Data Protection Software

 View Only

Detect ransomware threats on VMware VMs with Storage Copy Data Management

By Akash Kushwah posted Tue August 20, 2024 07:07 AM

  

In the digital age, where data is the new currency, ransomware attacks pose a significant threat to organizations. With the rise of sophisticated cyber threats, it's crucial for organizations to implement proactive measures for ransomware detection and ensure swift recovery capabilities.

Today, I want to talk about ransomware detection by means of enterprise systems scanning, but the approach we’re discussing today is for VMware virtual machines.

Virtual machines (VMs) are not immune to ransomware attacks. These attacks can encrypt critical data and bring operations to a halt, demanding a ransom to restore access. To combat this, Storage copy data management now offers the capability to scan VMWare Virtual machines for ransomware detection.

Storage Copy Data Management (SCDM) is now capable of scanning one or more VMs as part of a backup job and will alert users if any threats are detected. SCDM uses its integrated ransomware detection solution provided by Index Engine's CyberSense to scan backups for ransomware and facilitates an end-to-end automated cyber resilience workflow that is designed to help protect copies of data, detect malicious code attacks, and enable accelerated and automated recovery of data from clean copies with IBM FlashSystem® family and SAN Volume Controller (SVC) storage.

The IBM Storage Flashsystem offers protection through immutable copies of data known as Safeguarded Copies, which are isolated from production environments and cannot be modified or deleted. IBM Storage Copy Data Management can recover workloads directly from the most recent trusted/scanned Safeguarded Copy to significantly reduce the time needed to resume critical business operations, as data transfer is performed through the SAN (FC or iSCSI) rather than over the network.

The below diagram illustrates the flow of the VM Backup and Scan job in SCDM.

VM Backup with Scan job flow in SCDM

When Ransomware threats are detected on any of the VMs that are being scanned, the SCDM alerts users and shows the infected VM’s details:

Here is how SCDM analyses backups for scanning:

  • Reads from the Safeguarded Copy.
  • Analyzes the full content of the file, its ID, type, and extension
  • Generates and apply 100+ metrics to identify the ransomware through AI such as
    • Compare against thousands of real ransomware variants
    • Compare against millions of clean samples
    • Continues exploration, retrieval, detonation
  • Detects ransomware threats with 99.5% threats.

The following snapshot depicts the SCDM VMware backup & Scan job detecting a ransomware threat on the VM named “Linux VM”

Scan job detects a threat in the VM while scanning it.

Ensuring business continuity is essential to build operational resilience and trust, Storage Copy Data Management and IBM Storage FlashSystem can be seamlessly integrated to achieve this goal by combining advanced capabilities that complement each other to build a robust data resilience strategy. By working together, Storage Copy Data Management and IBM Storage FlashSystem effectively combat cyber-attacks and other unforeseen threats.

This functionality was introduced in recent release of SCDM (2.2.24)

Reviewers - 

@Shashank Shingornikar @Pepe Lam

Tags:

#IBMStorage, #StorageCopyDataManagement, #DataResilience #VMware #FlashSystem#SafeguardedCopy #Immutable #SCDM #IndexEngine #Cybersence #VirtualMachine #VM

0 comments
31 views

Permalink