Opti9, a leading hybrid cloud solutions provider, announces the results of its cybersecurity validation assessment, conducted by CyPROS, a leading provider of penetration testing, and threat protection services. Opti9 engaged CyPROS to substantiate the effectiveness of their Observr product, a SaaS tool which detects the presence of attackers within organizations’ backup environments, helping to prevent an attack before it starts. CyPROS findings confirm the effectiveness of Observr, provided suggestions for how it can be effectively implemented by organizations to help detect & prevent attacks, and recommended feature enhancements for future versions.
Recommended CIO Influence Article: The AI-security Paradox: A Human Story of Security and Privacy
By focusing and providing threat detection capabilities that can be ingested by common SIEM & MDR platforms, Observr bridges the gap between BCDR and security teams, yielding higher levels of resilience, says Sagi Brody, CTO of Opti9.
According to the 2023 Global Report on Ransomware Trends, 93% of ransomware attacks specifically target backup data and infrastructure to destroy any possible recovery capabilities before initiating the attack, increasing the likelihood of securing a ransom payment. Observr by Opti9 is an anomaly detection service that seamlessly integrates with Veeam, the #1 Data Replication and Protection Software Worldwide, and was built to address this and other threats. Observr utilizes machine learning to baseline, monitor, and identify suspicious activity within the backup infrastructure. In doing so, Observr can detect the presence of an attacker within the backup infrastructure attempting to modify and destroy recovery options, helping organizations stop an attack before it starts.
The results of the validation assessment conducted by CyPROS are published in a reported titled, “Thwart Cyberthreats: Evaluation Report of the Opti9 Observr.” The report summarizes its findings and recommendations from multiple scenarios conducted in January and February 2023. During that period, CyPROS’ team of elite white hat hackers mimicked attack workflows and techniques known to be employed by bad actors. The test scenario included common deployments of Veeam Backup & Replication™ software typical of enterprise environments. Among other things, CyPROS confirmed that in-line change-rate based detection, such as those being added to some backup products, is ineffective at identifying a ransomware in progress. Furthermore, it is a reactive alarm, only notifying an organization after their systems have started to be infected. Instead, focusing on the backup control-plane is a far more effective means to detect activities that typically precede the attack.
Top InfoSec News: Rapid7 Announces Industry-First Solution for Holistically Visualizing and Reducing Cyber Risk in Hybrid Environments
“Backup environments themselves are a new attack surface under the microscope of nefarious actors. Organizations have a false sense of security related to their ability to recover from Ransomware and other attacks,” said Sagi Brody, CTO of Opti9. “By focusing on this exposure point, and providing threat detection capabilities that can be ingested by common SIEM & MDR platforms, Observr bridges the gap between BCDR and security teams, yielding higher levels of resilience.”
CyPROS’ report identifies Opti9’s Observr as the only product on the market that they know of, that specifically focuses on the backup environment itself, an emerging attack vector. CyPROS confirmed functionality of Observr’s threat detection capabilities, including suspicious deletion events, job modification, retention modifications, job deletion, and many others. Additionally, CyPROS provided Opti9 with a list of additional activities to monitor as part of its threat detection engine to provide additional granularity.
CIO INFLUENCE News: Future Ready Leadership: Fostering the Success of Emerging Leaders
[To share your insights with us, please write to sghosh@martechseries.com]
