Let's take a closer look at these claims of anti-ransomware SSDs

Trending 5 months ago

A information institution is claiming to person developed a flash thrust pinch built-in ransomware prevention support that tin protect immoderate information stored connected it against being stolen aliases encrypted by malware.

We're beautiful judge we've heard claims of this sort of point before, truthful we took a person look astatine this latest stuff.

The Cigent Secure SSD+ has an on-board processor that uses instrumentality learning algorithms to perpetually show disk accesses and will measurement successful to artifact entree if it detects ransomware activity, we're told.

Cigent besides claims this differs from existing approaches to combating ransomware by providing organizations pinch a preventative solution alternatively than tackling an onslaught that has already happened.

“Endpoint Detection and Response (EDR) products trust connected ‘detecting and responding’ aft an onslaught has already occurred,” nan company’s Chief Revenue Officer Tom Ricoy said successful a statement.

By contrast, he claimed, “Cigent has put automated onslaught prevention arsenic adjacent to nan information arsenic imaginable – successful nan retention itself – wherever it tin consistently forestall attackers from ransoming files, moreover if EDR has been circumvented.”

Cigent already offers a Secure SSD statement that safeguards information done full-disk encryption and support for multi-factor authentication, positive nan institution sells a Data Defense Software arsenic a Service (SaaS) level to protect information connected endpoint systems.

We asked Professor Bernard van Gastel of nan institute for computing and accusation sciences successful Nijmegen successful nan Netherlands really plausible he thought it would beryllium to group thing for illustration this up.

Prof van Gastel told america he could reply "from a conceptual standpoint" and added: "To make thing for illustration this workable, you request to (1) decently observe ransomware (2) person effective measures to enactment connected it.

"For nan first one, you tin observe patterns successful really a thrust is used. If each nan information is overwritten, that is simply a parameter that ransomware is active. You tin moreover observe it early on, if successful a fewer minutes a important chunk of information connected nan disk is being written. But arsenic pinch each these discovery mechanisms (such arsenic pinch spam, intrusion detection, etc), location needs to beryllium due calibration of mendacious negatives and mendacious positives. A mendacious positives intends information is locked, and nan strategy will person downtime. A mendacious antagonistic implies ransomware tin really work."

"For nan 2nd one, you request to 'fixate' nan contents of nan drive," nan professor added. "At slightest make judge nary further information is being modified. But location tin already beryllium information loss, because discovery is ever 'after nan fact'."

He said nan institution itself indicates this "in constituent 3 nether 'A Few Important Notes' of their datasheet. So it is not afloat protection, because location mightiness beryllium mendacious negatives and tin footwear successful excessively precocious truthful immoderate harm is already done. And it tin costs you readiness of your systems because of mendacious positives."

Prof van Gastel cautioned that: "In nan end, you still request precocious value backup and betterment procedures. So I would not position specified an caller attack arsenic a metallic slug that solves ransomware. But we unrecorded successful a non-perfect world, successful which backups and betterment procedures are often not moving arsenic they should. Therefore this benignant of ransomware discovery connected a thrust tin work, and I spot it mightiness thief organizations successful practice."

Brian Honan of BH Consulting echoed this statement of caution, saying: "I person to opportunity I americium sceptical of these claims not slightest that nan enactment of encrypting information arsenic portion of a ransomware onslaught is nan past measurement successful a agelong concatenation of events. Before this happens your systems are already compromised and your information whitethorn person been exfiltrated.

"So arsenic pinch everything successful information location is nary 1 metallic slug to protect our systems but it requires galore different layers of defense."

Services tie-in

It would look that nan Secure SSD+ is really designed to activity pinch nan Data Defense platform, arsenic nan institution reckons this lets it initiate a company-wide lockdown of information successful consequence to ransomware being detected.

This triggers a “Shields Up” position that automatically requires multi-factor authentication successful bid to entree each protected files, Cigent said, while nan thrust itself tin optionally beryllium put into read-only mode to protect information from being modified, wiped, aliases encrypted.

Cigent told The Register that each Secure SSD+ includes a customer licence for nan Cigent Data Defense software.

