Reading Time: 4 minutes

We’re creating, storing, accessing, and sharing data faster than security can possibly keep up. And, while we’re not looking, wickedly criminal characters are finding new ways to access, compromise, steal and ransom the data that matters most to us.

Between the threats of malware, ransomware and unauthorized access to data, and the multiple possible entry points into your file network, data security is a very big deal.

It’s easy to put ransomware down to a business problem - a matter of demand and supply. They lock your data up and issue a demand... and you supply by paying the ransom.

That doesn’t begin to cover it, though.   The expectation of data security puts enormous pressure on your IT teams, who often operate with budget limitations. The sheer impossibility of plugging all possible entry points into your network takes an incredible toll on them.

Is it even possible to put together impenetrable data protection when you’re dealing with data that needs to be accessible?

It’s that very data - the files that you’re dealing with right here and right now - that presents such an attractive target to cybercriminals.

The persistence, pervasiveness, and documented success of ransomware attacks would suggest it’s tough to mount a complete first-line defense, even within well-resourced organizations.  When attackers are sophisticated enough to modify the ends of mobile charging cables or USB sticks, and software is intelligent enough to wait quietly on laptops until they’re connected to a larger network, it’s unlikely that preventing malicious software from attacking a network is even possible.

If we accept that as true - and given the credentials of some of the organizations that have fallen prey to ransomware infection, that seems a reasonable assumption - what can IT teams do to protect data?

Data Defense

The first line of defense - the perimeter - may not always be able to reliably repel invaders.   Virus and malware protection is very likely to detect and stop threats that arrive through channels like email, but they’re far less effective against code inserted directly into your network.

That means the next line of file system defense needs to be able to detect and stop them as quickly as possible.

Varonis provides both proactive and reactive layers of defense.  They secure unstructured data from unauthorized access and cyberthreats by analyzing data access for both on-premises and cloud data stores, authentication events, and perimeter telemetry.

Machine learning algorithms learn and understand user behavior to detect behavioral abnormalities that could indicate a threat, and help mitigate the impact of breaches by locking down open access to data at scale.

Varonis catches malware that traditional perimeter security doesn’t see. The platform provides early detection by monitoring and alerting on suspicious activity and behaviors and automatically shutting down compromised accounts, limiting the amount of recovery effort required.

Additionally, Varonis lets system administrators easily monitor and analyze user activity, map out permission structures, to help find exposed folders, stale data, or inactive accounts that are still enabled, allowing them to monitor and proactively close potential entry points.

Data Protection

While a robust defense can detect and stop attacks rapidly, considerable and sometimes irreparable damage can still be done to data.   If you’re running legacy storage that includes replicated data in backup sets, with additional disaster recovery data stored offsite, then recovering data is usually possible.

However, it’s slow, and frequently subject to substantial data loss as you’re forced to restore data that can be days old.

It’s essential that critical business data is as close to invulnerable as it can possibly be. That is, if your environment is attacked, and even accessed, the data itself will not fall.

It will not be encrypted by ransomware or malware, and it will not be read by those who have accessed it.

Panzura makes data impervious to ransomware by storing it in an immutable form and further protecting it with read-only snapshots.

With Panzura, once data is in the cloud object store, it cannot be changed, overwritten, or damaged in any way.   File changes are written as new data blocks, which have no effect on existing data.  As new data is saved, Panzura’s global file system updates file pointers to record which data blocks comprise a file at any given time.

Panzura then takes lightweight, read-only snapshots at the file system level, at configurable intervals. This provides a granular, point-in-time ability to recover any data, by restoring from the applicable snapshot. Individual files, folders, or even the complete file system can be restored in this way.

Because both the snapshots and the data itself are immutable, ransomware attacks do not damage files in the Panzura global file system.  Instead, attacks are shrugged off by quickly reverting back to previous data blocks, to make up uninfected files.

This limits potential data loss to the elapsed time between snapshots.  Panzura also takes user snapshots to synchronize data from each location to the cloud object store every 60 seconds, so these can be used to restore to an even more granular state.

Separately, Panzura encrypts data both at rest and in flight between Panzura filers and the object storage.   Data at rest is encrypted using AES 256-bit algorithms. Data in transit is encrypted using TLS 1.2.   As a result, your files cannot be read in the event of a data breach, as only your organization holds the decryption key.

This is crucial for keeping intellectual property and sensitive data from falling into unauthorized hands.  It’s also vital for guarding against an increasingly popular ransomware threat; publicly releasing data unless the ransom is paid.

Protecting and Defending Even the Largest Data Sets

Together, Panzura CloudFS and the Varonis Data Security Platform can help enterprises and organizations modernize, manage, protect, and defend their file and storage infrastructure.

Teams are empowered to work across sites while using any compatible object store as their single authoritative data source.

With latency-crushing file performance and local networking technology such as real-time file locking, and immediate data consistency across the entire network,  IT departments can manage one set of secure and protected data in a resilient file system.

The joint solution is available with the release of CloudFS 8 Defend from Panzura, and Version 8.5.20 from Varonis.