Cyberattacks are an existential risk, with 89% of organizations ranking ransomware as one of the top five threats to their viability, according to a November 2023 report from TechTarget’s Enterprise Strategy Group, a leading analyst firm.[1] And this is just one of many risks to corporate data – insider threats, data exfiltration, hardware failures, and natural disasters also pose significant danger. Moreover, as the just-released 2024 IBM X-Force Threat Intelligence Index states, as the generative AI market becomes more established, it could trigger the maturity of AI as an attack surface, mobilizing even further investment in new tools from cybercriminals. The report notes that enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn’t require novel tactics from attackers to target.[2]
To help clients counter these threats with earlier and more accurate detection, we’re announcing new AI-enhanced versions of the IBM FlashCore Module technology available inside new IBM Storage FlashSystem products and a new version of IBM Storage Defender software to help organizations improve their ability to detect and respond to ransomware and other cyberattacks that threaten their data.
The newly available fourth generation of FlashCore Module (FCM) technology enables artificial intelligence capabilities within the IBM Storage FlashSystem family. FCM works with Storage Defender to provide end-to-end data resilience across primary and secondary workloads with AI-powered sensors designed for earlier notification of cyber threats to help enterprises recover faster.
Click here to experience IBM FlashSystem in a virtual demo
Click here for IBM Storage Defender information
Early Detection of Threats in the Data Stream
Existing IBM FlashSystem products scan all incoming data down to block level granularity without impact to performance as it’s being written, using inline data corruption detection software and cloud-based AI to help identify anomalies that might indicate the start of a cyberattack, thereby enabling the system to detect, respond, and rapidly recover with immutable copies. The new technology enabled by FCM4 is designed to continuously monitor statistics gathered from every single I/O using machine learning models to detect anomalies like ransomware in less than a minute.[3]
“Cyber threats evolve rapidly, making early detection a critical step when we help clients respond to attacks,” said Daneyand “DJ” Singley, Executive Director at MAPSYS. “We’ve turned to IBM FlashSystem and FCM3 to help our clients achieve rapid recovery, and with the new FCM4 technology in new FlashSystem arrays, we anticipate the ability to take immediate action to thwart attacks.”
IBM FlashSystem products already measure parameters such as the compressibility and randomness, or entropy of data, and pass this information to IBM Storage Insights software so that it can alert operators when a workload anomaly has been detected, such as ransomware starting to encrypt an application’s data. The FCM4 technology in new FlashSystem arrays is designed to capture and summarize detailed statistics about every I/O in real time. FlashSystem uses machine learning models to distinguish ransomware and malware from normal behavior, positioning organizations to take action and keep operating in the event of an attack.
„Organizations need to take a ‚defense in depth‘ approach against ransomware and other cyberattacks, especially as malware becomes increasingly sophisticated,” said Dave Pearson, Research VP, Infrastructure, IDC. “Storage infrastructure is another layer where cyber resilience can improve, and IBM built its new FlashCore Module 4 with AI-based capabilities designed to speed ransomware detection, reduce the spread and impact, and accelerate recovery.“
Getting Smarter at Identifying Threats Across Workloads
IBM Storage Defender software offers end-to-end data resilience in modern hybrid multi-cloud IT environments that includes virtual machines (VMs), databases, applications, file systems, SaaS workloads, and containers. The new version of IBM Storage Defender expands its threat detection capabilities to help build trustworthiness of copies as a baseline for teams to begin recovery from cyberattacks. Additionally, IBM Storage Defender includes AI-powered sensors developed by IBM Research that are engineered to rapidly detect ransomware and other advanced threats with high accuracy. Defender raises high fidelity alerts to security tools to reduce the security breach blast radius and help enterprises recover from attacks.
We’ve added workload and storage inventory management capabilities to IBM Storage Defender designed to help organizations assess the extent of their applications and data. This can help them incorporate their assets in a business continuity plan to recover a minimum viable company after a cyberattack. Defender also adds the ability to orchestrate and automate the recovery of VMware applications.
Part of Defender’s appeal is the ease with which it integrates with other IBM Storage and IBM Security solutions, including IBM QRadar, IBM Guardium, IBM FlashSystem, IBM Storage Scale, IBM Storage Ceph, and IBM Fusion. Beyond IBM solutions, Defender integrates with Cohesity and will integrate with other third-party data platforms to bring end to end data resilience across the enterprise data estate.
Better Together
Individually, both FlashSystem and Defender have capabilities that can help make organizations more data resilient, but they’re even better together. For example, storage administrators can now create protection groups that include specific volumes and are automatically backed up according to user-defined policies. Immutable copies of data can now be restored or recovered to multiple target locations, including different locations when recovering from a cyberattack. Plus, immutable copies can be replicated to another IBM Storage Defender cluster for an additional layer of protection.
We’ve also engineered settings that allow administrators to automate the creation of Safeguarded Copy snapshots, cyber-resilient point-in-time copies of data that cannot be changed or deleted through user errors, malicious actions, or cyberattacks. Isolating these backup copies from production data is designed to enable organizations to recover data more quickly after a data loss event.
News reports show that threat actors are now deploying AI-based cyberattacks, and we must fight fire with fire. Our new FlashCore Module hardware and Storage Defender software both leverage IBM’s AI capabilities to help them better address this challenge. The IBM product portfolio is not only helping to deliver comprehensive data resilience to clients, including many of the world’s largest financial and health care organizations, to help them avoid threats in the first place, but also helping them accelerate the recovery process in the event that attackers have been able to get through.
[1] 2023 Ransomware Preparedness: Lighting the Way to Readiness and Mitigation, published by Enterprise Strategy Group / TechTarget, November 2023
[2] IBM Report: Identity Comes Under Attack, Straining Enterprises‘ Recovery Time from Breaches, published by IBM Security, February 2024
[3] Disclaimer: Internal experimentation by IBM Research has demonstrated detection of ransomware within 1 minute of the ransomware starting its encryption process. This experiment was done on a FlashSystem 5200 with 6 FCMs with the 4.1 firmware load. The 5200 had 8.6.3 GA level software loaded. The host connected to the 5200 was running Linux with XFS Filesystem. In this particular case, the IBM ransomware simulator called WannaLaugh was used. Underlying system must be compatible with FCM4.1 and version 8.6.3 GA level software loaded in order to receive results obtained.
By Sam Werner | VP, IBM Storage Product Management