Upgraded Ransomware Protection: How Multilayer Storage and Network and Data Protection Can Strengthen Your Resilience

Organizations increasingly need to become data driven to navigate the complexity of the modern world. The first step is to implement a resilient data security architecture, but that's becoming more problematic as cyberattacks become ever more sophisticated.

IDC data shows that a third of global organizations have been hit by ransomware or breaches that have prevented access to systems or data. IDC research shows that in the past 12 months, 35% of organizations have experienced three to four ransomware incidents. This type of cyberthreat has become a major problem for both business and IT leaders, as the short- and long-term effects of the attacks can be significant. Protecting data is now a priority for top managers.

Large organizations have become a main target of ransomware cybercriminals because they have big, complex infrastructures and more potential "entry points" for attackers. Attackers now use extortion of confidential data from organizations together with an "encrypt and demand" approach. Ransom demands have grown enormously in recent years. The average ransom in 2022 was around $150,000, with the average business disrupted for more than 5 days after an attack.

In conversations with IDC at a CIO and CISO roundtable in 2022, IT and security leaders highlighted some strategies to detect ransomware, with companies using a variety of techniques such as:

• - Greater use of backups and disaster recovery
• - Behavioral-based detection
• - Sandboxing or quarantining
• - Signature-based detection
• - Network traffic monitoring

IDC believes it's time for organizations to push these strategies further into a multilayered approach that includes a combination of these techniques, better security awareness training, and regular updates of endpoint and network security. Organizations should consider these data protection best practices:

• Network and storage combination. All organizations operate in an aggressive environment where the situation can change rapidly in weeks, days, or even hours. Combining network security capabilities and storage architecture should be standard for any company serious about building a robust and resilient infrastructure.

Network Interception

Network security is the first line of defense. It is critical for organizations to have a robust and updated network security product because it could prevent a ransomware attack before it even happens. Huawei's Network Interception module uses a combination of firewall, sandbox, and situational awareness.

Network-Storage Collaboration

Network-storage collaboration uses data from network security and storage protection to perform various tasks. Security situational awareness synchronizes ransomware attack notifications to the storage manager (data management engine, DME) in real time.

Storage and Data Protection

Storage is the last line of defense. The attack module starts in the networking environment and communicates with the storage environment. The ransom information emerges and the secondary infiltration function implants into the backdoor channel for secondary attack or expanded attack. Effective protection requires the storage environment to be resilient and help prevent extortion at the attack and post-attack phases, making storage the last line of defense.

Together with the networking, storage, and backup protection capabilities, Huawei's MRP offering provides a next-generation six-layer system for protection and resilience:

Ransomware prevention network solution:

• Layer 1: intrusion prevention at the network border
• Layer 2: spread prevention inside the network

• Layer 1: ransomware detection and interception on production storage
• Layer 2: second-level recovery using secure snapshots on production storage
• Layer 3: rapid recovery on local backup storage
• Layer 4: rapid recovery using secure data in airgaps