Protecting Storage in the IT ‘Kingdom’

This article was written on March 4, 2020 by Yaniv Valik VP of product, cyber and IT resilience, Continuity Software, Inc.

Protecting Storage in the IT ‘Kingdom’
Here’s What Teams Need to Do

A company’s IT system is in many ways comparable to a kingdom.

It’s the job of front-line soldiers to keep invaders from endangering the population – and to protect the nation’s treasures. Similarly, in the IT kingdom, it’s the job of security teams to keep the system safe – by ensuring that invaders, like malware, remain away from the treasure houses, ie the system’s data and storage.

Similar to statecraft, it’s important that battles vs. malware be fought at the edge of the kingdom – on the workstations and email accounts of employees. Under no circumstances can malware be allowed to get into the system’s treasure house, the storage systems where data is stored. These include the storage arrays, cloud storage, virtual SAN, file servers, file systems, raw devices, appliances, etc, that companies rely on to do business. The question for businesses is how to accomplish this – and the answer relies, of course, on vigilance, both human and in the form of systems that can fill the gap and provide the knowledge and automation teams need to keep storage safe.

Is storage really at risk?
Without a doubt, according to a report by Kaspersky. While NAS is largely perceived as a secure technology, new types of ransomware target NAS and “poses new risks for backup data usually stored on devices. With NAS, users are often unprepared for the possibility of infection, putting their data at higher risk.”

The report points to increasing attacks on NAS using encryption malware. The exploit is similar to ransomware, but are even more nefarious; while traditional ransomware gets into a system via e-mail or web links, NAS attackers “scan ranges of IP addresses looking for NAS devices accessible via the web. Although only web interfaces protected with authentication are accessible, a number of devices have integrated software with vulnerabilities in it. This allows the attackers to install a Trojan using exploits, which will then encrypt all data on the devices connected to the NAS.”

According to the company, such attacks grew in 2019.

The realization that storage is vulnerable is also exemplified by the recent US SEC risk alert to financial firms. It warned that firms’ inconsistent use of security features was putting customer records and information in network storage at risk and the resulting weak and mis-configured security settings could lead to unauthorized access to key, confidential data.

The SEC report points to three factors that increase the risk that a company’s storage system will be compromised.

They include:

• Misconfigured network storage solutions – where firms did not “adequately configure the security settings on their network storage solution to protect vs. unauthorized access.” An example of that might be failing to remove “phantom” admin accounts that are no longer in use, and whose passwords were never updated, but still have access to IT assets that could allow hackers to compromise storage systems;
• Inadequate oversight of vendor – provided network storage solutions – where companies fail to configure security settings according to vendor recommendations, fail to install security updates as required, or install systems that could impact the security level of their NAS, such as inadvertently changing security settings in config files and the like; and
• Insufficient data classification policies and procedures – where firms allowed too many people access to storage systems where sensitive data was stored, providing hackers with a wider “platform” from which to try and compromise security.

The SEC also makes recommendations on how to ensure storage security, including setting up proper security policies, ongoing maintenance and review of those policies, ensuring proper configuration, and procedures that, among other things, ensure that “patches and updates did not unintentionally change, weaken, or otherwise modify the security configuration.”

Setting up policies and guidelines is easy, but ensuring they are followed by all employees all the time is more of a challenge – while, for most IT teams, keeping an eye on the thousands of incidents that could “change, weaken, or otherwise modify the security configuration” is practically impossible, given the range and scope of modern IT systems, which can include tens of thousands of systems in-house, as well as in the cloud. That’s a heavy load for any IT team to carry, and given that human error is a major – if not the main – cause for security breaches, it stands to reason that simply relying on policy and enforcement of such is a recipe for disaster.

If humans are the weak link in security, IT teams need some super-human assistance – in the form of smart systems that use knowledge and automation to determine if security procedures are being followed and that everything is properly configured. Such systems could examine storage components, check for vulnerabilities and violations of best practices, and determine if the system is at risk.

When a problem or conflict is found that could be taken advantage of by a hacker, the system could alert IT teams, who can repair the issue. The knowledge-based system would be on duty 24/7, examining every change to the security posture – constantly analyzing, and learning, to better understand threats and alert IT teams when one that can compromise the storage system is discovered.

Thus will organizations be able to ward off threats to their storage systems, if there are no configuration issues and all policies are being followed as required, the chances of a hacker finding a hole through which to wrangle their way into a system is reduced, – ensuring security for the organization’s treasures, and keeping hackers outside the kingdom, where they belong.