Today, cybercrime is good business. It exists because the profits are high while the risks are low. Far from stopping, cybercrime is constantly increasing. In 2023, the FBI received a record number of 880,418 complaints with potential losses exceeding USD 12.5 billion. This is a nearly 10% increase in complaints and 22% increase in losses compared to 2022.

According to the 2024 IBM® X-Force® Threat Intelligence Index, ransomware has become the most common attack observed globally in the past four years. Knowing the havoc caused by ransomware, organizations invest in creating lines of defense against this threat, so it is not surprising that today, cybersecurity is the number one expense in business technology.

When a cyberattack strikes, the ransomware code gathers information about target networks and key resources such as databases, critical files, snapshots and backups. Showing minimal activity, the threat can remain dormant for weeks or months, infecting hourly and daily snapshots and monthly full backups. Once the ransomware has collected all the information it needs, it begins the actual attack, encrypting and making critical files and databases unusable. File encryption is fast and the attack can cripple critical business data in a matter of minutes.

Take data resilience to the next level

Fortunately, ransomware attacks can be detected and several lines of defense can be built in advance to contain and control the threat. To help organizations face the different variants and strategies used to perpetrate an attack, IBM provides end-to-end data resilience solutions to efficiently defend organizations from ransomware and other malware attacks.

IBM Storage FlashSystem provides storage protection based on immutable copies of data logically isolated from production environments. These Safeguarded Copies cannot be modified or deleted through user errors, malicious actions or ransomware attacks. IBM Storage FlashSystem also offers inline data corruption detection through its new Flash Core Modules 4 (FCM4), which continuously monitors statistics gathered from every single I/O using machine learning models to early detect anomalies at block level.

For its part, IBM Storage Defender is a purpose-built end-to-end solution that significantly simplifies and orchestrates business recovery processes through a unified view of data protection and cyber resilience status across the hybrid cloud with seamless integration into security dashboards. It deploys AI-powered sensors to rapidly detect anomalies in virtual machines (VMs), file systems, databases and other applications hosted in Linux VMs.

Better together

These IBM Storage solutions are a flagship in the cyber resilience industry. Both have capabilities that complement each other, and working together can substantially improve the overall capacity for early threat detection, data protection and fast recovery. The way they interact in a coordinated manner is explained below:

To improve threat detection, IBM Storage Defender combines its software sensors with the inline data corruption detection (IDCD) that comes from the IBM FlashSystem Flash Core Modules. This dual source provides more data to the Machine Learning models, reducing false positives and producing more accurate results.

Additionally, IBM Storage Defender can help clients restore production systems more quickly, identifying the most recent trusted copy and its location. These protected copies can be in primary storage or traditional backups. If the copy is presented on primary storage, the client can use the value of that system to restore operations in minutes rather than wait for restoration over the network.

As an additional layer of protection, workloads can be restored in an isolated “Clean Room” environment to be analyzed and validated before being recovered to production systems. This verification allows clients to know with certainty that the data is clean and business operations can be safely reestablished. Clean Room environments can be configured through seamless integration with partner solutions.

Business benefits

The coordinated interaction between IBM Storage Defender and IBM Storage FlashSystem improves the lines of defense to fight ransomware more efficiently, delivering the following benefits:

• A unified and clear view of the overall data resilience status across primary and auxilliary storage.
• Automated creation of Safeguarded Copies logically isolated from production environments that cannot be modified or deleted during ransomware attacks.
• Ransomware detection at block level in 60 seconds or less.
• Detailed information about validated Safeguarded Copies and their location, so they can be used as a trusted source of data to recover business operations quickly.
• Ability to restore a Safeguarded Copy within 60 seconds or less.
• Clean room environment to verify that workloads can be safely restored to production.
• Alerts to Security Operations Center (SOC) and other incident teams to help coordinate the execution of recovery plans.

Today, only IBM can provide end-to-end data resilience across the entire hybrid cloud. IBM continues its commitment to further improve the synergy capabilities between IBM Storage Defender and IBM Storage FlashSystem, delivering the best solutions in the industry to maximize business continuity despite ransomware attacks and other data loss risks.