IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Defend your data with Commvault's Metallic ThreatWise
Tue, 28th Feb 2023

Threats to an organisation's data is an ever-evolving threat that requires ever-evolving solutions. Data is not just important to organisations; it is their 'crown jewel', and taking every step to protect it is vitally necessary.

With how attacks and ransomware are evolving, being alerted to a threat before it happens can provide crucial information about not only the identity of the attacker but what and how they got into an organisation's system. In addition, being able to surface unknown and zero-day attacks before they reach your data could save time and resources. 

However, what if there was a way to deceive possible threats and stop them before they can do anything? Metallic Threatwise from Commvault uses three core elements of Cyber deception, an active defence technology. 

1. Threat Sensors

First, it slows attacks down by diverting them toward fake assets, and second, it simultaneously provides high-fidelity insights into potential attacks in progress.

These fake assets not only divert attackers away from an organisation's real data, but they also act as threat sensors. Threat sensors are highly versatile, lightweight decoys that are capable of mimicking any resource at scale (i.e., databases, containers, VMS, and more).

Metallic ThreatWise Threat Sensors are only visible to bad actors. When engaged/interacted with, they deliver a direct line of sight into threat activity to accelerate remediation efforts – and contain threats before they reach an organisation's data. Metallic ThreatWise's sensors provide fast and reliable information with instant visibility and, importantly, without false positives. 

2. Full-system Sensors

Metallic Threatwise Full System Sensors are a modern implementation of honeypots that offer unlimited interaction and complete attack monitoring. Honeypots are security mechanisms designed to detect, deflect, or counteract attempts at unauthorised use of information systems.

The benefit of these sensors is that they can be deployed via the TSOC and are based on real Windows / Linux systems. For example, when a Windows Full System Sensor is deployed, it can monitor and record both inbound and outbound activity, including tracing connection attempts from the sensor to another endpoint or the internet.

3. Lures

Metallic ThreatWise Lures are objects deployed as baits across an organisation to drive malicious activity to the sensors and reveal attackers. The Lures cover strategic pivot points such as endpoints, Windows, macOS and Linux servers and workstations.

Lures give attackers illusive ways to elevate privileges, move lateral, or collect intelligence. However, as soon as the attacker follows the "lead" (the Lure) to connect to the sensor's services, a real-time alert is triggered, giving crucial information as attacks happen.

Metallic's Scientific Framework

The foundation for Metallic ThreatWise comes from the MITRE corporation, which has been a signpost in the security industry for years. MITRE's databases contain known vulnerabilities (CVE) and mapping of cyber criminals' tactics, techniques, and procedures (MITRE ATT&CK). These databases are the basis of its' MITRE D3FEND and MITRE Engage cybersecurity frameworks.

Both cybersecurity frameworks include multiple deceptive approaches, demonstrating how powerful deception technology is for mitigating cyber risk. As for how it relates to Metallic ThreatWise, MITRE's D3FEND framework is the foundation for Metallic ThreatWise's data-minded deception deployment best practices.

As Metallic Threatwise is a Commvault venture, it benefits from Commvaults ultra-performant, lightweight and highly scalable technology.

Why do I need to use cyber deception?

It may seem unnecessary to have this level of data protection, but the situation's seriousness cannot be understated. According to Metallic, there were more than 700 million ransomware attempts in 2021, and the conversation now has to change from 'if' an attack will happen to 'when'.

Enterprise Strategy Group (ESG) research found that only 12% of organisations were confident that their ransomware protection tools were adequate. This is crucial considering that the research established that 88% of organisations reported that preventing data damage is one of their top concerns.

What makes Metallic ThreatWise different?

Compared to other deception services, Metallic ThreatWise stands out in several ways.

Firstly, it deploys data-driven deception layers from the inside out, allowing for the early detection and remediation of threats. 

Secondly, it combines all three key deception elements, Threat Sensors, Full System Sensors, and Lures, to engage attackers and divert traffic away from critical assets. This allows for more efficient use of resources, covering a larger surface area with seamless integration of deceptive devices. 

Additionally, Metallic ThreatWise offers 100% realism in its experience, making sensors and real assets indistinguishable. All attacker activity is recorded, giving customers complete control to disconnect or quarantine the attack in the earliest stages.

Defend your data, don't just recover it. To learn more about Commvault's Metallic, visit their website here, where customers can access a free trial or request a demo.