Sign in to my dashboard Create an account

Insider threat detection tools

: NetApp and Google Cloud & insider threat detection

computer screen with lots of code on it

Share this page

Robert Cox
Robert Cox

Ransomware, malware, and phishing are realities that we’re all too familiar with. Cyberthreats have become inescapably part of our lives. Just last year, the number of attacks on corporate networks globally per week grew by 50%. It’s estimated that there are now 2,200 cyberattacks globally every day—that’s one attack every 39 seconds. With literally thousands of opportunities to infiltrate your business each day, the chance of having your data stolen, deleted, encrypted, or otherwise compromised is at an all-time high.

How to detect cyberthreats

Most of us treat cyberattacks as a new type of “stranger danger.” Just like we don’t take candy from strangers, we don’t open emails or click ads from people or companies unless we know they’re safe and trustworthy. But it’s not always strangers who pose the greatest threat; internal threats can be just as harmful.

According to Verizon’s recent Data Breach Investigations Report (DBIR), 30% of cyberattacks globally, are carried out by people within your own organization. Because they already have privileges to access your most sensitive data, these internal bad actors can sabotage your business without being detected. With the ability to delete, corrupt, leak, or otherwise misuse your data, internal attackers have the power to deliver a devastating blow.

Active threat monitoring

How do you keep your data safe from both internal and external threats? At NetApp, we suggest the following best practices to safeguard your data from attackers.

  • Know what data you have, where you have it, and who has access to it. If you don’t know what you have, it’s hard to know what’s missing after an attack. If an attack does occur, knowing the “what, where, and who” of your data allows you to quickly identify which data has been compromised. If it’s an internal attack, it can also help you narrow down who the perpetrator is.
  • Operate with Zero Trust. Never assume that users are who they say they are. Verify and validate every request for system access—no exceptions. If access privileges are granted, they should follow the principle of least privilege (users have access only to the data they need for their job and nothing more). Continuously monitor users to detect any anomalies in their behavior.
  • React instantly. It takes just seconds for a data breach to happen, and those seconds can cost your business dearly. Act quickly to block access as soon as a malicious attempt is detected. And make sure that your data is encrypted, immutable, indelible, and easily recoverable.

Insider threat detection

NetApp is tightly integrated with Google Cloud, which puts us right in the path of your data. NetApp® BlueXPTM observability services, powered by Cloud Insights integrate with NetApp Cloud Volumes for Google Cloud in a unified control plane to provide continuous monitoring of your hybrid cloud environment from behind the castle walls. Cloud Insights uses artificial intelligence algorithms to detect anomalous activity and preempt possible risks from outsiders, rogue users, and ransomware. If unusual activity is detected, you are alerted, the offending user’s access to the data is blocked, and a NetApp Snapshot™ copy of your data is made automatically. After the attack, you can also perform forensics to see exactly what was done to your data so that you know how to address any misuse. 

How do you recover from a successful attack?

If an internal attack does happen, NetApp Cloud Volumes Service for Google Cloud offers ample recovery solutions. With NetApp Cloud Volumes, you can spin up space-efficient incremental-forever Snapshot copies that are taken according to a set schedule (for example, every 15 minutes). This feature allows you to establish granular recovery points without duplicative, expensive, laborious, space-consuming backups. And unlike other recovery solutions, Snapshot copies in NetApp Cloud Volumes Service enable you to restore terabytes of data in seconds rather than hours.

For a more robust cyber resilience solution, NetApp Cloud Volumes ONTAP® extends all the security and data protection benefits of your on-premises storage to Google Cloud. You get the same backup and recovery capabilities, plus additional features such as write once, read many (WORM) file locking to protect your data from alteration and corruption. Within the BlueXP console, Cloud Volumes ONTAP integrates with our monitoring and observability services to give you a complete view of your environments. It equips you with the tools, both automated and manual, to remediate threats and anomalies before they become breaches.

The bottom line

It’s unlikely that you can prevent 100% of cyberattacks, internal or external. But with NetApp and Google Cloud, you can pair more-frequent, less-expensive backups with proactive monitoring and remediation to reduce the risk of breach, downtime, and data loss.

Tune in next time to learn how to prevent data loss with a holistic, NetApp powered backup strategy. For now, learn more about how NetApp and Google Cloud can boost your cyber resilience.

Robert Cox

Robert is a senior product marketing manager with over 20 years of product marketing and product management experience. He is focused on NetApp’s Cloud Data Services, working to enable customers to deliver business outcomes for all IT workloads in cloud, multicloud, and hybrid cloud environments. Robert is an avid cyclist and loves to be outdoors.

View all Posts by Robert Cox

Next Steps

Drift chat loading