The importance of data monitoring and Zero Trust in battling ransomware

By Derek Giarratana, supplier manager

Ransomware is real and security threats continue to evolve, with new ones emerging daily. At times, organizations can feel that they won’t fall victim to ransomware, but now is not the time to ignore the facts. In 2019, it was reported that ransomware attacks were up by 41 percent, and in 2020 with the pandemic at the forefront, it was predicted that an attack occurred every 11 seconds.

In addition to the sheer volume of attacks, today’s ransomware and malware are also gaining in sophistication. Using random extensions and file names, the latest threats are making detection using blocked list solutions difficult and, in many cases, completely ineffective.

Every time an attack occurs, it takes significant time and money to remediate. Recovery time takes, on average, at least 16 days, and 67% of organizations that have been hit by an attack have lost all or part of their data. This is particularly problematic for public sector organizations that are faced with strict compliance requirements such as HIPPA, GDPR, CIPA, and CJIS.

Embracing the three pillars of security

In a previous post, I highlighted the three pillars of security designed to protect an organization’s most valuable asset – data – against attacks. The pillars include a Zero Trust approach, data monitoring and data recovery. When put into place, these pillars will enable public sector IT leaders to better address the latest security threats.

The role of data monitoring

Active data monitoring requires every user activity across on-premises and hybrid cloud environments to be captured and analyzed. Once data access patterns are analyzed, it is important to monitor and report on all activity from insiders, outsiders and rogue users. Advanced reporting and auditing make it easy to identify violators and possible threats.

With a Zero Trust approach already in place, no assumptions are made about trusted users or “insiders,” which is typical in a traditional perimeter security model. All activities are monitored in real time. Data is used to automatically identify working communities of all users coupled with the ability to audit document access helps you to ensure compliance with regulatory requirements.

How to detect threats

Cloud Secure, a feature of NetApp Cloud Insights, detects anomalies in user behavior by building a behavioral model for each user. It uses advanced machine learning algorithms to uncover unusual data activity and detect a potential attack. This approach provides dynamic and accurate detection and reduces false detection noise.

Notifications, responses, forensics and reporting

Once risky activity is detected, time is of the essence. As soon as suspicious behavior is detected, Cloud Secure alerts you and automatically takes a data snapshot. This notification and snapshot are critical to ensure that data is immediately backed up. The faster you can respond and provide a backup, the quicker recovery from the attack can take place.

Additionally, for forensics and reporting, Cloud Secure provides a graphical interface to slice and dice activity data to perform data breach investigations and generate user data access audit

reports. It allows multiple views of file data activities by user, time, activity type, and file attributes, simplifying the audit reporting and incident investigation.

A proactive response to ransomware

As ransomware threats continue to grow, it is critical for public sector organizations to detect threats before it’s too late. The first step is to embrace a data-centric Zero Trust approach to enable fast detection, response and remediation. The second step is to implement a robust data monitoring solution to detect malicious activity and satisfy the auditing and reporting requirements which are essential for meeting compliance.

Keep up to date on the latest trends in public sector IT. Subscribe to immixGroup’s Government Sales Insider blog now!

Want to know how your company can support SLED organizations to leverage Response & Relief Act funds? View our recent webinar here.