In a world where data security is a growing concern, the solid-state drive (SSD) is more vulnerable than ever and susceptible to stealthy attacks. In this article, Sebastien Jean, CTO of Phison Electronics, shares insight into how cybersecurity is evolving with new technologies like self-defending solid-state storage devices (SSDs).
While most SSDs are generally safe behind layers of OS security, an attacker can penetrate these countermeasures to steal critical and sensitive data stored on the drive. In some cases, hackers perform a ransomware attack, forcing vulnerable users to pay to get the data back instead of stealing the data. But there is a way to fight back! A new generation of self-defending SSDs is now combating threats such as data theft, malicious cyber crooks and ransomware.
The Covert Risk of Data Leakage on SSDs
SSDs are ubiquitous and can be found on laptops, smartphones and tablets. IT pros need to sound the alarm on the hidden threats in SSDs with insufficient protection in the workplace. For example, to access data on an SSD, the attacker must either infiltrate the OS security over the network or gain physical access to the host. Though these devices usually have some level of security, passwords can be stolen. Once the OS protection is breached, traditional SSDs contain minimal security protections against sophisticated hackers. Passwords, endpoint protection, firewalls and intrusion detection systems are designed to keep malicious users out, but unfortunately, these defenses frequently fail.Â
Stolen devices present an additional hidden danger for SSDs to be exploited by unauthorized access. Cyber thieves bypass all the system protection by removing the drive from the laptop or server. Once that step is taken, the data can simply be read through the standard user interface.Â
Benefits of Self-Defending Storage Devices in Thwarting Threats
With the emergence of new and innovative self-defending SSDs, current industry solutions can detect and prevent attacks. Below are key advantages of how self-defending solid-state storage devices.Â
- Spotting suspicious access patterns: The firmware on the self-defending SSD is intuitive and, through machine learning, establishes what normal read/write access patterns look like for each user. Notably, the SSDs firmware can also spot abnormal attempts to access its data. For instance, if Logical Block Addressing (LBA) access is repetitively reading data and immediately writing it back to the drive, this likely represents ransomware using bad encryption. The self-defending SSD looks for changes over time, so a slow ransomware algorithm can also be identified. Through observation, it will detect the presence of malware and other nefarious abnormalities that often go unnoticed until it is too late. The self-defending SSD will respond and protect itself when it sees such an anomaly by locking down access and giving the user a chance to respond.
- Recognizing when the drive has been disconnected: Sophisticated thieves may attempt to remove the drive from the host device, but the self-defending SSD can recognize when this is happening through a disconnect circuit. The drive uses supercapacitors to power its monitoring, even if the device has been disconnected from power. If the drive’s â€œheartbeatâ€ signal is not detected, the drive will take defensive measures. The drive is tough to tamper with as a result.
- Sensing when the device is being moved: The self-defending SSD has an onboard accelerometer similar to a fitness band. It can sense when it is being jiggled or transferred without authorization. If a user goes out to lunch or leaves their hotel room, they don’t expect their laptop to move. However, if the device does move, this is not a good sign. Fortunately, the SSD detects the movement and locks itself down. A similar statement can be made about corporate servers. If a drive moves after it’s installed in a server rack, it’s not a good thing, and someone should be notified. Again, this is where self-defending SSDs come into play.
Establishing a Defensive Security PostureÂ
With a defensive storage-computing architecture, the SSD’s attack surface is smaller for hackers to infiltrate. The self-defending SSD has a dedicated security CPU equipped with machine learning and other advanced protection. This compute-storage combination enables the SSD to run its pattern recognition program and employ defensive sensing capabilities. The firmware integration positions the SSD’s defense mechanisms below the host’s software, operating system (OS) and BIOS firmware. In this capacity, the SSD can process threat data right without interacting with any other element on the device or network.Â
When the SSD detects an attack, it can take several actions such as alerting the support application, locking the drive (making it impossible to unlock without cryptographic authentication keys), and erasing the drive for ultra-secure cases in less time than it takes to blink.
Embracing Self-Defending SSDs to Safeguard Company Secrets
Data on SSDs are vulnerable because it creates an entry point for hackers to harvest sensitive data or exploit an attack. If OS-based countermeasures fail, the drive is often susceptible to logical and physical threats. This may be an unacceptable vulnerability in a sensitive enterprise or government setting. Small businesses are at risk of losing access to customer data. Home users may have financial or medical records exposed. Now, self-defending SSDs are transcending the cybersecurity landscape and prioritize protection for valuable data. Self-defending SSDs carry a variety of attack detection and response mechanisms on their own firmware, powered by unusually robust storage-compute functionality. These capabilities represent a new and uniquely powerful approach to protecting data on flash storage devices.Â
Which recent cybersecurity tools and systems have made you and your business safer? Tell us about it on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know!