Too often, organizations find themselves playing catch-up with ransomware attackers, according to John Dodds, director of product management for Nutanix.
“Do you want to come home and find your house completely burned down, and then someone hands you a check and says, ‘Here’s your ransomware warranty. Good luck getting back to normal,’” Dodds asks.
“Or would you rather the smoke detector goes off, so the fire department can come and put it out?”
Before, ransomware was mainly focused on encrypting data, according to Tuhina Goel, Nutanix’s director of product marketing.
“Today, it has evolved into pure data destruction and data exfiltration, so that the bad actors can really demand a ransom. Attackers are getting more aggressive.”
The growing severity of ransomware attacks, coupled with the difficulty of responding to them, led Nutanix to create Nutanix Data Lens, a SaaS solution that provides monitoring, detection, protection and recovery directly at the storage layer, where organizations house their sensitive data.
“Storage systems need to be able to defend themselves against ransomware,” Goel said.
“The idea is that instead of using third-party software, the storage system should have inherent capabilities to defend itself against threats. That’s exactly what we’re doing with Nutanix Data Lens, paired with Nutanix Unified Storage.”
From ‘Disaster’ to ‘Inconvenience’
Dodds says the resurgence of Bitcoin over the past year seems to be fueling increased ransomware incidents, as attackers typically demand to be paid in cryptocurrency. However, Goel notes there is “no guarantee” that organizations will regain access to their data after they pay up. And even if they do, she says, they could still be held liable if sensitive data like health records, personal identifiable information (PII), financial records or payment card information is later leaked on the dark web.
“There have been instances where corporations have been hit with an event, they were asked to pay ransom and then after they paid, they were asked to pay an additional ransom,” Goel said. “In some cases, they still did not get back access to the data.”
Goel said active monitoring and detection is better than relying on recovery, which is time-consuming, tedious and uncertain. Nutanix Data Lens, for example, provides a proactive approach to monitoring, detecting and blocking ransomware attacks and insider threats. It provides a framework for enterprises to manage cybersecurity risks by determining the scope of an attack and responding swiftly.
“The best way to protect yourself is to assume you’re going to get attacked, and then ensure that you have immutable, air-gapped backups,” Dodds said. “That way, if it does happen to you, it’s an inconvenience you can recover from, rather than a disaster.”
He explained that one thing that sets Nutanix Data Lens apart from other solutions is its active monitoring capability. Rather than relying on overburdened humans to track activity, organizations can use Nutanix Data Lens to sniff out suspicious behavior.
“If we're waiting for humans to do something, it’s going to be chaos by the time we finally realize something’s wrong,” he said.
“The chaos and the fog that happens in those first few moments…that’s what humans aren’t good at. But that’s where a system like Data Lens, integrated with Nutanix Unified Storage, really thrives.”
Nutanix Data Lens also enables one-click recovery, allowing organizations to rapidly bounce back from a ransomware incident.
“The goal is to get back to normal as quickly as possible, and we’ve thought about how we can automate and improve things at each step,” Dodds said.
Constant Evolution
As Nutanix Data Lens matures as a tool, the “exposure window,” the average time it takes to contain an attack, is shrinking.
“Currently, what we're able to contain with 20 minutes,” said Goel, pointing to a report by ESG Research done for Nutanix.
“With every release, we are trying to reduce that window dramatically. As soon as an event occurs, we want the system to proactively detect, block, and defend the data from further damage.”
Goel and Dodds note that cybersecurity tools must continue to evolve to address the gaps created by new technologies.
“Every new cool technology that comes out immediately makes security more difficult because it's new,” Dodds said.
For instance, cloud-native threats have begun to pop up over the past few years, making it critical for organizations to protect their data both on-premises and in the cloud.
“What’s great about the Nutanix hybrid cloud infrastructure is that you manage security with the same tools, through the same interfaces,” Dodds said.
“You have the same functionality, the same security, and the same feature set in an on-premises data center as you do in the public cloud.”
It’s also important for cybersecurity tools to keep pace with changes in how organizations store their data.
“Since object storage systems are becoming more primary storage systems, rather than only archival tiers, we wanted to stay ahead of the game,” Dodds said.
“Ransomware is not quite as big or established on objects, but that's where those emerging threats are coming. We also implemented anomaly detection mechanisms that detect potential data exfiltration events in object storage. Everyone had to play catch-up on ransomware protection for file-based storage systems, and we're trying to learn from that and stay ahead of things.”
According to Gartner, all storage vendors will be expected to have native protection built into their offerings by 2028, and Dodds says that Nutanix Data Lens effectively allows organizations to “live in the future.”
Still, Nutanix is exploring ways to leverage artificial intelligence to improve the tool.
“We’re investigating uses for AI models now, and we're starting to see that the chips and the models have become powerful and sophisticated enough to do some really cool things for security,” Dodds said.
“We’re not joking when we say our customers currently live in the future, and the Data Lens engineering team is working hard at helping them to stay in the future.”