Asigra Aims to Better Secure Backup and Recovery
Asigra today added a content disarm and reconstruction (CDR) capability to its Tigris data protection platform to identify malware that might be hidden in files an organization is depending on to thwart ransomware attacks.
Asigra CEO Eric Simmons said CDR enables scanning of all files prior to encryption and delivery to the backup repository as well as scanning those files during recovery.
Ransomware attackers today routinely embed malware in files for weeks before launching their attack. As a result, IT organizations often discover the supposedly pristine files they were depending on to thwart an attack have also been compromised. The bi-directional CDR capability makes it possible to ensure that backup files are pristine before being re-introduced into a production environment, said Simmons.
Ransomware attackers are increasingly embedding malicious code deep within content files that are often nested and zipped to avoid detection. The Asigra CDR capability deconstructs files into their smallest components to determine if malicious code, macros, links or executables have been embedded. After filtering and quarantining any found malware, CDR rebuilds the original file.
CDR complements existing security tools such as zero-day exploit protection, deep multifactor authentication (MFA), variable repository naming to non-standard names to prevent recognition and encryption/deletion, soft-delete enablement and FIPS 140-2 certified encryption. The overall goal is to thwart cybercriminals that are trying to weaponize files in a way that can render backup and recovery software useless, noted Simmons.
Data protection, of course, plays a crucial role in thwarting ransomware attacks. The issue is that far too many organizations fail to test their recovery capabilities. In addition to malware being embedded in files, it’s also not uncommon for IT teams to discover the files they have backed up have been corrupted. In the event of a ransomware attack, the organization often finds itself having to choose between a major disruption and caving into the demands of cybercriminals that may not even provide the keys to decrypt data after their ransom demands are met.
Cybersecurity professionals are paying a lot more attention to backup and recovery processes that were once considered to be little more than low-level IT maintenance tasks. They may not be responsible for performing those tasks, but they are nevertheless held accountable when an organization is unable to recover files that the business depends on to function. Cybersecurity professionals are consequently exercising a lot more influence over data protection platforms the organization relies on to thwart a ransomware attack.
The good news is funding for data protection in the age of ransomware has become easier to find simply because awareness of the issue among business leaders is high. The challenge is determining how secure one data protection platform is compared to another. In many cases, organizations are not really going to know how secure their data really is until an attack is launched. The one thing that is certain is the absence of a data protection platform all but guarantees a disastrous outcome.
