In the digital age, where data is the new currency, ransomware attacks pose a significant threat to organizations. With the rise of sophisticated cyber threats, it's crucial for organizations to implement proactive measures for ransomware detection and ensure swift recovery capabilities.
Today, I want to talk about ransomware detection by means of enterprise systems scanning, but the approach we’re discussing today is for VMware virtual machines.
Virtual machines (VMs) are not immune to ransomware attacks. These attacks can encrypt critical data and bring operations to a halt, demanding a ransom to restore access. To combat this, Storage copy data management now offers the capability to scan VMWare Virtual machines for ransomware detection.
Storage Copy Data Management (SCDM) is now capable of scanning one or more VMs as part of a backup job and will alert users if any threats are detected. SCDM uses its integrated ransomware detection solution provided by Index Engine's CyberSense to scan backups for ransomware and facilitates an end-to-end automated cyber resilience workflow that is designed to help protect copies of data, detect malicious code attacks, and enable accelerated and automated recovery of data from clean copies with IBM FlashSystem® family and SAN Volume Controller (SVC) storage.
The IBM Storage Flashsystem offers protection through immutable copies of data known as Safeguarded Copies, which are isolated from production environments and cannot be modified or deleted. IBM Storage Copy Data Management can recover workloads directly from the most recent trusted/scanned Safeguarded Copy to significantly reduce the time needed to resume critical business operations, as data transfer is performed through the SAN (FC or iSCSI) rather than over the network.
The below diagram illustrates the flow of the VM Backup and Scan job in SCDM.