One of the things we’ve seen with traditional architectures is that most organizations have the same virtual machines. They have physical servers and databases that have grown so large that they cannot protect them in their window. In many cases they have NAS architectures that would traditionally protect them with native NAS tools, but they don’t necessarily offer the same level of recovery or isolation from cyberattacks.
To protect these different workloads, the traditional architecture consisted of different parts, be it something like a master server or a media server, and these server-based operating systems with applications installed on them send data to different storage devices. In many cases, we have seen these servers compromised as part of a ransomware attack.
At Cohesity, we’ve taken all of these different bits and pieces and consolidated them into a single hyperconverged architecture. In fact, we all run these services as logical units in our cluster. This clustered approach gives us several major benefits. The first is that we distribute the workload across all nodes. This allows us to back up and restore much faster than with traditional architectures.
The platform architecture itself gives us the ability to recover data quickly, which is a key concern. Because it’s a node-based architecture, there are no disruptions for upgrades, forklift upgrades, or downtime caused by software upgrades. We can add or remove nodes while it’s running. We have a full suite of ransomware protection features built into the platform and we have storage efficiencies to help organizations reduce the amount of data they need to store to reduce costs.
CONTINUE READING: Layered security is critical to health system response planning.
HEALTH TECHNOLOGY: How can healthcare organizations protect privacy platforms from these attacks?
HALEY: We have developed an architecture designed for security. It starts with a hardened architecture where we built a platform that leverages technologies like encryption and immutability and has skills for things like write once, read many (WORM)even architectures to support technologies like air gap. We’ve also developed a full suite of technologies to maintain and restrict access, and as such have granular role-based access control. Not everyone needs to be an admin. We can give people the rights they need to do what they need to do without everyone having too many rights.
We also support technologies like multi-factor authentication. My #1 recommendation to everyone, both professionally and personally, is to enable multi-factor authentication for everything. Everything that is important to you should be switched on. It’s a major deterrent from several of the credential compromises we’ve seen. Multifactor authentication is a tremendous defense against attacks. In addition to protecting data, we also help people detect anomalous activity.
HEALTH TECHNOLOGY: How can Cohesity help make IT teams aware of security issues?
HALEY: We have integrated a platform into our Helios Single Pane of Management Consult. We look at each object we protect and create a trend line for each object. The trend line shows how much data is backed up each day, how many changes are made, and which files are added, changed, or deleted. We also examine it more closely to understand how compressible the data is or how suitable it is for deduplication.
What we really do is look for the signatures of a ransomware attack on data. The idea of creating a trend is that we understand what a normal day, week or even month looks like for any object around. As part of anomaly detection, we’ll alert you when we see something that’s not trending. We also show you the last clean backup. So we will show you where we detected the anomaly and we will show you the last non-anomalous protection point as well as a list of the files we detected that were affected.
Generally, if you see this as a challenge, you can initiate recovery directly from the detection window. If it’s something you expected – maybe you installed a service pack or updated an application on the system – you can just ignore the anomaly. We’ve also set this up to send an alert directly to the Cohesity mobile app. It’s just another pair of eyes looking at the data and we develop it using artificial intelligence and machine learning.
DISCOVER: Learn how infrastructure upgrades helped an organization survive a ransomware attack.
HEALTH TECHNOLOGY: What can healthcare organizations look for to recover quickly from cyberattacks?
HALEY: We index all data that we store. We create a searchable index. We also have an index and inventory that is searchable worldwide for all of the objects we protect. We have tools in an actionable methodology. We can search for something and act as soon as we find it. So we have these to help organizations understand all the data they need to protect. If you think about it, data protection architecture becomes a staging point for all data in one environment. It’s like a central repository for the data. These tools offer a lot of power.
Our architecture is a multinode cluster, but we have this idea of the Cohesity marketplace, the idea that we can run apps and services natively on top of the architecture, and they rotate as Kubernetes containers. We run apps and services on top of the architecture, which you can download and install directly on the cluster.
An example is a data classification architecture. Rather than indexing the file, server, and database names, it can actually index the contents of files. Imagine being able to go through all the files you protect and look for patterns. Knowing where this sensitive data is located can help you better understand how to secure it.