Nasuni and Varonis Deliver the 3 Key Steps to Protect Your Data from Ransomware

Hardly a day goes by without a ransomware attack in the news. Ransomware can impact everything from our utility companies to our hospitals and is affecting our way of life.

These are scary times, but it doesn’t have to be that way. Ransomware isn’t new, and while it continues to adapt to become more sophisticated, so do anti-ransomware solutions like Nasuni and Varonis. Sophisticated data security, detection, and recovery systems can make losing company assets a thing of the past, and IT managers and executives can mitigate or prevent ransomware attacks with the right solution.

Complex Infrastructure Provides a Wide Attack Surface

Today’s complex corporate IT infrastructure provides multiple attack vectors for malware. Public cloud services, private cloud, on-premises servers and storage, as well as mobile devices all can make corporate systems and data more vulnerable. With a single user having access to 17 million files on average, the potential to do damage—the blast radius— is massive, even with basic permissions to data. All it takes is one compromised user to do a lot of damage.

To limit and control these attacks, the Nasuni and Varonis joint solution delivers three key components: prevention, detection, and recovery.

• Prevent and limit attacks by identifying sensitive data and removing excessive access to reduce the blast radius and mitigate the potential damage done by a single compromised user.
• Detect live attacks with intelligence to identify malicious activity with automated responses to stop rogue behavior and bad actors in their tracks.
• Recover quickly by identifying all impacted files with a comprehensive audit trail of events and restoring backups to minimize impact to business productivity.

Varonis’ advanced security detection and prevention systems, combined with Nasuni’s immutable file system and nearly instant recovery, provide a joint integrated solution to keep your data safe.

Let’s see how.

Figure 1: Varonis’ data-first security model

Prevention: The Nasuni UniFS™ File System and Varonis access management

Prevention is the first step to ensuring that your files are protected. By eliminating excessive access to data, you can minimize the blast radius of an attack, which is the damage that a single infected user can cause.

Varonis automatically identifies where sensitive data lives in your Nasuni File System, who has access, and what permissions they have. Varonis monitors data activity and can uncover where access is no longer needed. Users can make permissions changes to data residing in Nasuni, as well as their other critical data stores, right from the Varonis UI.

Nasuni prevention capabilities start with a file system that provides immutable protection—each and every file change is protected in the cloud. This ensures that your data is safe – and always available if you ever need to recover. Traditional file systems, like those of legacy Windows File Servers, are generally insufficient to provide this type of protection.

And yes, there is such a thing as immutable protection. Nasuni employs its global UniFS™ cloud-based file system to protect files with the highest levels of security and encryption in your cloud provider of choice. In UniFS, every snapshot can be retained infinitely as an immutable object in the file system. Users can take unlimited snapshots at configurable intervals, saving only changes in order to minimize storage requirements. Changes to files are written in write once, read many (WORM) format. Thus, files cannot be destroyed with encryption or otherwise modified because changes can be written only once. Period. This is immutable data.

Detection: Varonis Monitoring and Intervention

Even with the most secure file system in place, it’s clear that ransomware still somehow manages to infiltrate other components of the infrastructure, like e-mail systems, stolen credentials, or the network itself. The next step, a very key step, is to detect the attack as soon as possible, followed by restoring the affected data.

Varonis, an all-in-one data security platform, handles the roles of threat detection and response in your ransomware defense arsenal. The Varonis Data Security Platform monitors data activity in your Nasuni environment and uses advanced machine learning algorithms to learn how people access and use data. Varonis establishes baseline behavior profiles and alerts to any deviations from that baseline to detect and report on potential threats.

For instance, Varonis can detect ransomware by identifying when a user behaves in a suspicious or automated way. Suspicious behavior may include a user making rapid operations against a large number of files in a short period of time, such as accessing, encrypting, renaming, downloading, or deleting files. The attacker’s ultimate goal is to encrypt and exfiltrate significant amounts of sensitive data to hold for ransom. Varonis aims to detect and stop them before they can even complete step one of that process.

Here is an example of how the joint solution from Nasuni and Varonis proactively protects your data from ransomware with automated responses:

1. Detect an intrusion or suspicious activity, identify the compromised user and files, and send an alert.
2. Automatically log off the user, or disable the account to minimize impact.
3. Identify infected files with Varonis’ advanced forensics and, using Nasuni’s infinite versioning and unlimited snapshots, restore the data quickly from any historical point in time. (Literally millions of files in just seconds or minutes)
4. Re-enable the user account and allow the user to log back in.

Varonis not only monitors data activity but also collects access activity related to authentication, access, and other directory services. This data is analyzed and put in context with perimeter telemetry like VPN, DNS, and web activity to determine how attacks are getting into and perpetuating throughout the environment.

Recovery: Nasuni’s Rapid Ransomware Recovery

Nasuni’s powerful recovery features permit the quick recovery of data across any number of sites in a matter of seconds using several key components illustrated in Figure 2:

• Immutable data protection with the UniFS file system. As noted previously, no ransomware, malware, or virus can ultimately destroy the data as all changes are protected in immutable copies in the cloud.
• Nasuni provides infinite file versioning and unlimited snapshots to efficiently scale along with your cloud storage capacity. Because snapshots capture incremental changes only, protected data traversing to the cloud is minimal.
• When an attack occurs, users can recover just the impacted files by dialing back the filesystem to the very moment before the attack occurred. This process takes seconds because there’s no actual transfer of data involved.

This achieves recovery time objectives (RTO) of seconds, and recovery point objective (RPO) down to the minute, to both keep productivity going and minimize data loss.

Figure 2: Nasuni architecture

Combined with Varonis’ full audit trail of data activity, you can quickly and efficiently pinpoint impacted files to apply Nasuni’s rapid ransomware recovery and provide a detailed report of the incident.

Conclusion

The three pillars of Prevention, Detection, and Recovery means that you can secure your data against the latest threats and recover quickly without risking data loss or ever having to pay ransom to regain access to your critical business data.

Learn more about how Nasuni and Varonis work together to protect your business from ransomware.