Infinidat is working to make it harder for cybercriminal groups to launch quiet attacks on data estates, especially within the AI ecosystem and LLMs. Its latest effort, “a cyber-focused recovery-first strategy” approach strikes at the heart of the menace.
Cybersecurity has risen to be the second biggest concern of CEOs in 2024. The growing engagement with AI has ignited opportunities for attackers to exploit GenAI technologies and LLMs with data poisoning, prompt injection and other novel attack techniques.
According to Cybersecurity Ventures, cybercrime damage costs will total $9.5 trillion this year, catapulting global security spending to $1.75 trillion by 2025. North America alone accounted for approximately 51.3% of total data security market in 2023, finds Futurum Intelligence research.
Bill Basinas, senior director of product marketing, while presenting two newly-added solutions to the InfiniSafe cyber stack at the AI Data Infrastructure Field Day event, said, “On average, companies face about 22 days of downtime. However, some companies can be incapacitated for months depending on attack severity and complexity.”
For so long, data protection has been known to be the fulcrum of cybersecurity. But in face of evolving attacks, it does not guarantee business recovery, making it insufficient.
Highlighting the alarming boldness of the attackers, Basinas said that more needs to be done to be able to rebound successfully from an attack.
“We’ve learned how to protect data as an industry pretty well over the last 40 or 50 years. Now, given the fact that things are so cyber-centric, we have to think about business recovery, not data recovery.”
Narrowing the Threat Window
Infinidat’s recovery-focused solutions are designed to enable fast action and clean recovery in attack scenarios. It ties back to everyday things as well as those that enterprises are doing within their AI environments and LLMs, said Basinas.
Included in the InfiniSafe technology are two features that Basinas highlighted as pivotal to the core product. By default, InfiniSafe provides data immutability making it impossible for cybercriminals to tamper with files.
“We’re truly immutable,” he emphasized. “What that means is, we’ll put safeguards in there, as well as immutable snapshot by default that’s only maintained for three days, but can now be extended to as much as you want.”
“But again, the whole idea of immutability is you’re not keeping it around for months or years,” he added.
Data protection for Infinidat is “not about just doing an immutable snapshot every so many hours and leaving gaps.” It is about building the resilience to mobilize a swift response effort, no matter the scale of the attack.
“Today so many storage cyber solutions are focused just on the storage silo itself. We’ve decided that we need to integrate further out into the security ecosystem, and integrate and use as trigger points, everything else that might be going on within that attack plane,” said Basinas.
Released this year, the InfiniSafe Automated Cyber Protection (ACP) solution integrates with a host of cybersecurity applications like Security Operations Center (SOC), Security Orchestration, Automation and Response (SOAR) and Security Information and Event Management (SIEM).
“ACP provides container-based code that allows us to very easily and simply integrate into the rest of the security infrastructure. Whatever the company wants, QRadar, Splunk – we integrate it all,” said Basinas.
Leveraging their real-time monitoring capabilities, ACP, Infinidat says, works at “the speed of compute” triggering snapshots based on alerts produced by the SIEM and SOAR solutions in the environment. Immutable snapshots are produced instantaneously across a single volume to an entire storage system. This allows it to prevent data corruption from proliferating.
In 2023, Infinidat added Cyber Detection as a software add-on option in InfiniSafe. Cyber Detection covers security blind spots with proven cyber-protection capabilities like deep scanning and forensic analytics.
Developed in partnership with Index Engines, InfiniSafe Cyber Detection is a highly recommended solution for those who require enhanced level of detection. Together with ACP, it works to further shrink down the threat window.
InfiniSafe Cyber Detection leverages Index Engines’ content-level scanning technology. This includes 200 different pattern matching, technology analysis and entropy scoring, which allow it to detect different levels of change in the data.
Cyber Detection automatically lines up the immutable snapshots supplied by ACP for scanning. Multiple AI-based scanning engines validate the integrity of the data, and surface malicious changes and edits using machine learning to indicate a compromise.
If the system detects a threat, it warns the administrators flagging the problem environments as red. An auto-generated forensic report shows where the compromised data is located.
Cyber Detection has a 99.5% accuracy score, according to Infinidat. “Accuracy is key because what you don’t want when you’re analyzing data is so many false positives that the results become useless.”
With ACP and InfiniSafe Cyber Detection’s twin capabilities, a rapid rollback to the known clean copy of data can save tens of hours of downtime and enable a swift recovery to normal business operations without going through the prolonged iterative process of data validation. “Minutes can mean millions of dollars,” said Basinas.
Check out Infinidat’s presentations from AI Data Infrastructure Field Day to learn more.