Vulnerability identification concept.
In this era of rampant ransomware, organizations have come to value their storage and backup assets more than ever. Being locked out of storage assets you have always been able to access on demand is a sure way to eliminate any tendency to take storage for granted. Similarly, finding your backups encrypted or corrupted by […]
In this era of rampant ransomware, organizations have come to value their storage and backup assets more than ever. Being locked out of storage assets you have always been able to access on demand is a sure way to eliminate any tendency to take storage for granted.
Similarly, finding your backups encrypted or corrupted by cybercriminals and not having any ability to recover changes your opinion of the importance of backup. Security tools are taking these factors into account more. Here are some of the top trends in the vulnerability management market:
Clearly, storage and backup systems deserve every bit as much protection as other applications.
“There is a high risk in not performing proper vulnerability management,” said Michael Tremante, product manager, Cloudflare.
“Businesses that store more data may suffer from larger leaks ultimately destroying the entire business.”
See more: 5 Top Backup Security Trends
In recent years, storage and backup services have become a prime target of malicious actors.
By manipulating storage and backup, attacks on organizations could significantly be more effective and harder to defend against. Yaniv Valik, VP of product at Continuity, laid out some common examples:
“Such attacks are particularly hard to detect, since, traditionally, existing threat detection, vulnerability management, and data loss prevention tools are either not deployed in storage and backup environments, and even when they are, they have limited coverage and visibility,” Valik said.
See more: Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities
Most existing vulnerability management solutions provide only minimal coverage for storage and backup, according to Valik with Continuity.
A significant portion of the storage and backup estate, for example, relies on dedicated appliances, running proprietary and locked-down operating systems, that vulnerability management solutions do not support. Further, storage and backup heavily rely on dedicated networking, a large portion of which are not based on IP and Ethernet networking, but rather dedicated Fibre-Channel hardware and protocols, which are invisible to vulnerability management tools.
Thus, there is a growing realization among organizations of the importance of securing storage and backup, fueled by three key factors:
“Dedicated storage and backup security tools are emerging that provide end-to-end VM coverage to all assets, including storage and backup software, management consoles, dedicated appliance, IP and non-IP network components,” Valik said.
“They can also validate compliance to leading security frameworks, proactively verify that storage and backup vendor security best practices are followed, and provide a framework for automating remediation.”
As the complexity of IT environments grows, the vital need for accurate inventorying of storage and backup assets become clear. Only by understanding the scope of these systems and associated software, can storage and backup assets be fully protected. Whether these assets are in the cloud, on-prem, in hybrid settings, or spread around multiple clouds, vulnerability management tools need the ability to find any and all software, hardware, and cloud assets.
There are so many vulnerabilities in modern storage and backup systems that it can be challenging to know where to begin with remediation efforts.
Eric Kedrosky, CISO of Sonrai Security, suggested that the evaluation of risk was a necessary earlier step to enable IT to know how best to proceed.
“A key best practice for vulnerability management is to take a risk-based approach,” Kedrosky said.
Give priority to the vulnerabilities that pose the most risk to the business. Particularly where resources are limited and personnel are scarce or overloaded, this approach simplifies the remediation process by taking the attention off trying to eliminate every vulnerability in the environment. Instead, IT can focus on fixing those that pose the biggest threat.
See more: 12 Top Vulnerability Management Tools
Drew Robb is a contributing writer for Datamation, Enterprise Storage Forum, eSecurity Planet, Channel Insider, and eWeek. He has been reporting on all areas of IT for more than 25 years. He has a degree from the University of Strathclyde UK (USUK), and lives in the Tampa Bay area of Florida.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
