Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

GigaOm Sonar Report for Block-Based Primary Storage Ransomware Protectionv2.0

An Exploration of Cutting-Edge Solutions and Technologies

Table of Contents

  1. Summary
  2. Overview
  3. Considerations for Adoption
  4. GigaOm Sonar
  5. Vendor Insights
  6. Near-Term Roadmap
  7. Analysts’ Take
  8. Report Methodology

1. Summary

Ransomware is a specific type of malware that encrypts data assets on primary storage systems—including file shares, databases, disk partitions, data volumes, backup systems, and repositories—making them inaccessible unless the victim pays an extortion fee. Ransomware is highly optimized to spread across organizations via networks and infrastructure systems through methods similar to Trojan malware attacks. The ransomware payload is embedded in a file that looks legitimate and is triggered by an unsuspecting user opening the infected file. Usually, it will spread across the environment by taking advantage of user credentials, along with documented and undocumented exploits, bypassing the limited access scope of a user. Thus, ransomware protection is a transversal, cross-stack topic of discussion across organizations.

Ransomware attacks can impact file- and block-based primary storage solutions alike:

  • File-based ransomware attacks are the most pervasive. Advanced file-based ransomware implementations use a combination of techniques to remain unnoticed and spread silently. For example, they may start encryption activities a few weeks or months after a system has been infiltrated, or they may first target dormant files that haven’t been accessed for a long time.
  • Block-based ransomware attacks, while less common, can be even more damaging. Ransomware encrypts entire data volumes, making recovery much harder than for file-based attacks. The entire volume must be recovered, which offers less granularity and fewer recovery prioritization options than for file-based recovery activities. These attacks, however, are quicker and easier to detect because once a volume is encrypted, all read/write operations become impossible.

One Sonar report focuses on ransomware protection solutions available for file-based—or network attached storage (NAS)—primary storage systems; a sister report covers solutions for block-based primary storage.

Figure 1 shows the vendors and primary storage systems covered in each report.

Figure 1. Vendors Included in Each GigaOm Sonar for Primary Storage Ransomware Protection

Although dedicated out-of-band ransomware protection solutions exist, organizations should not underestimate the benefits of in-band ransomware protection capabilities embedded in NAS and block-based solutions. The most effective mitigations include a combination of in-band and out-of-band capabilities, but for smaller businesses or very cost-conscious organizations, NAS and block-based ransomware protection solutions constitute an important first line of defense.

Benefits of ransomware protection on NAS and block-based solutions include:

  • Faster recovery from a ransomware attack than backup restores can provide, usually measured in minutes instead of hours or days, thanks to snapshots. This quick recovery is particularly crucial for mission-critical applications that can’t withstand prolonged downtimes.
  • Greater ease of use delivered because reverting to a healthy snapshot takes considerably less effort than identifying and orchestrating data recovery from a data protection platform.
  • Cost-effective protection and recovery operations: NAS and block-based ransomware protection solutions are usually provided at no cost and deliver a very effective protection layer. Furthermore, fast local recovery from ransomware using ransomware solutions is cheaper than recovery using data protection systems, from both an elapsed time and a human effort perspective. In addition, organizations avoid paying any potential egress transfer fees when restoring from the cloud.

These GigaOm Sonars provide an overview of file-based and block-based primary storage ransomware protection vendors and their available offerings, equipping IT decision-makers with the information they need to select the best solution for their business and use case requirements.

About the GigaOm Sonar Report

This GigaOm report focuses on emerging technologies and market segments. It helps organizations of all sizes to understand a new technology, its strengths and its weaknesses, and how it can fit into the overall IT strategy. The report is organized into five sections:

Overview: An overview of the technology, its major benefits, and possible use cases, as well as an exploration of product implementations already available in the market.

Considerations for Adoption: An analysis of the potential risks and benefits of introducing products based on this technology in an enterprise IT scenario. We look at table stakes and key differentiating features, as well as considerations for how to integrate the new product into the existing environment.

GigaOm Sonar Chart: A graphical representation of the market and its most important players, focused on their value proposition and their roadmap for the future.

Vendor Insights: A breakdown of each vendor’s offering in the sector, scored across key characteristics for enterprise adoption.

Near-Term Roadmap: A 12- to 18-month forecast of the future development of the technology, its ecosystem, and major players of this market segment.