45Drives adds ransomware protection and encryption to Ceph

Open source storage systems supplier 45Drives has developed SnapShield ransomware protection and CephArmor encryption for Ceph.

Ceph, developed by RedHat, is an open source object, block, and file storage with three copies of data kept for reliability. 45Drives is a Protocase subsidiary with offices in North Carolina and Nova Scotia. It supplies the Storinator storage server, Stornado all-flash server, Proxinator virtualization server, Destroyinator drive wiping, enterprise drives, plus other products.

SnapShield uses real-time behavioral analysis and functions as a “ransomware-activated fuse,” snapshotting files every five minutes. When it detects ransomware, it disconnects the compromised client from the server and snapshots existing files. The theory is that the attack is stopped quickly after it starts and damage is limited.

45Drives president Doug Milburn claimed: “It catches the attack within a few tens of files.” 

SnapShield maintains detailed logs of the malicious activity, produces a list of damaged files, and offers a restore function to “quickly repair” any affected files. 

45Drives diagram
45Drives diagram

There is no requirement for client-side agents and it has minimal impact on system performance. It’s compatible with 45Drives storage systems running ZFS or Ceph with Windows file sharing. 

45Drives says Ceph lacks native block and file encryption and it has partnered with the University of New Brunswick (UNB), Faculty of Computer Science, to develop CephArmor object-level encryption to fill the gap. This is an enhancement to Ceph’s Reliable Autonomic Distributed Object Store (RADOS) layer and encrypts data, at object-level, before it is stored. Evaluations on the Storinator hardware have shown that the added CephArmor security layer maintains Ceph’s performance levels.

We’ll have to wait, though, as the CephArmor project is expected to be ready for implementation by the end of 2025.

Check out a SnapShield video here.