Storage managers and backup administrators have mostly considered themselves aloof from the concerns of mere endpoints.
What might be happening on PCs, laptops, and mobile devices appeared unrelated to the esoteric world of storage and backup. But what impacts endpoints on the security front is important to back-end storage and backup systems. Threats can come from anywhere in this increasingly interconnected world of IT.
Here are some of the top trends in endpoint detection and response (EDR):
1. Insider threats
Storage personnel are largely left to get on with it – as long as the SAN is running smoothly, backup schedules are maintained, and data can be recovered after an event.
But that isolation could be a problem due to the rise in insider threats. All it takes is a rogue storage or backup administrator or a compromised account anywhere in the enterprise, and storage systems can be breached.
Kroll’s “Q3 Threat Landscape: Insider Threat the Trojan Horse of 2022” report found that insider threat has reached highest-ever levels, accounting for nearly 35% of all unauthorized access threat incidents. The company also observed more malware infections via USB, perhaps indicating that factors such as the fluid labor market and economic turbulence impacting a rise in insider-related incidents.
“Whether it be insiders that are malicious by intent or simply careless or compromised by cybercriminals, the potential damage – particularly with regards to intellectual property (IP) theft – can be significant,” said Laurie Iacono, associate managing director in Kroll’s cyber risk practice.
“Rising inflation and the number of jobs available post-pandemic has become a reason for many to move jobs. This becomes ripe ground for possible insider threat, as employees try to retain information on the projects they’ve worked on outside of corporate devices, or, in other cases, they retain access rights and permissions for tools and applications they previously used as HR and IT teams struggle to keep up with the amount of staff turnover.”
To counter insider threat, she advised organizations to pay close attention to access rights given to staff and always try to maintain a least-privilege environment. Monitoring for suspicious activity – such as a particularly large data download or unknown USB device – is another way to spot potential compromises of security. Above all, clear instructions to employees on what is and isn’t allowed, combined with fast and efficient IT and HR processes that work together in harmony, will prove the best defense against insider threat becoming a Trojan horse.
It goes without saying that storage professionals should pay more attention to security.
One strategy to incorporate this function without adding too much time is to look for automated tools.
“Automation will be a priority investment to streamline and strengthen security management processes from end to end,” said Jagjit Dhaliwal, VP, global CIO industry leader, UiPath.
“Organizations are increasingly leveraging automation for threat detection and prevention, specifically automating endpoint protection, vulnerability management, and detection controls. Automation can extend endpoint security, enabling full visibility to enhance protection and speed of response.”
3. Managed security services
Another strategy at the disposal of concerned storage managers is the adoption of managed security services.
“Businesses will look to get a completely managed service instead of an EDR product, seeking incident response capabilities that can quickly investigate and remediate incidents with dedicated cybersecurity expertise provided by the vendors in real-time,” said Tal Zamir, CTO, Perception Point.
4. Cost and tool consolidation
Storage managers have enough on their plates. More tools just add to the burden.
Expect, therefore, efforts to reduce costs and consolidate tools. With security spawning so many applications, expect EDR and other security tools to be packaged together to add simplicity.
“Customers want to eliminate point products and vendors to simplify IT and eliminate cost with risk in budgets coming out of pandemic,” said Aditya Kunduri, director of product marketing, EUC, VMware.
5. Look beyond high-priority patching
It is becoming clear to storage managers that they can’t necessarily leave the patching of their systems to central IT personnel.
It is up to them to ensure their systems are secure. Most patch management and vulnerability management tools focus on applications and operating systems. They don’t do a good job spotting unpatched or vulnerable storage systems.
The usual approach from frantic storage personnel is to get a list of the most critical issues and initiate remediation actions. But that is no longer enough.
“Most threat actors use more than one vulnerability in their kill chain, so make sure you aren’t just hitting the most prominent vulnerabilities in your attack surface,” said Graham Brooks, senior security solutions architect, Syxsense.
This is another area where automation and/or managed services can be deployed to ease the workload that typically sits on storage manager shoulders.