Better protection for IT environments: Nutanix strengthens security mechanisms against ransomware. Hybrid and multi-cloud specialist strengthens network, storage and virtualization services.
Nutanix, a specialist in private, hybrid and multi-cloud computing, has built additional protection mechanisms into its cloud platform to protect against ransomware. This includes functionality for threat monitoring and detection, and even more granular data replication, as well as robust access controls, all of which are an integral part of the Nutanix stack. The new functionalities complement the extensive data services for network security, file and object storage, virtualization and business continuity. They help companies to prevent attacks with ransomware across different cloud environments, to discover them and to survive them unscathed.
More home office - more attacks
The number of teleworking jobs continues to rise. Cyber criminals are intensifying their attacks to the same extent. The new functionalities make it easier to implement best practices for security and business continuity directly at the infrastructure level, instead of relying solely on a complex combination of security products based on them.
A current Gartner report comes to the conclusion that “there were increased attacks on teleworking workplaces and attacks using targeted malware in 2020 in order to exploit global events such as the Covid-19 pandemic. Ransomware has evolved beyond widespread off-the-peg attacks designed to infect individual endpoints. The attacks now operate on the basis of advanced techniques such as fileless malware and data exfiltration [...] These new types of ransomware make preventive measures and planning more necessary than ever to thwart ransomware attacks. "Companies and organizations, especially those with a large number of teleworkers or hybrid working environments, can no longer rely on measures or solutions that work at specific points to protect themselves. Rather, they must ensure that the IT infrastructure enables them to respond to such incidents in the best possible way.
Discover threats to networks and data
Nutanix's cloud platform now enables anomaly detection based on machine learning and services for evaluating IP addresses. This functionality is part of the network security provider's operations and monitoring solution: Flow Security Central, part of Nutanix Flow. Flow Security Central can be used to detect known attack vectors, including potential ransomware, at the network level before they reach the application and data layer. Specifically, Flow Security Central examines the network for anomalies, malicious behavior, and widespread network attacks that spread by looking for vulnerable targets. Flow Security Central also monitors endpoints to detect network traffic coming from dubious sources. This is particularly useful for protecting virtual desktop infrastructures (VDI), which are a primary target for initial infection and the spread of ransomware.
Native features to detect ransomware
Nutanix's cloud platform also includes native ransomware detection capabilities as part of the provider's services for storing files in Nutanix Files. The file analysis functions, a functional area of Nutanix Files, can detect abnormal and suspicious access patterns and identify known ransomware signatures. This allows data access to be blocked in real time. To ensure that snapshots are actually available when they are needed, the file analysis functions identify file drives with improperly configured replications and snapshots and inform IT administrators of the potential risk. Nutanix Files also creates immutable snapshots. This prevents the corruption and deletion of files, that is, common attack mechanisms in ransomware payloads, in order to prevent attempts to restore them. For file drives for which they have been activated, the native snapshot functions ensure accelerated recovery. With the help of these fully integrated functionalities of Nutanix Files, IT professionals can both discover and quickly eliminate the consequences of ransomware attacks.
Protect data and applications
To protect application data from ransomware attacks, Nutanix's cloud platform includes new functions in Nutanix Objects, the provider's solution for object storage. Objects now offers more granular permissions for accessing object data in primary and secondary storage. Specifically, with the help of Nutanix Objects, Write Once Read Many (WORM) rules can now be configured at the level of individual files and objects. The latter can be specifically selected by IT in order to prevent the unauthorized deletion or encryption of data and thus prevent many widespread attacks with ransomware. This WORM protection can be provided automatically by simply classifying the data in the “Legal Hold” category, which prevents the data from being falsified or maliciously destroyed. Objects' new protection features have been reviewed by Cohasset Associates. The result of this test confirmed that the functions meet the requirements for the non-overwritable and non-erasable storage of electronic documents, as specified in the relevant regulations of the SEC, FINRA and CFTC.
Objects now contains granular data access authorizations at the level of individual buckets. This enables IT administrators to better protect multi-tenant environments. In addition, the Nutanix platform now supports Microsoft Windows Credential Guard for virtual machines and virtual desktops that run on the AHV hypervisor. At the operating system level, Credential Guard offers additional protection against malware, the purpose of which is to steal access authorizations in Microsoft operating system environments. Ransomware uses this attack vector on a broad basis to gain administrator rights.
Ensure business continuity
Detecting and preventing threats are both key aspects of a strategy that effectively protects against malware and ransomware. In addition, however, companies should have a plan for how they can ensure business continuity in the event of an attack. Nutanix Mine, the solution from the provider of secondary storage, now offers direct backup of objects in conjunction with solutions from Nutanix partner HYCU Inc. This means that native ransomware protection such as immutability and WORM in objects can also be applied to this secondary storage solution. In addition, Nutanix has received new interoperability qualifications, including the Veeam® Object Immutability qualification, as well as certifications for other leading backup providers to expand ransomware protection for secondary storage.
“CIOs and CISOs know that there is no one solution that provides 100 percent protection against ransomware or other types of malware attacks. And in view of the current remote and hybrid working models, the attack surface in the company continues to grow, ”said Rajiv Mirani, Chief Technology Officer at Nutanix. “Companies should take a security approach that works in depth and starts with the IT infrastructure. At the same time, it must be possible to implement the appropriate security tools easily and fully integrated. Nutanix already provides a cloud platform as standard with additional protection mechanisms against ransomware, which are available immediately. "
More on this at Nutanix.com
About Nutanix
As a leading provider of cloud software and a pioneer in hyper-converged infrastructure solutions, Nutanix makes computing invisible everywhere. Customers worldwide benefit from the provider's software to manage and scale any app from a central platform at any location - in private and hybrid as well as in multi-cloud environments. Further information is available at www.nutanix.de or via Twitter at @Nutanix and @NutanixGermany.