Infinidat Blog

InfiniSafe® Automated Cyber Protection (ACP): Fill the Gap in Storage Cyberattack Data Protection and Detection

The world cannot stand still when it comes to securing your company's data assets. Protecting data assets is a constant challenge because cyberattackers never sleep and can strike at any time. In fact, the threat of a cyberattack has become so pronounced that in the survey of Fortune 500 CEOs in 2023 the #2 threat CEOs cited to their companies was cybersecurity.

Traditional backup methods, we augmented them with snapshots, and in particular, immutable snapshots are all goodness. But, there is always a but! The word here is gaps. Snapshot schedules leave gaps in protection and we know even replication really means that data is available, but not really protected. This is because, once it is corrupted or encrypted, compromised data can also be replicated. Nothing new - it has been part of the disaster recovery challenge for years.

Blog-Quote-InfiniSafeACP_1.png

Given this, how does one try to “fill the gap” so to speak, not knowing when or what might happen? That is the multi-million-dollar question! Yes, multiple millions of dollars. Multiple published studies show average ransomware costs in the low millions of dollars for businesses and those double for healthcare! Let’s also not forget the recent cyberattacks on MGM Resorts costing them over $100 million in revenue and significant market cap hits, and the UHG incident is publicly reported to have an impact of up to $1.6B. New laws and regulations for reporting cyber incidents for public companies in the USA and specific regulations pertaining to and written by the European Union have made knowledge of these attacks highly visible.

Infinidat is introducing InfiniSafeⓇ Automated Cyber Protection (ACP), another application of the Cyber Resilience Services offered by our InfiniVerseⓇ Platform, to help fill those gaps and create an easily orchestrated method in the face of the chaos that cyberattacks bring on.

InfiniSafe ACP is a simple concept - when you see something, do something! Companies employ teams of people to monitor and manage their cybersecurity. Even with all those resources, it can take minutes or even hours to determine if someone should call a storage admin and say, “we detected something in server x, why don’t you snapshot the data as soon as possible?” The reality is that this call often never happens and the window is wide open for attackers to proliferate data corruption, encryption, or other nefarious attack vectors against your valuable enterprise data. With InfiniSafe ACP, Infinidat focuses on SHRINKING THE THREAT WINDOW by employing a solution that works at the speed of compute. Without thinking, it automatically triggers a protection scheme to create immutable snapshots of any data within your InfiniBox™ SSA and InfiniBoxⓇ platforms. Why do it? Why not? It costs you nothing!...and can save you millions!

The channel has already expressed excitement about this unprecedented capability. Allen Shahdadi, Vice President of Global Sales at Sycomp, has affirmed the beneficial impact that InfiniSafe ACP can have, stating:

Infinidat has become synonymous with guaranteed cyber resilient storage. Infinidat continues to deliver powerful solutions that solve critical cyber issues for enterprises and service providers around the globe. The InfiniSafe Automated Cyber Protection solution brings much needed capabilities to fight more effectively against cyberattacks. The automatic capture of immutable snapshots of primary data could be the difference between your data being held ransom and the rapid recovery of your data. Before international cybercriminals, hackers and fraudsters can gain an advantage, Infinidat’s InfiniSafe reduces the threat window decisively.

IS for IB RA.png

At the highest level, InfiniSafe ACP works by being told to trigger snapshots. How and from where does that happen? Well, some may have simple environments where data is collected in simple syslogs; others may have larger and more complex environments and employ SIEM (Security Information and Event Management) and/or SOAR (Security Orchestration and Response) cyber security software solutions to consolidate alerting and response in their security ops centers (SOC). Regardless, all of these environments have robust sets of API’s, CLI’s, etc. that can pass or receive data, which can be acted upon. In the case of InfiniSafe ACP, one of these environments (syslog, SIEM or SOAR) would generate an alert or notification that would then trigger InfiniSafe ACP to take snapshots, when concerning changes or events are detected. Without hesitation, based on that trigger, InfiniSafe nearly instantaneously creates immutable snapshots. What do you protect? It’s up to you - it could be a few volumes on one critical InfiniBox SSA or InfiniBox or maybe everything on all of your InfiniBox estate. We enable you with the tools and flexibility that give you these options as part of our InfiniSafe Reference Architecture and associated tools built for you to accomplish this easily. Maybe you want to do a snap every 15 minutes for the next day - that’s doable, too. Once the immutable snapshot is taken, it is given a default retention of three (3) days - reasonable and, of course, you can extend it, but cannot delete it prior. A truly immutable snapshot has no back doors or support-enabled deletion; that is just a security hole, no matter what others may try to tell you.

