Cyber incidents are increasing in both frequency and severity, with ransomware being one of the most disruptive threats to modern businesses. Being able to recover your data and applications quickly and easily should be a priority and your first line of defense, not your last. The ultimate objective of many cyber-attacks is to gain access to your data. In 2022, Ransomware was responsible for 17% of cyber-attacks according to the IBM Security X-Force Threat Intelligence Index 2023. Primary Storage Systems, like IBM FlashSystem are designed to provide the best Cyber protection in the industry. FlashSystem protects you by ensuring authorized access to your system administrative controls with multi-factor authentication (MFA), two-person integrity for key commands, system configuration parameters lockdown (i.e. system time and log modification) and role based and object-based access controls to ensure bad actors are prevented from targeting your data in malicious ways.
In addition to protecting your stored data from unwanted access, IBM FlashSystem works in tandem with IBM Storage Insights to provide an inline threat detection. The system continuously monitors I/O activity and feeds machine learning models to identify abnormal behaviors. These abnormal behaviors could be a signature of a data exfiltration, a ransomware attack, or a malicious change in the host operation systems. The alert from an abnormal behavior helps storage administrator and cybersecurity professional identify a timeframe of the cyber incident.
To solve for this, IBM FlashSystem offers immutable data snapshots, stored in a logically air-gapped location, ensuring businesses recover their critical backups within 60 seconds or less from a ransomware attack that aims to encrypt your data. For example, an immutable snapshot scheduled before the attack can be restored, patched, and made available to applications during a cyber crisis. These snapshots can also be used during the incident response in a forensic investigation. Two main considerations for a storage resiliency strategy are recovery time objective (RTO) and recovery point objective (RPO). RTO is reduced to 60 seconds or less for the on-array SafeGuarded Copy immutable snapshot while RPO can be met with the integration of IBM Storage Defender and IBM Tape System for long term logical and physical air-gap of data.
What is the FlashSystem Cyber Recovery Guarantee and what does it mean to you?
Building on our mission to protect customer data from these types of threats, IBM is launching a guarantee to recover your immutable snapshot data in 60 seconds or less, enabling businesses to persist through a ransomware attack protected by the IBM FlashSystem with Safeguarded Copy immutable snapshot. The Safeguarded Copy feature in IBM FlashSystem enables clients to make scheduled immutable snapshots, while preserving changes to data up to the time of the snapshot. In the event of a ransomware or a cyber-attack where data is affected, clients can restore the previous snapshot for the volume and make available to the operating systems or applications in 60 seconds or less on a local array. This allows the client to continue business operations with minimal disruption while preserving the critical evidence for incident forensics. IBM Expert Care together with IBM Storage Insights help ensure client's restoration process goes smoothly. If Safeguarded Copy takes longer than 60 seconds or is unrecoverable, IBM Expert Lab will be there to help the client gets back on their feet. Our guarantee is focused on the client’s business to ensure a quick return to operation without having to wait for a new clean box to be shipped on next business day.
This IBM FlashSystem Cyber Recovery Guarantee is a continued expansion of our cyber-attack detection, prevention, and recovery initiatives. This guarantee builds on top of IBM FlashSystem’s secure by design architecture. The lifecycle of your data is also protected with the encryption of data at rest at the drive level using a quantum resistant algorithm. Check out this video to learn more:
IBM Storage and IBM Security Ransomware Solution:
How is the Cyber Recovery Guarantee Different?
Leveraging IBM’s breadth of expertise on data and security, IBM offers the most complete storage hardware and software to secure critical and operational data across primary, secondary and tertiary storage with logical, operational and physically air-gapped systems – guaranteed. These solutions provide the necessary capabilities to not only safe-guard your data, but to also detect and remediate threats as data moves across storage tiers, ensuring business continuity in the event of an attack.