliency Assessment to help you identify gaps, strengths, and weaknesses against best practices defined by NIST CSF. The Cyber Resiliency Analysis assesses your organization’s readiness to sustain and recover from an attack, which includes ability to continue operations, the recoverability of your data and an estimated amount of time it would take to recover from a successful attack. As a result, the assessment should provide your organization an accurate depiction of your current data protection state, help identify gaps and provide recommendations to build an effective cyber resilience plan. This service would only require a Q&A session.

If you need more advanced security tools for identifying and preventing cyber-attacks, we can help with these requirements also. We offer a “no charge” Attack Surface Analysis showing the gaps and risks from an attackers point of view, and discover what you have exposed on your perimeter that is tempting hackers. On average, about 30% of a company’s public facing assets are unknown to the security team… so one of the goals of the External Threat Analysis would be to bring these unknown targets to your attention. This assessment will illustrate how an attacker views your infrastructure, so you can better understand which of your assets are the easiest targets. The assessment utilizes a SAS based penetration testing platform, and would focus on your IPv4 and IPv6 associated assets “continuously”, identifying compromised domains, login pages, outdated applications, assets revealing internal data and services being unintentionally exposed. This service would not require anything to be installed and would be provided at no cost to your organization. As a result, your company will be provided with the assessment report that should help your teams resolve any discovered risks.

According to industry experts: 277 is the average number of days it takes a company to identify and contain a data breach, whereas malware attacks took over 320 days last year. Average time to recover data took 23 days.