Cloud Insights

Protecting NetApp Storage from Insider Threats

Cliff_O
1,251 Views

While other storage systems may provide some ransomware protection, they do not provide protection from insider threats. NetApp® storage systems are different. Very different. We are unique in the use of AI/ML to build a “normal access” profile for each user then monitor all user actions to spot any behavioral anomalies that indicate a possible threat (either malicious or accidental), then use automatic policies to stop an attack before it causes even more damage.

 

Zero trust = zero tolerance

By establishing a zero-trust architecture, you're not solely reliant on a trusted internal network. Many insider threat incidents that compromise your data can be caused by negligent or careless individuals who are already trusted members of the network. The zero-trust approach is key to stepping up your security and protection. This means that whenever unusual behavior is noticed — even from the CEO — quick action to block those users to prevent further data theft or file damage is initiated.

These actions are just the first step. It can also help an enterprise by:

  • Inspecting and analyzing all data access activity in real-time to detect malicious behaviors
  • Zeroing in on the source of the suspicious behavior and attacks
  • Alerting you immediately of a potential attack in progress
  • Protecting user data and providing a safe restoration point if there’s a potential breach
  • Increasing the speed at which you’re able to identify and recover potential damage
  • Decreasing downtime

 

While ransomware gets most of the attention in compromising critical data, Insider Threats are actually more costly to remediate due to the reported frequency of these incidents. The average ransomware incident remediation cost is around $1.4M, but the Insider Threat cost, while lower on a per-incident basis, is many times higher overall. The average organization remediation cost is approximately $15.4M per year.  Ransomware protection is good, but it is only one part of the equation; NetApp is unique in providing storage systems protection, at the storage level, from insider threats, adding an additional layer of defense for business-critical data.

 

Cloud Insights – Infrastructure Monitoring | NetApp

1 ACCEPTED SOLUTION

JoshM
1,104 Views

All good points, Cliff. There's also been an increasing trend of attackers using extortion rather than encryption - just taking the data, sifting through to find the sensitive stuff and threatening to release if not paid.

 

This bypasses many types of traditional ransomware detection, and unfortunately snapshots aren't going to help in this scenario either. Network/boundary security tools help but another layer is always better than not - Cloud Insights will detect the sorts of increase in activity that mass data theft entails, even if its masquerading as a "real" authorised user.

View solution in original post

1 REPLY 1

JoshM
1,105 Views

All good points, Cliff. There's also been an increasing trend of attackers using extortion rather than encryption - just taking the data, sifting through to find the sensitive stuff and threatening to release if not paid.

 

This bypasses many types of traditional ransomware detection, and unfortunately snapshots aren't going to help in this scenario either. Network/boundary security tools help but another layer is always better than not - Cloud Insights will detect the sorts of increase in activity that mass data theft entails, even if its masquerading as a "real" authorised user.

Public