Book demo
22 May 2024

Edam good look at Cyber Resilience… with the Swiss Cheese Model

Do you know the Swiss Cheese Analogy?  Go to any cyber security conference, and we guarantee you will spot at least one presenter using it.

The Swiss Cheese Model has become a useful and memorable tool to explain why multiple layers of defence is essential for robust cyber security.

The model was originally used in risk analysis and risk management to illustrate how different layers of defence, each with its own potential flaws, could collectively form a nearly impenetrable barrier when stacked together. Each layer of ‘cheese’ represents a security measure, and the holes represent potential weaknesses.

This concept is used when discussing cyber. The idea is that while one layer may have vulnerabilities, the overlapping layers cover these gaps, significantly reducing the risk of a successful cyber-attack.

So does it work…?

Organisations around the world are using Predatar to test their backups and primary storage snapshots for both recoverability and cleanliness, and when we look at the global results from these tests we find that Predatar identified malware lurking in the backups of more than 70% of our customers (with half being found within the first 2 weeks of Predatar going live).

70% of Predatar customers had malware in their backups

Holy Cheese! That’s quite a stat, right?

…Nearly three quarters of Predatar customers had malware hiding in their storage that had evaded multi-layered cyber security defences, including market-leading XDR tools.

This underscores the cunning nature of modern cyber attacks and the effectiveness of the latest malware to avoid initial detection. Once inside your network, malware will embed itself within data, remaining dormant and undetected until it is activated by the bad-actors (or until it is discovered and removed, by Predatar).

This high rate of malware discovery within storage, shows that you can never have too many slices in your multi-layered defence. As a great man once said… “we need more cheese, grommit”

More importantly, it highlights the need to think differently about cyber. Organisations need to acknowledge that no perimeter defences (no matter how robust) are ever totally infallible. They need to prepare for, and expect a breach.

Predatar takes the principle of the Swiss cheese model and applies it in a new way, bringing threat detection to backups and snapshots, to find malicious artefacts that have slipped through the net.

By supporting multiple third-party eXtended Detection and Response (XDR) tools, Predatar embraces the strengths and acknowledges the gaps inherent in any single cybersecurity tool.

Our testing with Predatar has proven that different XDR tools excel in various aspects of threat detection and response, and by integrating multiple solutions into the Predatar CleanRoom, we enhance our customers detection capabilities. This approach is akin to having several additional slices of Swiss cheese stacked together, where the strengths of one can cover the vulnerabilities of another.

A second chance to find zero day attacks

Recovery testing typically occurs later in the data management cycle, which uniquely positions it to catch zero-day attacks that have bypassed earlier detection layers. Zero-day attacks exploit previously unknown vulnerabilities, meaning they are not identified by traditional antivirus software until after the attack has commenced. By implementing advanced recovery testing which includes automated threat detection, Predatar adds another crucial layer to our customers defensive stack, not only enhancing malware detection but also verifying the integrity and recoverability of data.

In summary

The practice of layered testing and recovery isn’t merely about finding malware; it’s about building confidence in your ability to recover from an attack. Just as importantly, it serves as both a diagnostic and a drill to ensure that all systems function as expected under stress conditions. New threats continue to emerge daily, so having a multi-layered approach in line with the Swiss Cheese Model isn’t just advisable; it’s imperative.

So yes, you’re probably bored of seeing and hearing about the Swiss cheese model. But it remains vital, as it illustrates the necessity of layered defences. At Predatar, our approach takes this model to the next level by integrating multiple XDR tools and emphasising rigorous recovery testing, ensuring that our clients can confidently manage and recover their data amidst the ever-evolving cyber threats.

Learn more about
Predatar recovery assurance