A new SSD can prevent ransomware attacks – this is the new headline in the town. A security company claims to have developed a flash drive that prevents ransomware attacks. The flash drive will save your data from being stolen or encrypted by malware. The company names the new flash drive Cigent Secure SSD+.
As per the company, it has an onboard processor that uses machine learning algorithms. It monitors access to the drive and blocks access operations after noticing bad activity. The company claims that it offers a new approach to fight ransomware attacks. It offers solutions to prevent attacks rather than performing post attack operations.
The chief revenue officer of Cigent, Tom Ricoy, says,
“Endpoint detection and response (EDR) products rely on ‘detect and respond’ after an attack has already occurred. Cigent has placed automated attack prevention as close to the data as possible – in the storage itself – where it can consistently prevent attackers from ransoming files, even if EDR has been bypassed”.
The Cigent Secure SSD+ Uses Machine Learning To Prevent Ransomware Attacks…
Cigent also offers Secure SSD devices, which protect users’ data using full-disk encryption. It offers support for multi-factor authentication. Best of all, the company uses Data Defense Software as a Service (SaaS) to encrypt data on endpoint systems fully. The flash drive can work with the Data Defense platform, meaning a company-wide lockdown will occur if it detects the ransomware.
As a result, business processes may come to a halt. The ‘Shields Up’ status requires multi-factor authentication to access files when ransomware is detected. Considering this, users can only read files, with no ability to modify, encrypt or edit. Cigent Secure SSD+ will allow IT and security personnel to monitor drives, set policies, and manage them. What’s more, users will not be able to access the protected data.
Gizchina News of the week
What Does The Expert Say About This?
The Register asks Professor Bernard Van Gastel for a comment. He says,
“From a conceptual point of view, to make this work, you should be able to detect ransomware properly and have effective measures to deal with it.”
“For the first, you can detect patterns in how a drive is being used. If all the data is being overwritten, that’s an indicator that ransomware is active. You can even detect it early if a significant amount of data is written to the drive in a few minutes.
But as with all these detection mechanisms (such as spam, intrusion detection, etc.), there needs to be proper calibration of false negatives and false positives. A false positive means that data is locked and the system is down. A false negative means that ransomware can actually work.
“For the second, you need to ‘lock’ the contents of the drive. At least make sure that no additional data is changed. But there can already be data loss because detection is always ‘after the fact.'”
Furthermore, he says the company states this in point 3 under A Few Important Notes of its datasheet. It states that the new flash drive may not offer full protection because the device contains false negatives. This functionality may take some time to activate, and some damage may be done in the meantime. With this in mind, you may have to accept the risk of system downtime due to false positives.
Moreover, you will have to maintain a good backup and recovery system. This may not solve your problems once and for all, but it will at least give you some breathing space to figure out what went wrong. Best of all, the ransomware detection in the Cigent Secure SSD+ will help businesses by large. The Cigent Secure SSD+ is obviously a good thing, but it still needs a lot of improvement.