As an influential analyst, Chris Evans, Principal Analyst at Architecting IT, has put InfiniSafe ACP in perspective as a unique and innovative solution:

Infinidat has carved out a very unique leadership position as the only storage vendor to offer an automated enterprise storage cyber protection solution that seamlessly integrates with cyber security software applications. Infinidat’s newly launched InfiniSafe Automated Cyber Protection (ACP) that easily meshes with the SIEM, SOAR or Security Operations Centers is exactly what enterprises need to include enterprise storage as a comprehensive approach to combat cyber threats. This proactive cyber protection technique is extremely valuable, as it enables taking immediate immutable snapshots of data at the first sign of a potential cyberattack. This provides a significant advancement to ensure enterprise cyber storage resilience and recovery are integral to an enterprise’s cybersecurity strategy. ACP enhances an enterprise’s overall cyber resilience by reducing the threat window and minimizing the impact of cyberattacks on enterprise storage environments.

Your system has responded without hesitation, automatically - now what? Is your data good? Has it been compromised? How do you tell? We can help here, too. InfiniSafe has an optional component, InfiniSafe Cyber Detection, an extension of our Cyber Resilience Services, that enables deep AI/ML-based scanning of the data contents of an immutable snapshot. This is a deep content level scan that leverages over 200 data points and uses learning based algorithms to apply insights to the metadata to determine if data is good or compromised. It does this with 99.5% accuracy. The result is that you have highly granular and actionable data that pinpoints any compromised data with all the details on what is found and exactly where it lives. Now your forensic team doesn’t have to figure out where it is - they know. And InfiniSafe Cyber Detection only charges you for the amount of capacity scanned. If you have our InfiniBox G4 that scales to 17.1PB and you want to use InfiniSafe Cyber Detection on 200TB, we only charge you for the 200TB that you are scanning.

With our announcements today, May 22, 2024, we are also extending the capabilities of InfiniSafe Cyber Detection by adding VMware datastore support. Volumes or file systems that are used for VMware datastores can now be specifically scanned with the same accuracy as standard data volumes and file systems. VM’s are reported on with the same accuracy and high levels of granularity as volumes, files, databases, etc.

ISCD Interface grahic with alerts.png

Importantly, if your data is compromised and you know you have good copies, Infinidat provides a recovery time guarantee of 1 minute or less for entire snapshots of your data, regardless of the size on the InfiniBox and InfiniBox SSA. You have a 200TB volume, cool, point and click at the last reported known good copy, and BOOM - recovered! Need a file or directory - easy. Mount the snapshot to a system that we recommend in a fenced forensic environment. Then copy what you need and verify further if needed with your application (database for instance) or copy right back to production.

All of this can be orchestrated from end to end. InfiniSafe core functionality and InfinSafe ACP are included at no cost with all our platforms. Add to that our optional InfiniSafe Cyber Detection and you have a fully orchestrated end-to-end solution. Further, protect your critical data assets and validate the integrity of that data, with ease and ignore the chaos created by cybercriminals. Gain your leverage back over the attackers with an InfiniSafe solution, and save your enterprise money and protect its reputation!

Learn More

About Bill Basinas

Bill Basinas is Senior Director, Product Marketing at Infinidat and has been focused in the storage industry since 1994 when he joined Legato Systems as the first field systems engineer.  He was also an early employee at Avamar and spent time at enterprise companies such as EMC and HPE Storage in Global Marketing and Engineering roles.