Book demo
28 August 2023

Prioritising Threat Detection with IBM Defender & Predatar: The Role of AI

In today’s increasingly interconnected world, cybersecurity remains a paramount concern. Ransomware, a form of malicious software that encrypts a victim’s data until a ransom is paid, continues to plague businesses and individuals alike. It’s crucial for organisations to rapidly detect and respond to these threats. Yet, with the barrage of alerts coming from security, backup and primary storage platform, how can you separate the real signals of cybercrime from the noise? Enter Artificial Intelligence (AI).

Why Combine Alerts Using AI?

  1. Efficiency: Manually sifting through countless alerts from various platforms is tedious and error-prone. AI can process vast amounts of data in a fraction of the time, pinpointing potential threats swiftly.

  1. Precision: AI can correlate disparate alerts and contextualize them. For instance, an anomaly in primary storage that aligns with a SIEM alert might be a significant threat. AI can recognise these patterns, thus reducing false positives and honing in on real threats.

  1. Proactive Defense: By analysing patterns, AI can predict potential ransomware threats before they manifest, ensuring that defences are in place in advance.

Automated Recovery Assurance Tests and Malware Scans

After identifying the potential ransomware threat, the immediate next step is verification and containment. Here, AI can automate the process by:

  1. Running Recovery Tests: Before a disaster strikes, it’s crucial to know if our backups and primary snapshots are sound. AI can take potential threat signals and use them to run recovery tests, ensuring that our backup and snapshot recovery mechanisms are robust and ready. This gives you the assurance that should the worst happen you will be able to recover.

  1. Malware Scans in Isolation: Using the identified threats, AI can automate malware scans on both primary snapshots and backups. To ensure no further contamination, these scans are run in isolated sandbox environments which IBM and Predatar call a CleanRoomTM.

Benefits of No Human Intervention

  1. Speed: Every second counts in ransomware defense. Automated AI responses ensure immediate action.

  1. 24/7 Coverage: Threats don’t stick to business hours. AI provides constant vigilance, ensuring no downtime in defence.

  1. Consistency: Automated responses ensure that every alert is treated with the same rigor, reducing the scope of human error.

In conclusion, as ransomware threats evolve, our defense mechanisms must keep pace. The Predatar platform incorporates state of the art AI to streamline alert processing, threat identification, and response testing for IBM customers. The synergy of Predatar AI with both your IBM Defender and existing IBM data protection platforms will ensure a safer digital realm and boost recovery assurance for your organization.

To find out more about the exciting topic of AI and Cyber Threats. Our MD, Rick Norgate will be bringing this to life in session number 2592 ‘Ensuring Unparalleled Data Resiliency with Predatar & IBM Storage Defender’ at IBM TechXchange in Vegas between the 11th and 14th of September. You can register for the event here.

Learn more about
Predatar recovery assurance

25 August 2023

CloudNordic Attack: 3 Key Takeaways for Bulletproof Data Defense

A recent ransomware attack on the large Danish cloud provider, CloudNordic, has resulted in catastrophic data loss for its customers. In a grim online notice, CloudNordic admitted that the ransomware attack rendered them entirely paralyzed. The aftermath? The majority of their customers should consider their data permanently lost. Such devastating events remind us of the growing audacity of cybercriminals and the vulnerabilities inherent in even the most trusted of IT setups.

The infiltration occurred in the early hours of August 18th 2023. The criminals, in a calculated move, shut down CloudNordic’s systems, erasing both the company’s and its customers’ websites and email platforms. Efforts to restore the data proved futile, as both production data and backups were compromised. Though it might provide some solace, CloudNordic clarified that they found no evidence of any data exfiltration before the encryption. They speculated that the breach occurred while servers were transitioning between data centres. Some servers, pre-infected, were all linked to CloudNordic’s internal network during the transition, granting the hackers all-access.

Given this sobering incident, how can companies who use the cloud to store business data prevent falling prey to similar attacks?

