Neridio secure data manipulation prevents vault intrusion

Startup Neridio says it provides secure backup copies of data by making a whole series of transformations and shards to stop infiltrators accessing the original data.

Peter Chacko, Neridio
Peter Chacko

Neridio was founded in 2016 by CEO and CTO Peter Chacko. The company is based in Cardiff, Wales, and software engineering work is carried out in India. It is a cyber-resilience business with patented technologies and malware intrusion detection capabilities. The product set includes NervioSoc for Windows or Linux, code-named RationalVault, which brings AIOps, SecOps, and ITOps together to provide autonomous risk and storage intrusion mitigation systems for hybrid cloud and cloud-native platforms. It also provides a NervioGuard stored data security product, which is what we are going to look at here.

Chacko tells us: “Security is all about achieving negative goals with an adversarial mindset.”

The aim is that orgs avoid attacks or loss of data when criminals try to penetrate an organization’s defenses. This is quite different from a storage product or service design goal, which is typically about positive ends in a neutral environment. These have objective goals, such as providing 1,000,000 random read IOPS or 100 Gbps of bandwidth.

Security is not a one-dimensional skill, he says, and requires a multi-disciplinary background. From an operations point of view, security is as much a human issue as it is a technical issue. Humans make mistakes. An attacker only needs to win once whereas defenders need to win all the time.

Attackers learn and develop. Because of this, Chacko says: “Achieving security requires a proactive mindset with holistic thinking and a growth mindset, with a continuous learning attitude without being lulled into complacency and is a rarity.”

Neridio does “not cover ‘front-end’ cybersecurity because it is already addressed by great vendors. We were born to address the void in ‘back-end’ cybersecurity, targeting NAS storage systems, databases, and cloud-native systems.”

NervioGuard was designed from the viewpoint of providing a so-called data castle or ransomware locker, which is a fortified golden copy of data. Critical data in IT infrastructure is copied and sent to the NervioGuard vault, with an initial whole copy and then periodic incremental changes. The process involves compressing incoming data, then de-duplicating it and erasure coding it with Reed-Solomon dispersal algorithms with N:M (2-3 or 3-5) availability across multiple different storage vaults called cyber lockers. 

Neridio NervioGuard architecture

These can be in public or private clouds. They are isolated from the main network and segmented, with logical air-gapping for ransomware immunity so that they can tolerate more than one failure. A RAID-across-clouds (Redundant Array of Independent Clouds) helps secure the cyber lockers against failure.

The vaults and their contents are further safeguarded by continuous monitoring. Chacko tells us: “[We] monitor various storage and system activity and do a pattern matching against suspicious activity and respond with intrusion response operations.” There is an AIOps-based intrusion signature detection system. He adds: “We have built-in snapshots, versions with immutability and file system level CDP as part of the data castle.”

Neridio gold copy data management
Storage SoC is a Security Operations Centre, not a System-on-Chip

Any one or two vaults that are attacked and penetrated will not give the attacker any usable information, cause data loss, nor aid lateral propagation of the attack, says the exec. Neridio reckons this presents an impenetrable security barricade against external malware attacks and insider threats.

Chacko tells us: “This platform can be used as a secure, self-securing, self-defending archive storage tier as well.”

We suggest to Chacko that NervioGuard could be an alternative to data protection backup software like Cohesity, Rubrik, or Veeam, which all have cyber resilience features.

“You are correct,” he says, “a customer uses NervioGuard to protect NAS… that is just one of our use cases. We are not a data management company with some security. We are a data-centric security and risk mitigation company chasing data as it moves in space (from one site to another site) and in time (when it changes its value), with a comprehensive security design covering security at-rest and in-cloud (with our vaulting technology) and security under-operation with our AIOps-based system security and security in-motion and our exclusive path data routing technology across countries, having real time intrusion response at storage operations level.”

Chacko emphasizes: “We cannot replace great data management products like Cohesity/Commvault as we are not a data management company for application recovery with all backup recovery features. We only do it for completing the security and risk mitigation solution …One company you can compare use with is Continuity Software from Israel.”

Our understanding is that Neridio offers an extra layer of security for critical data as an addition to its general IT security activities. Check out the NevioGuard white paper here (registration required).