New data security service Metallic ThreatWise is a cyber deception technology that provides businesses with a powerful one-two-punch; first slowing attacks down by diverting bad actors toward fake assets and, second, by providing visibility into attacks in progress – helping businesses proactively contain and remediate threats before they reach their targets.
A boxer needs to have sharp eyes to spot every move that an opponent makes, quick reflexes to dodge, parry or block every blow and stamina to take the odd blow that will inevitably be landed. Unfortunately when seeking to counter cyberattacks, a large number of organisations appear to be stumbling into the ring wearing a blind fold, and are in such bad shape that it is like fighting with slow reactions and very little stamina at all.
Commvault is well known for providing award-winning back-up and recovery services, including Metallic, that allow clients to bounce back after an attack. It now also offers Metallic ThreatWise, which adds the ability to spot an attacker as it makes its first move as well as the ability to respond quickly and appropriately – long before an attacker has time to inject malware or compromise control systems.
Sharp eyes: threat detection
A worrying number of organisations are blind to threats – even long after an attack has begun. Recent research by IBM found that on average organisations take 207 days to detect a data breach and then 70 days to contain it. Even in the financial services sector, where the majority of attacks occur and where defences need to be strongest, it takes 183 days to detect a breach and a further 52 days to contain it, on average. This provides attackers with ample time to target command and control systems, to move laterally between systems, and then to escalate their access privileges and compromise critical data sets. In such situations you are always going to be on the back foot and in damage control mode. Indeed many of those reading this article may well already have been breached, but are just not aware of it yet. In effect they will have already lost the fight – even before having heard the opening bell.
While traditional data protection solutions play a critical role in recovering from attacks, they come into play when it’s too late – after data has already been compromised. By adding cyber deception to its award-winning Metallic DMaaS portfolio, Commvault is offering next-generation data protection that actively defends data and its recoverability from the moment an attack begins.
From the initial point of access, Commvault reckons that you typically have a two hour window in which to act before an attack begins to escalate. Immediate and accurate detection is essential. However, with the number of potential threats growing exponentially, many security teams find themselves swamped by the number of alerts that they get – a high proportion of which are often false positives.
When sensors are engaged or interacted with, ThreatWise issues real-time triggers that provide key stakeholders and complementary security tools (such as SIEM) with direct line of sight into malicious attempts. And since sensors are only visible to attackers, and not discoverable by legitimate users and systems, notifications are highly accurate, without false positives or alert fatigue.
Quick reflexes: deception and decoys
ThreatWise leverages patented threat sensor technology to mimic customer assets (VMs, databases, containers, and more) at scale. Hundreds, or thousands, of lightweight sensors can rapidly be deployed across entire environments in just seconds.
By covering the attack surface with indistinguishable decoys that look like and behave like real assets, Metallic ThreatWise baits bad actors into engaging fake resources. While such deception can prevent them from landing a blow, it requires instinctively accurate reflexes. This kind of deception is only as good as its accuracy. ThreatWise has the ability to cut through the noise to pinpoint recon, lateral movement, and unwanted privileged access that simply cannot be detected by conventional technology.
Containing threats and data impact through early warning:
- Mimic – Dilutes the attack surface by deploying indistinguishable fake decoys, at scale
- Trip – Draws bad actors into compromising false customer resources
- Alert – Exposes malicious activity with real-time, high-fidelity alerts
- Respond – Works seamlessly with security technology to accelerate remediation and contain threats before leakage, encryption, or exfiltration
And while traditional deception solutions can be exceedingly resource intensive, throwing the performance of your systems off balance, ThreatWise’s light-footed approach is able to fool attackers without causing system restrictions or constraints.
Stamina: staying on your feet
Organisations everywhere are recognising the need to adopt a Zero Trust / Zero Loss approach where ransomware defence is built on end-to-end data visibility, broad workload protection, and rapid business response. End-to-end data visibility ensures that organisations are able to catch threats before they impact their data.
“If you’re not actively adopting a Zero Trust / Zero Loss approach then you’re letting your guard down – making you vulnerable to a knock-out blow at any moment”
Commvault offers a unique multi-layered approach to data protection combining advanced indicators to contain threats before leakage, encryption, or exfiltration, with fast, granular restoration for stronger business continuity.
Continuing to expand and enhance its Intelligent Data Services Portfolio as it seeks to change the game when it comes to addressing security threats, including ransomware, Commvault has not only introduced Metallic ThreatWise for early detection through cyber deception, but it has also expanded its file anomaly framework to detect malicious applications that may evade traditional detection methods by posing as safe file types (included in its Platform Release 2022E).
This ensures that organisations are able to survive round after round of combat without ever being knocked out. And Metallic’s per-user pricing model means that not only are large organisations able to take on all comers, but small and medium sized ones can punch way above their own weight to do so as well.
Try the Metallic ThreatWise guided demo here: https://bit.ly/threatwise-self-guided-demo