Ransomware Defense. PHOTO: Cybercrime Magazine.

Slamming The Doors On Ransomware Gangs

MSSP GM Sectec and DMaaS firm Metallic.io partner

David Braue

Melbourne, Australia – Nov. 24, 2021

Evolving ransomware gangs have proven remarkably adept at cutting off victims’ potential lifelines — encrypting local backups to prevent them restoring unencrypted data, or directly disabling backup software in memory or on disk.

Manoj Nair calls this strategy “going after the exit doors” — and as businesses work hard to keep those doors open, they invariably end up in a cat-and-mouse game trying to defend environments riddled with vulnerabilities like the holes in Swiss cheese.

“Endpoints are everywhere and data is now fragmented,” Nair recently told Cybercrime Magazine, “and the attackers are trying to attack those holes.”

Many of their techniques are chillingly familiar to Nair — a longtime security specialist who now serves as general manager of data management-as-a-service (DMaaS) vendor Metallic.io, and has spearheaded its new partnership with managed security service provider (MSSP) GM Sectec.

“As a professional who has spent a lot of time in the security space,” he said, “I’ve been through nation-state attacks — and those techniques have now been brought forward. Every company is a target.”

Announced in October, that partnership united Commvault-backed Metallic.io — whose FedRAMP High-rated cloud backup services support on-premises, in-cloud and SaaS-based data — with GM Sectec to deliver Data Preserve, a backup and anti-ransomware service that combines cloud-based data backup with proactive security monitoring.

Designed to slam the doors on ransomware gangs, Data Preserve not only backs up customer data in the cloud but also provides an air-gapped solution that prevents ransomware from reaching and encrypting the data.

The solution also incorporates AI/ML-based malware scanning, which monitors customer data as it’s backed up and at rest to pick up on undetected threats in customer environments that could quickly become disastrous.

“Just last week, we called a customer and said ‘this user in your OneDrive has latent ransomware that’s about to explode’,” Nair said.

“That’s the kind of capability that our customers really love — and there are customers who will tell you that our software was the first thing that detected there was something going wrong in the environment.”

Avoiding unwelcome backup surprises

Joining forces with Metallic.io is a significant coup for GM Sectec, which provides 24×7 support for customers using a network of four U.S. and Mexico-based security operations centers (SOCs).

Those sites’ security teams support Data Preserve users with ongoing security monitoring and remediation, but they are about more than incident response.

In becoming the first MSSP to align itself with cloud backup provider Metallic.io, GM Sectec’s services also include proactive monitoring of data backups to ensure that data can be restored when needed — and as quickly as needed to get the business back up and running.

“If the backup fails, we can alert the customer and help them ensure that the backup is right on track,” explained GM Sectec president Hector Guillermo Martinez, who noted that the MSSP team can help evaluate recovery time objective (RTO) and recovery point objective (RPO) capabilities against customers’ business requirements.

“We can have a great backup strategy,” Martinez said, “but if we can’t provide some level of trust to the customer that they can restore with the window that they’re looking for, that’s really key — and that’s where we see that we have a unique offering.”

Too many companies assume their backups are intact and can be readily restored, only to find out too late that their backups have been corrupted and the data they rely on is unavailable.

That’s not something you’d want to discover after having your primary systems encrypted by ransomware, but it’s an all-too-common problem: earlier this year, one survey found that 58 percent of data backups fail.

“Whether they’re on tape, or on disk, or in the cloud, there has been very little expertise to get it restored,” said Martinez. “The reality is that this is something that needs support from a security perspective — so we see backup recoveries through our security lens.”

Such failures can be avoided by shifting backup towards cloud providers and building a robust backup and restore regime, Phil Goodwin, IDC research director for Infrastructure Systems, Platforms and Technologies Group, recently noted.

“To defeat ransomware,” he advised, “IT organizations need to architect a system that assures data recovery without paying a ransom. Such a system should include encryption, immutability, an air gap, a 3-2-1-1 backup strategy, and the ability to scan backups for malware.”

Data Preserve’s feature set reads almost directly from that list, providing a managed data protection platform that is, as Nair explained, “not in the customer’s environment [but] in the hardened secure control plane.”

Data “is stored, hardened, air-gapped,” he said. “It’s in the cloud, and it’s global, and you can pull your copies from there.”

The service also incorporates a customer-facing dashboard, called Security IQ, which collates key status and performance indicators from the SOC’s systems and Metallic.io platform to alert customers of significant security or data-integrity issues in real time.

“Backup is no longer part of a passive compliance conversation,” Nair said. “It is a security posture, and it is part of an active conversation.”

“We are the last mile of defense, and we’re able to give customers peace of mind that their data is now protected.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

About GM Sectec

GM Sectec with operations in 50 countries worldwide and headquartered in San Juan, Puerto Rico USA, has over 50 years of service in the technology and security vertical, with a client retention rate of over 25 years.

GM Sectec is focused on providing Managed Security Services as an MSSP. GM Sectec offers solutions and services that help accelerate business breakthroughs in the areas of managed detection and response services, cybersecurity, cyberdefense, governance, and compliance focused on managing digital risk. Our solutions are designed to detect advanced attacks and respond to them effectively, reducing business risk, fraud, and cybercrime.

About Metallic

From the minds of Commvault—ten times a leader in the Gartner Magic Quadrant—Metallic is a SaaS portfolio for enterprise-grade backup and recovery, designed to protect your data from corruption, deletion, ransomware, and any other threat out there.

Ultimate scale and proven security, so you can be free to focus on growing your business, not worrying about your data.