Guidance for healthcare organizations to prevent and respond to data breaches
One of the things we’ve seen in traditional architectures is that most organizations have the same virtual machines. They have physical servers and databases that have grown so large that they can’t protect them inside their window. In many cases, they have NAS architectures, which they have traditionally protected using native NAS tools, but they don’t necessarily offer the same level of recovery or separation from cyberattacks.
To protect these different workloads, the traditional architecture had different parts and pieces, whether it was a master server or a media server, and these server-based operating systems with applications installed on it send data to different storage devices. In many cases, we have seen these servers compromised in a ransomware attack.
At Cohesity, we’ve taken all of these different parts and pieces and consolidated them into a single hyperconverged architecture. In fact, we run all of these services inside our cluster as logical entities. This bundled approach gives us several great advantages. The first is that we distribute the workload across all nodes. This allows us to backup and restore much faster than traditional architectures.
The architecture of the platform itself gives us the ability to quickly retrieve data, which is a major concern. Because it’s a node-based architecture, there’s nothing like downtime for upgrades, forklift upgrades, or outages due to software upgrades. We can add or remove nodes while it is operational. We have a host of ransomware protections built into the platform, and we have storage efficiencies to help organizations reduce the amount of data they need to store to save costs.
READ MORE: Multi-layered security is essential to health systems incident response planning.
HEALTH TECHNOLOGY: How can healthcare institutions defend data protection platforms against these attacks?
HALEY: We built an architecture designed with security in mind. It starts with a hardened architecture, where we’ve built a platform so that it leverages technologies like encryption and immutability and has capabilities for things like write-read-once-many (WORM), even architectures to support technologies like airspace. We also have a whole host of technologies in place to maintain and restrict access, so we have granular role-based access control. Not everyone needs to be an administrator. We can give people the rights they need to do what they need to do without everyone having too many rights.
We also support technologies such as multi-factor authentication. My #1 recommendation to everyone professionally and personally is to enable multi-factor authentication on everything. Everything you care about, you have to activate. This is a huge deterrent against many of the credential breaches we’ve seen. Multi-factor authentication is a huge defense against attacks. In addition to protecting data, we also help people detect abnormal activity.
HEALTH TECHNOLOGY: How can Cohesity help alert IT teams to security issues?
HALEY: We have a platform integrated with our one-stop-shop management consultancy Helios. What we do is examine every object we protect and create a trendline for each object. The trend line shows the amount of data backed up each day, the amount of changes, and files added, changed, or deleted. We also dig deeper to understand how compressible or eligible for deduplication the data is.
What we’re really doing is looking for signatures of a ransomware attack with respect to the data. The idea of creating a trend is that we understand what a normal day, a normal week or even a normal month looks like for each object in the environment. As part of anomaly detection, whenever we see something that is out of trend, we alert you to it. We also show you the latest clean save. So, we’ll show you where we detected the anomaly, and we’ll show you the last non-abnormal protection point and a list of files we discovered that were affected by it.
Generally, if you see this as a challenge, you can initiate recovery directly from the detection panel. If it’s something you were expecting – perhaps you installed a service pack or updated an app on the system – you can just ignore the anomaly. We’ve also configured it to send an alert directly to the Cohesity mobile app. It’s just another pair of eyes looking at the data, and we’re tracking it using artificial intelligence and machine learning.
DISCOVER: Find out how infrastructure upgrades helped an organization survive a ransomware attack.
HEALTH TECHNOLOGY: What can healthcare organizations look for to help them recover quickly from cyberattacks?
HALEY: We index all the data we store. We are building a searchable index. We also have a globally searchable index and inventory for all the items we protect. We have tools in an actionable methodology. We can search for something and act as soon as we find it. So we have them to help organizations understand all the data that is protected. If you think about it, the data protection architecture becomes an aggregation point for all data in an environment. It’s like a central repository for data. These tools offer great power.
Our architecture is a multi-node cluster, but we have this idea of the Cohesity market, the idea that we can run applications and services natively on the architecture, and they run as Kubernetes containers. We run applications and services on the architecture that you can download and install directly into the cluster.
An example is a data classification architecture. Instead of indexing file, server, and database names, it can actually index file contents. Imagine being able to browse all the files you protect and search for patterns. Understanding where this sensitive data is located gives you a better understanding of how to secure it.