In this era of rampant ransomware, organizations have come to value their storage and backup assets more than ever. Being locked out of storage assets you have always been able to access on demand is a sure way to eliminate any tendency to take storage for granted.
Similarly, finding your backups encrypted or corrupted by cybercriminals and not having any ability to recover changes your opinion of the importance of backup. Security tools are taking these factors into account more. Here are some of the top trends in the vulnerability management market:
1. Storage and Backup Must be Protected
Clearly, storage and backup systems deserve every bit as much protection as other applications.
“There is a high risk in not performing proper vulnerability management,” said Michael Tremante, product manager, Cloudflare.
“Businesses that store more data may suffer from larger leaks ultimately destroying the entire business.”
See more: 5 Top Backup Security Trends
2. Rising Volume of Vulnerabilities
In recent years, storage and backup services have become a prime target of malicious actors.
By manipulating storage and backup, attacks on organizations could significantly be more effective and harder to defend against. Yaniv Valik, VP of product at Continuity, laid out some common examples:
- Deletion of backup copies would leave victims unable to restore locked or corrupted production data, forcing them to pay ransom or lose the data forever
- Breaching storage and backup provide adversaries with direct access to the most secure data assets in an organization to exfiltrate enormous amounts of sensitive information (often completely bypassing existing safeguards, detection, and alerting solutions)
- Infecting recovery copies, so that even after and organization recovers from an attack, adversaries can seize control once again
“Such attacks are particularly hard to detect, since, traditionally, existing threat detection, vulnerability management, and data loss prevention tools are either not deployed in storage and backup environments, and even when they are, they have limited coverage and visibility,” Valik said.
3. Gaping Holes
Most existing vulnerability management solutions provide only minimal coverage for storage and backup, according to Valik with Continuity.
A significant portion of the storage and backup estate, for example, relies on dedicated appliances, running proprietary and locked-down operating systems, that vulnerability management solutions do not support. Further, storage and backup heavily rely on dedicated networking, a large portion of which are not based on IP and Ethernet networking, but rather dedicated Fibre-Channel hardware and protocols, which are invisible to vulnerability management tools.
Thus, there is a growing realization among organizations of the importance of securing storage and backup, fueled by three key factors:
- Infosec teams gradually improving their understanding of the unique storage and backup attack surface
- For regulated environments — such as the banking, health care, utility, and public sectors — the market has witnessed a sharp increase in the complexity of audits around adequate protection of the entire storage and backup ecosystem, including demands to provide evidence of frequent testing and validation of hardening
- Insurers have significantly raised the bar regarding securing their storage and backup, refusing to provide coverage for insufficiently mature organizations
“Dedicated storage and backup security tools are emerging that provide end-to-end VM coverage to all assets, including storage and backup software, management consoles, dedicated appliance, IP and non-IP network components,” Valik said.
“They can also validate compliance to leading security frameworks, proactively verify that storage and backup vendor security best practices are followed, and provide a framework for automating remediation.”
As the complexity of IT environments grows, the vital need for accurate inventorying of storage and backup assets become clear. Only by understanding the scope of these systems and associated software, can storage and backup assets be fully protected. Whether these assets are in the cloud, on-prem, in hybrid settings, or spread around multiple clouds, vulnerability management tools need the ability to find any and all software, hardware, and cloud assets.
5. Prioritize Remediation
There are so many vulnerabilities in modern storage and backup systems that it can be challenging to know where to begin with remediation efforts.
Eric Kedrosky, CISO of Sonrai Security, suggested that the evaluation of risk was a necessary earlier step to enable IT to know how best to proceed.
“A key best practice for vulnerability management is to take a risk-based approach,” Kedrosky said.
Give priority to the vulnerabilities that pose the most risk to the business. Particularly where resources are limited and personnel are scarce or overloaded, this approach simplifies the remediation process by taking the attention off trying to eliminate every vulnerability in the environment. Instead, IT can focus on fixing those that pose the biggest threat.
See more: 12 Top Vulnerability Management Tools