Nutanix increases ransomware resistance

Nutanix has hardened ransomware defences cross its hybrid multicloud software stack. The company has made Flow, Files, Objects and Mine more resistant to ransomware, signed up for Microsoft’s Credential Guard and gained independent certification for its immutability.

Rajiv Mirani

“CIOs and CISOs know that there is no one solution that provides 100 per cent protection against ransomware or other types of malware attacks, and the current remote and hybrid work models widen an enterprise’s attack surface,” Nutanix CTO Rajiv Mirani said yesterday.

“Enterprises need a defence in depth approach to security, starting with their IT infrastructure. … Nutanix delivers a strengthened cloud platform out of the box, with an even richer set of ransomware protections available now.”

Nutanix Cloud Platform

Under the hood

By ‘cloud platform’, Nutanix is referring to its entire software stack. Flow is the network security part of that stack and its Security Central component uses machine learning and IP reputation services to identify known attack vectors, including potential ransomware, at the network level. It monitors networks for anomalies, malicious behaviour, and common network attacks. The software checks endpoints, such as VDI installations, to identify traffic, such as ransomware infection, coming from disreputable locations.

The File Analytics part of Nutanix Files now:

  • Detects abnormal and suspicious access patterns and identifies known ransomware signatures to block data access in real-time, 
  • Identifies file shares where replication and snapshots have not been configured appropriately and alerts IT administrators,
  • Provides immutable snapshots preventing tampering and deletion. 
  • Accelerates ransomware recovery via native snapshot capabilities when enabled on file shares.

Nutanix Objects has more granular permissions to access object data:

  • Configure Write Once Read Many (WORM) policies for individual files and objects to help guard against unauthorised deletion or encryption of data,
  • Automated WORM protections by classifying data under a “legal hold” to prevent tampering or malicious destruction, 
  • Data access permissions at a bucket level so IT administrators can better secure multi-tenant environments.

Nutanix said Cohasset Associates has reviewed Objects’ locking features and confirmed they meet the non-rewritable, and non-erasable storage requirements for electronic records specified by SEC, FINRA, and CFTC regulations.

Nutanix Mine, the company’s secondary data backup offering, now provides direct backup to Objects when using Mine in conjunction with HYCU data protection software. All ransomware protection that is natively available in Objects, such as immutability and WORM, will also be applied to backed up Mine data.

Nutanix has qualified Veeam Object Immutability and certified other backup vendors to extend its ransomware protections to backups.

The company now supports Microsoft Windows Credential Guard for virtual machines and virtual desktops running on the AHV hypervisor. This adds protection from malware using credential theft attacks on Microsoft OS environments.