5 Top Storage Area Network (SAN) Security Trends in 2022

Despite the rise of the cloud, Storage Area Networks (SANs) remain the backbone of many enterprises. They are used to store massive amounts of data and deliver it to a wide range of users across the organization.

SAN security has become increasingly important in recent times, given the tendency of cybercriminals to break into just about every nook and cranny of the enterprise. Here are some of the key trends in SAN security:

1. SANs are vulnerable

Gil Hecht, CEO of Continuity, points out that SANs are just as vulnerable to cyberattacks as the rest of the infrastructure. This is a change from years ago when SANs were considered back-end systems that were not under much threat. That has completely changed.

“Some ransomware — Locky and Crypto — now bypass parameter systems altogether and go straight to the core of the data center, such as storage and backups,” says Hecht. “This has forced storage teams and CISOs to rethink potential holes in their safety nets, by reviewing their primary and secondary storage systems.”

2. SAN security is mission critical

There is always a lot of emphasis on firewalls and securing the obvious networks and communications infrastructure. But enterprise storage is now business-critical as well. It’s where the data lives, that’s the lifeblood of the organization.

“All businesses should be able to quickly recover data from their primary and secondary storage sources as part of an effective cyber resilience strategy,” said Hecht.

3. Check for common storage issues

Hecht added that most vulnerability scanners and patch management systems focus on operating systems and applications. They are good at identifying the presence of Common Vulnerabilities and Exposures (CVEs), misconfigurations, and other vulnerabilities in operating systems and apps. But they typically lack such issues found in SANs, backup systems, and other storage technologies.

Some of the most common vulnerabilities and misconfigurations discovered in storage systems, according to Hecht, are:

  1. Use of storage-sensitive protocols or protocol settings. Cybercriminals can use such configuration errors to retrieve configuration information and stored data, and in many cases they can also tamper with the data itself, including the copies used to protect the data.
  2. Unaddressed storage CVEs. Each CVE describes the potential exposures and outcomes it presents – and these span a fairly wide range. Among the identified risks were the ability to exfiltrate files, perform denial-of-service attacks, take ownership of files, and block devices.
  3. Insecure user management and authentication. This allows cybercriminals to take full control of the storage device, up to and including exfiltration and destruction of the data and its copies.
  4. Improper use of ransomware protection features. Limited or no protection against ransomware, cybercriminals can easily bypass or disable protection mechanisms.

Tools are now available that are designed to find such areas of risk.

“Scanning your storage environment for vulnerabilities and security misconfigurations is a critical part of a storage security strategy,” said Hecht.

4. Recovery is vital

Ahsan Siddiqui, director of product management for Arcserve, advises anyone using a SAN to ensure their security plan includes a robust data backup and recovery strategy to keep the organization operational after a ransomware attack. However, this may not be enough as cybercriminals realize that organizations depend on backups, so they now target all copies of backup data, including primary, secondary, and backup data, and then encrypt the primary data.

Organizations therefore better establish a proper recovery process for SAN data, including adequate protection for their backups.

5. Air gap

A good way to protect SAN data is through extensive backups and the use of airgapping.

“One of the most practical and effective ways to protect backup data against a ransomware attack in a SAN is air gap,” says Siddiqui. “The beauty of airgapping is that it makes it nearly impossible for ransomware to compromise data backups.”

There are two types of air gaps. The first is traditional, physical air-gapping, where an organization disconnects its digital assets from all other devices and networks, creating a physical separation between a secure network and another computer or network. Using a physical air gap, organizations store backup data on media such as tape or disk and then completely decouple this media from their production IT environment.

The second type of air gap is called logical air gap. A logical air gap relies on network and user access controls to isolate backup data from the production IT environment. It is like a one-way street in which data is pushed to its intended destination, be it a local storage device or a custom device. The key here is that the control and management of that data, such as how it is kept or who can change it, is not available through the same system or path. Anyone who wants to manage or change the data must go through completely different authentication channels.

Leave a Reply