NetApp’s data-centric security solutions for today’s top cyberthreats

The 2022 Verizon Data Breach Investigations Report (VDBIR) was recently released.  With its 15th edition, the VDBIR is a key indicator of the security threat landscape and is top of mind for many CIOs, CSOs, and CISOs. The report is a relied-upon and valuable source of cybersecurity information. 

The report describes a total of 23,896 security incidents and 5,212 breaches.  A breach is defined as an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. An incident is defined as a security event that compromises the integrity, confidentiality, or availability of an information asset.

• Ransomware increased 13% year over year (the largest increase in the last 5 years), for a total increase of 25% since 2017.

NetApp perspective 

The increase is not a surprise. At the NetApp Insight^® 2019 ransomware session, we mentioned in our future projections that ransomware was expected to continue to increase and that attackers would start focusing on destroying the backups first. This projection continues to prove to be true. However, with our ransomware protection solutions, customers can detect ransomware early and prevent its spread, and they can also prevent deletion of critical NetApp^® Snapshot™ backup data using ONTAP^® features like multi-admin verify (MAV) and SnapLock^® Compliance. For more about NetApp’s ransomware protection capabilities, see 10 REASONS: NetApp for Ransomware Protection.

• Human error is responsible for 13% of breaches, and “this finding is heavily influenced by misconfigured cloud storage.”

NetApp perspective 

Although the cloud represents an unprecedented ability to dynamically grow workloads and allows organizations to scale their applications and resources at lightning speeds, it also comes with additional security concerns. In many cases, it’s up to the customer (not the cloud provider) to make sure that their cloud operations are configured as securely as possible. The increase in cloud resources also means more security alerts to respond to and investigate. According to Google’s State of DevOps Report, DevOps and security teams are wasting up to 50% of their time chasing down false positives or attending to alerts that don’t actually fix underlying problems.” Enter NetApp Spot^® Security. The Spot platform ingests data from cloud APIs, network traffic, and user activity to monitor cloud infrastructure events like access, utilization, and configuration changes. With this information, Spot Security analyzes, detects, and visualizes the impact that one resource will have on others. This continuous monitoring and analysis provides clear objectives, removes false positives, and steers DevOps efforts to real issues. Learn more about SPOT security here, including a recent NetApp Tech OnTap^® Podcast focused on Spot.

• Internal or insider threats aren’t going away any time soon. About 20% of data breaches were caused by internal actors, and more than 80% of specific “privilege misuse breaches” involved internal actors abusing their credentialed access.

NetApp perspective 

NetApp ONTAP^® has been helping customers defend against insider threats since the earliest versions of ONTAP 9. Built-in features like role-based access control (RBAC) limit individual user permissions to only those they need to do their job. Audit logs can be exported to a remote syslog server so that admin actions can be reviewed by the customer’s security operations center and to make sure that appropriate actions are taken. Multifactor authentication (MFA) has been around since ONTAP 9.3. However, these features are not adequate to cover the very damaging types of attacks that insiders can mount. After all, an insider is going to have appropriate MFA credentials. 

This is why ONTAP introduced multi-admin verification. MAV requires multiple administrators to approve certain commands that can be destructive. This measure applies even to the cluster administrator account. There can be as many approvers of the command as required. Commands like volume delete, snapshot delete, and creating additional user accounts are all covered by MAV, which ensures that a single insider cannot take critical data offline or destroy it, even if they have MFA credentials.

Another key component of protecting critical assets from insiders is knowing where your most sensitive data is located. The VDBIR highlighted that specifically for “privilege misuse breaches,” personal data is the most common data type that internal actors go after. It’s important to understand where this data is located and to monitor it closely. However, it can be challenging to find all the data of this type in an organization. This is where NetApp Cloud Data Sense can make a difference.

NetApp Cloud Data Sense is a GigaOm leader in unstructured data management. It enables data governance, allowing you to automate data discovery, classification, and labeling. It also enables you to determine data ownership and then to automate the processes for deleting data or performing other actions on it. It’s a key component in protecting important data from insider threats. Learn more about Cloud Data Sense here.

In 2022 hackers, attackers, and malicious actors are doing nothing to ease the burden on organizations to protect their most critical asset, their data. The 2022 VDBIR confirms that. Fortunately, NetApp provides solutions that are focused on data-centric security, giving customers peace of mind knowing that their data is protected. These solutions also show how NetApp stands out, with superior security value and data-centric security capabilities. 

Download the VDBIR Full Report.