  1. Segregated Backup: CloudNordic’s transfer process inadvertently connected their servers to one internal network which then led to the breach. Ensure that different components of your IT environment (like production, backup, and administrative systems) all use isolated networks, separate access controls, and distinct cloud storage accounts. This will ensure backup data remains untouched even if production data is compromised in the cloud.
  1. Multi-layered Backup Strategy: CloudNordic’s backups were compromised along with the production data. This can be avoided if companies follow the 3-2-1 rule: keep three copies of your data, on two different mediums, with one stored offsite. Moreover, offline or air-gapped backups can prevent ransomware from accessing and encrypting backup data.
  1. Regular Security Audits & Recovery Assurance Testing: Using tools such as Predatar to deliver automated security checks across backup can identify vulnerabilities before they’re exploited. In addition continual automated restore testing and malware scanning provides assurance that, in the event of an attack, your organisation can efficiently restore from backups.

In conclusion, while CloudNordic is now offering a method for their clients to re-establish web and email servers (sans data), it’s a stark reminder that proactive measures are infinitely preferable to reactive solutions. In the rapidly evolving cyber landscape, relying solely on standard backups from a cloud provider can be perilous. Such backups, while convenient, often exist within the same ecosystem as primary data, making them vulnerable to the same threats. Cyberattacks, like ransomware, can simultaneously target both primary and backup data if they’re co-located. Additionally, cloud outages or provider-centric issues could jeopardise both datasets. For optimal security, diversified backup strategies, incorporating offsite and offline measures, are crucial. Simply put, a holistic approach to backups transcends mere convenience—it’s a necessity for robust data protection.

Book a demo here and find out how Predatar and IBM can help your business secure its cloud data.

Learn more about
Predatar recovery assurance

09 August 2023

Customer story: Hidden malware, hunted-down in 10 days.

Built for complex storage environments, Predatar uses artificial intelligence, automation, and industry-leading EDR (Endpoint Detection & Response) software to identify and fix potential recovery problems including hidden malware. This short customer story illustrates how one of our newest customers began to achieve significant value from Predatar in just a matter of days.

The customer challenge
A large European industrial machinery manufacturer, with over 250 offices worldwide and annual revenues of more than $250 million (USD) approached their IBM storage business partner early in 2023 with a challenge to solve.

In light of the increasing prevalence of cyber-attacks across many industries – including manufacturing, the customer’s leadership team had initiated a review of operational resiliency in order to minimise downtime in the event of a data breach. The objective was to improve processes across the business to achieve a state of readiness – should the worst happen.

Backup and recovery was a key part of the review, and it quickly became clear that despite having robust backup processes in place, the business was unable to prove its ability to successfully recover data at scale from its extensive 200TB+ IBM backup environment.

Furthermore, there was no mechanism in place to validate that malware had not been ingested into backup repositories – leaving a very real risk that recovery from backups following a cyber-attack would result in re-infection and significant additional downtime.

The challenge… How could the customer be certain of their ability to recover from their backups without the risk of recovery failures or reinfection?

The Solution
Predatar Ultimate was deployed to provide continuous recovery testing and deep malware scanning in an isolated Predatar CleanRoom.

As well as ensuring that the customer’s backups are recoverable, and free from hidden malware – Predatar also monitors the entire IBM Storage Protect environment, providing a real-time recovery confidence rating, threat-level score, and alerts of potential recovery risks as they happen.

The result
Within 10 days of deployment, Predatar had found and cleaned malware in the customer’s backup environment that had not been detected by the customer’s primary XDR software. This malware had been replicated into the backup repositories, where it had remained present for over 200 days.

To-date, Predatar has found and removed malicious files including the hacking tool, HKTL_NIRCMD.GA from the customer’s backup environment ­which is known to be linked to a number of large scale ransomware attacks.

As well as removing existing threats, Predatar is continually improving the customer’s cyber resiliency posture. Since deployment the customer’s cyber grade has improved from an E- to D+, and thanks to the built-in AI and automation this will continue to improve over time.

Master your data resilience
Predatar brings Recovery Assurance capabilities to Veeam, Cohesity, IBM Defender Data Protect, IBM Storage Protect/Plus, and IBM FlashSystems.

To see how you can achieve recovery confidence contact the team, or book a demo.

Sign up today!

Learn more about
Predatar recovery assurance