Meanwhile, nan Data Defense SaaS level allows IT and information unit to show and negociate nan drives and group policies, reset PINs, arsenic good arsenic person ransomware alerts, Cigent said.

It tin besides beryllium utilized to negociate Data Defense package crossed nan remainder of nan organization’s PCs and trigger “Shields Up” position to protect them from ransomware, moreover if they don't person a Secure SSD+ drive.

Secure SSD+ is said to person safeguards against information controls being disabled, namely an embedded “storage firmware heartbeat” that detects if nan Cigent package is disabled. Access to nan protected information is blocked successful this situation, we're told.

Planned updates are group to see features to forestall nan thrust from being cloned, wiped, aliases accessed if nan strategy is booted from different disk.

Cigent’s CEO and co-founder John Benkert is simply a seasoned of USAF Intelligence and nan NSA, according to nan institution website, and besides CEO of information betterment outfit CPR Tools. The institution targets some commercialized and nationalist assemblage organizations, including authorities bodies.

We asked Cigent for immoderate much specifications connected nan Secure SSD+ and its on-board processing. The institution told america that it uses a dedicated MCU (microcontroller unit) to inspect debased level telemetry information from nan SSD controller, analyzing it pinch instrumentality learning algorithms for indications of ransomware activity.

The MCU is abstracted from nan SSD controller, but links to it via a dedicated communications autobus abstracted from nan information pathway. This is designed to guarantee nan thrust is capable to support performance, Cigent said.

By analyzing nan stored telemetry extracurricular of nan SSD controller, location is virtually nary effect connected normal read/write operations, it claims.

However, nan merchandise datasheet is somewhat ray connected specifications, not indicating nonstop read/write performance. Cigent did corroborate nan drives will beryllium disposable successful capacities of 480GB, 960GB and 1920GB erstwhile they are fresh for purchase, group to beryllium sometime successful May 2023.

The datasheet does disclose that nan Secure SSD+ ships successful a M.2 2280 double-sided shape factor, meaning it is 22mm wide by 80mm successful magnitude and whitethorn not fresh immoderate ultra-thin laptops.

Professor Alan Woodward, a machine intelligence astatine nan University of Surrey and a information expert, told america that this instrumentality looks for illustration a fascinating concept, but that it raises respective questions.

  • Diving DRAM prices are a problem not moreover AI tin solve
  • Enter Tinker: Asus pulls retired RISC-V committee it hopes trumps Raspberry PI
  • Lonestar bags $5m successful seed backing for lunar datacenter project
  • Asus' latest single-board machine packs a 12-core, 4.5Ghz Intel i7

“What precisely is nan connected committee AI monitoring? Is it looking for patterns that look for illustration malware? I wonderment conscionable really effective this attack is. AI and instrumentality learning are making headway into stopping malware of each sorts but it’s not 100 percent accurate,” he said.

Indeed, that footnote successful nan datasheet warns that “a mini percent of files whitethorn beryllium encrypted by nan ransomware earlier nan thrust countermeasures respond.”

But Cigent claims that its instrumentality learning algorithms person been proven and tin supply protection moreover against newer ransomware, while nan discovery sensitivity tin beryllium dynamically tuned to trim mendacious positives.

Prof van Gastel added: "Such a ransomware discovery needs to beryllium proven successful time. This each assuming they decently implemented this. As I recovered pinch my erstwhile SSD research, galore implementations are lacking. Reference implementations that are audited by an outer statement are basal to summation spot successful nan correct working."

The datasheet besides specifies that Secure SSD+ needs to beryllium installed arsenic nan footwear thrust successful an endpoint system, and support presently includes only Windows, but Linux support is coming soon.

Drives that merge immoderate processing capacity successful this measurement are sometimes regarded arsenic an emerging section labelled Computational Storage. A emblematic illustration is Samsung’s SmartSSDs. Such devices whitethorn on-board a CPU, FPGA aliases ASIC to supply acceleration of immoderate retention functions, specified arsenic compression, decompression aliases erasure coding. ®