April 15, 2024 By Raul Raudry 3 min read

Today, cybercrime is good business. It exists because the profits are high while the risks are low. Far from stopping, cybercrime is constantly increasing. In 2023, the FBI received a record number of 880,418 complaints with potential losses exceeding USD 12.5 billion. This is a nearly 10% increase in complaints and 22% increase in losses compared to 2022.

According to the 2024 IBM® X-Force® Threat Intelligence Index, ransomware has become the most common attack observed globally in the past four years. Knowing the havoc caused by ransomware, organizations invest in creating lines of defense against this threat, so it is not surprising that today, cybersecurity is the number one expense in business technology.

When a cyberattack strikes, the ransomware code gathers information about target networks and key resources such as databases, critical files, snapshots and backups. Showing minimal activity, the threat can remain dormant for weeks or months, infecting hourly and daily snapshots and monthly full backups. Once the ransomware has collected all the information it needs, it begins the actual attack, encrypting and making critical files and databases unusable. File encryption is fast and the attack can cripple critical business data in a matter of minutes.

Take data resilience to the next level

Fortunately, ransomware attacks can be detected and several lines of defense can be built in advance to contain and control the threat. To help organizations face the different variants and strategies used to perpetrate an attack, IBM provides end-to-end data resilience solutions to efficiently defend organizations from ransomware and other malware attacks.

IBM Storage FlashSystem provides storage protection based on immutable copies of data logically isolated from production environments. These Safeguarded Copies cannot be modified or deleted through user errors, malicious actions or ransomware attacks. IBM Storage FlashSystem also offers inline data corruption detection through its new Flash Core Modules 4 (FCM4), which continuously monitors statistics gathered from every single I/O using machine learning models to early detect anomalies at block level.

For its part, IBM Storage Defender is a purpose-built end-to-end solution that significantly simplifies and orchestrates business recovery processes through a unified view of data protection and cyber resilience status across the hybrid cloud with seamless integration into security dashboards. It deploys AI-powered sensors to rapidly detect anomalies in virtual machines (VMs), file systems, databases and other applications hosted in Linux VMs.

Better together

These IBM Storage solutions are a flagship in the cyber resilience industry. Both have capabilities that complement each other, and working together can substantially improve the overall capacity for early threat detection, data protection and fast recovery. The way they interact in a coordinated manner is explained below:

To improve threat detection, IBM Storage Defender combines its software sensors with the inline data corruption detection (IDCD) that comes from the IBM FlashSystem Flash Core Modules. This dual source provides more data to the Machine Learning models, reducing false positives and producing more accurate results.

Additionally, IBM Storage Defender can help clients restore production systems more quickly, identifying the most recent trusted copy and its location. These protected copies can be in primary storage or traditional backups. If the copy is presented on primary storage, the client can use the value of that system to restore operations in minutes rather than wait for restoration over the network.

As an additional layer of protection, workloads can be restored in an isolated “Clean Room” environment to be analyzed and validated before being recovered to production systems. This verification allows clients to know with certainty that the data is clean and business operations can be safely reestablished. Clean Room environments can be configured through seamless integration with partner solutions.

Business benefits

The coordinated interaction between IBM Storage Defender and IBM Storage FlashSystem improves the lines of defense to fight ransomware more efficiently, delivering the following benefits:

  • A unified and clear view of the overall data resilience status across primary and auxilliary storage.
  • Automated creation of Safeguarded Copies logically isolated from production environments that cannot be modified or deleted during ransomware attacks.
  • Ransomware detection at block level in 60 seconds or less.
  • Detailed information about validated Safeguarded Copies and their location, so they can be used as a trusted source of data to recover business operations quickly.
  • Ability to restore a Safeguarded Copy within 60 seconds or less.
  • Clean room environment to verify that workloads can be safely restored to production.
  • Alerts to Security Operations Center (SOC) and other incident teams to help coordinate the execution of recovery plans.

Today, only IBM can provide end-to-end data resilience across the entire hybrid cloud. IBM continues its commitment to further improve the synergy capabilities between IBM Storage Defender and IBM Storage FlashSystem, delivering the best solutions in the industry to maximize business continuity despite ransomware attacks and other data loss risks.

Monitor, protect, detect, and recover across primary and secondary storage
Was this article helpful?

More from IT infrastructure

IBM Test Accelerator for Z simplifies z/OS application testing and accelerates quality goals 

3 min read - Application development is becoming increasingly hybrid and complex, making accelerated delivery an essential business requirement. To deliver rapidly with high quality, practitioners use continuous testing practices to shift testing left, automate and improve quality to minimize risk.  Recent Gartner insights on Automated Software Testing Adoption and Trends (link resides outside ibm.com) reveal a growing "readiness to use advanced automation testing as DevOps and agile methodologies to propel growth. Even with these modern approaches, testing remains a significant challenge and CIOs are demanding agile testing…

FPGA vs. GPU: Which is better for deep learning?

5 min read - Underpinning most artificial intelligence (AI) deep learning is a subset of machine learning that uses multi-layered neural networks to simulate the complex decision-making power of the human brain. Beyond artificial intelligence (AI), deep learning drives many applications that improve automation, including everyday products and services like digital assistants, voice-enabled consumer electronics, credit card fraud detection and more. It is primarily used for tasks like speech recognition, image processing and complex decision-making, where it can “read” and process a large amount…

Build the foundation for SAP ERP modernization 

2 min read - Successful SAP ERP modernization programs begin with clear organizational alignment on wanted outcomes and expected business value, end-to-end scope and roadmap. This alignment is critical to enterprises that run their core operations on SAP ECC for years. It helps them determine where to start their modernization initiatives and how to prioritize, organize and plan to see the value of this investment.   To build this strategic plan, enterprises need a fact base that enables them to move forward with critical SAP…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters