- Understanding Kubernetes Persistent Volumes - Mon, May 29 2023
- Pulseway 9.2: Remote monitoring with workflow automation - Thu, May 18 2023
- ENow Active Directory Monitoring & Reporting - Tue, May 16 2023
Is cloud ransomware protection needed?
When thinking about cloud migration to a hyperscale cloud service provider like Microsoft, is ransomware a cybersecurity threat that needs consideration? Emphatically, yes. Ransomware can still infect cloud SaaS environments in a couple of ways. These include:
- Cloud OAuth abuse
- File synchronization
Cybercriminals often abuse OAuth permissions delegation. OAuth is the mechanism that enables third-party applications to access your data without giving the application your account password. Attackers use malicious cloud SaaS applications that post as legitimate apps, request OAuth permissions, and then use the delegated permissions to launch a ransomware attack. Attackers may lure end users into installing malicious cloud applications through phishing emails or browser plugins.
File synchronization is another attack vector. An end-user client using OneDrive for Business file synchronization provides a ransomware pathway to infect your Microsoft 365 cloud storage environment. If the end user client with OneDrive becomes infected with ransomware, the ransomware will encrypt OneDrive files. These, in turn, synchronize to the cloud. The ransomware-encrypted files will replace the good copies in the cloud, locking all users out.
What is SpinSecurity?
SpinSecurity is a cybersecurity solution that is part of SpinOne. SpinOne provides organizations with an all-encompassing cloud SaaS backup and cybersecurity solution that allows them to protect and secure their data. Cybersecurity is a vital part of the overall data security strategy of modern enterprises.
Attackers use techniques and technologies that have evolved to compromise cloud SaaS environments. SpinSecurity provides modern, next-generation technology that allows businesses to protect their valuable data assets in the cloud against these types of cybersecurity attacks. It features the following capabilities:
- Artificial intelligence-powered ransomware detection
- 24 x 7 x 365 automated monitoring
- AI-based ransomware recognition
- Alerts and analytics
- Automated ransomware protection and remediation
SpinSecurity provides proactive cybersecurity capabilities not natively found in cloud SaaS environments like Microsoft Office 365, such as proactive ransomware protection. Most ransomware protections offered natively by cloud service providers like Microsoft are reactive. A case in point is file versioning provided natively. File versioning does not stop ransomware from infecting your cloud environment. It simply provides a way to attempt recovery. SpinSecurity offers a proactive approach to ransomware protection.
Proactive ransomware protection
SpinSecurity provides proactive ransomware protection and remediation. It serves to quickly limit the "blast radius" of a ransomware attack and also proactively recover your data. It does this using a four-step process that includes the following workflow:
- SpinSecurity uses artificial intelligence (AI) algorithms to "watch" your Microsoft Office 365 environment. Any anomalies automatically trigger administrator alerts for visibility.
- Next, once a ransomware anomaly is detected, SpinSecurity identifies the source of the ransomware attack and blocks it. This action prevents additional files from being encrypted.
- After the attack source is blocked, SpinSecurity scans the entire data set and identifies files that have been affected by the ransomware process.
- Once infected files are identified, SpinSecurity begins the process of restoring affected files proactively. A note on this step. Administrators can also choose to restore infected files manually.
This AI-driven proactive approach is much preferred for modern ransomware threats when compared to "kneejerk" reactions to malware and other malicious threats.
Installing SpinOne in Microsoft 365
SpinSecurity is part of the SpinOne cloud application in the Microsoft Apps marketplace. You can navigate to the Microsoft App marketplace after you log in to your Microsoft 365 admin portal, or you can register for the free trial from the SpinOne website.
SpinOne Microsoft 365 application in the Microsoft App marketplace
After you choose to install SpinOne in your Microsoft 365 environment, you will be asked to grant permissions to the application to access the data contained in your environment.
Granting permissions requested by the SpinOne application in Microsoft 365
One great SpinOne feature is its ability to select which region you want your data stored in and which cloud provider you want to use. Many cloud-to-cloud backup solutions only allow you to select a region for your data. SpinOne's options in this area offer much better data protection possibilities for your backup data. Ideally, you do not want your backup data stored in the same cloud SaaS provider environment as your production data. So, if you back up to Microsoft 365, you typically would not want to house your data in Microsoft Azure.
It is important to note that once you select the region and cloud provider, you can't change them later. So, set this option carefully.
Choose the cloud location for storing your backups
You will be asked to set your administrator credentials.
Setting up the administrator account for SpinOne
During the initial setup of SpinOne, you will be asked to configure the services backed up by SpinOne. By default, all services are flagged as enabled for backup.
Choose your default backup settings for Microsoft 365 services
If you want to reconfigure the settings enabled during the initial configuration, you can visit the global settings in SpinOne at any time. Under Settings, you can configure:
- Services backed up
- Automated backup frequency
- Reports
- IP address restrictions
- Default permissions
- Retention policy
- Update SpinOne access
Global SpinOne configuration settings
The SpinOne dashboard
The SpinOne dashboard for interacting with SpinSecurity features is intuitive, clean, and easy to navigate. It mirrors the look and feel of the Microsoft 365 interface that interacts with the solution. As you can see below, you have complete visibility into your backup data and which services have protected data. The Protection widget provides excellent visibility to any unprotected data. There is nothing worse than when you need to restore a backup only to find that the data was not protected. SpinOne enables quickly seeing any unprotected data in the Microsoft 365 organization. You can also see the backups and their history in the Last 14 days backup widget.
SpinOne Microsoft 365 dashboard
To navigate to SpinSecurity ransomware protection, click the Menu icon > Ransomware.
Navigating to SpinSecurity ransomware protection settings
The Ransomware Protection dashboard is straightforward and clear. You see any ransomware attacks that were detected, and you can configure the ransomware protection settings.
Viewing ransomware attack status and adjusting settings
Under Ransomware Protection settings, there are three toggle switches:
- Automatic file recovery
- Revoke application access
- Send notification
To turn on the proactive, automated ransomware responses, toggle the settings to On.
Configuring the automatic machine learning enabled ransomware protection settings in SpinOne
SpinOne's SpinSecurity Ransomware Protection module provides the best of both worlds here. The configuration of proactive ransomware protection is straightforward and easy. However, the functionality and capabilities it offers under the hood are robust and powerful. Once the settings are active, SpinSecurity's AI and machine learning (ML) capabilities start working to protect your organization.
Final thoughts and impressions
Cybersecurity protection is still vital in cloud SaaS. Attackers target businesses and their data housed in the public cloud. Modern ransomware variants are "cloud-aware" and often target cloud SaaS environments with OAuth permissions abuse and phishing emails. Rather than being immune to ransomware attacks, cloud SaaS can potentially be just as vulnerable as on-premises environments.
SpinSecurity, as part of the SpinOne solution, provides one of the most potent and robust ransomware protection solutions for Microsoft 365 found on the market. It leverages modern AI to proactively stop ransomware attacks, block the attack source, and automatically restore any affected files in the process. All ransomware protection operations can be handled automatically, without administrator intervention. SpinOne provides other great data protection features, such as automatic, properly versioned backups, unlimited retention, and the ability to choose the cloud and region in which backup data resides.
Subscribe to 4sysops newsletter!
You can learn more about SpinOne and sign up for a fully featured trial version of the solution here.
