[Immutability and air gapping] are the really common strategies that pretty much all the backup products that have security in them utilize. Unfortunately, the bad guys know about this. They’re making a lot of money with ransomware. And so they’re not going to let that deter them,’ says Pete Nourse, Asigra’s chief revenue officer and chief marketing officer.


Two of the most common tools for combatting ransomware on the data storage side—immutability and air gapping—are becoming less effective as ransomware attacks become increasingly sophisticated.

That’s the word from Pete Nourse, chief revenue officer and chief marketing officer at Asigra, the Toronto-based developer of data protection technology for managed service providers.

“[Immutability and air gapping] are the really common strategies that pretty much all the backup products that have security in them utilize,” Nourse said. “Unfortunately, the bad guys know about this. They’re making a lot of money with ransomware. And so they’re not going to let that deter them.”


Nourse was speaking Monday at XChange August 2022, a conference put together by CRN parent The Channel Company.


Asigra is at the intersection of backup and cybersecurity, Nourse said. Asigra provides the software to protect data, but it does not provide a cloud, and so MSPs can work with on-premises storage or the public or private clouds of their choice, he said. And, he said, that technology can be the basis for a security conversation with clients.

“You can walk into almost any company and say, ‘Look, we should talk. We’re pretty sure that you have some vulnerabilities here, some ransomware.’ That’s gonna get any business owner’s attention. So if you‘re trying to grow your business, that’s an important ability to be able to walk in or send a quick email and get some attention rapidly.”

MSPs will often be in a competitive situation with other data protection offerings, and should have some technology differentiator instead of just lower pricing to compete, Nourse said.

“If you go in there with something that truly is unique and turn it from an apples-to-apples, ‘my apple is cheaper than their apple,’ conversation, into an apples-to-cantaloupe conversation, it gives you a competitive advantage, especially when it comes down to security,” he said. “It’s the one thing that really gets their attention. … We have a really simple pricing plan, by physical or virtual machine. And we vow not to lose any deals on price.”

Asigra’s differentiated technology, first of all, replaces agents with what the company calls Data Security Modules, Nourse said. Agents, he said, need to be fast, but are typically not scalable enough to continually update for new malware attacks.

Asigra also provides unique capabilities to enhance the security of the data by combatting new sophisticated malware attacks that defeat common file immutability and air gap technologies, Nourse said.

The need to beat those new attacks is urgent, he said.

Attackers, often working with technology provided by other hackers as a service, are targeting backups in a couple of ways. One type of attack is the Trojan or sleeper attack, which has actually been around for a while, Nourse said. In a Trojan attack, ransomware is embedded in a file, and is activated after the file is backed up. After a ransomware attack, if the business recovers data with the sleeper ransomware, the recovered data is still subject to ransom.

Asigra does this by scanning data as it’s backed up and as it’s restored, Nourse said. The data is scanned for malware initially via the company’s Data Security Module, and then is scanned again when the data is restored from the backup, he said.

“At this point, it’s very simple for our scanners to find and quarantine the ransomware,” he said. “At that point, you can restore clean data and get the company back up and going. So it‘s really a fundamental difference in what we’re doing. We‘re not just scanning in the backend. We’re also scanning in the middle of the network flow.”

The other big area is credential theft, which in the last year were part of 60 percent to 65 percent of all malware attacks, Nourse said.

“When it comes to backup, they get the backup credentials, and they‘re gonna use the system against itself,” he said. “[They get] my password, and they’re going to change the retention period for the hospital that I work for from three years to three minutes. So that‘s not good. In the same scenario, they could be redirecting the backup. So it’s not backing up to the server you think it is. It‘s backing up to a server in who knows where.”

Asigra combats this simple method of getting around air gapping and immutable storage with something it calls Deep MFA, or multi-factor authentication. Nourse said. It includes the expected password and biometrics key that hackers can sometimes get around, but also includes a two-step deletion process combined with a multi-person, multi-factor authentication process, he said.

“This means once you’re in the system, you‘re authenticated again,” he said. “You just don’t have the authority to run around and do anything you want, deleting all the data. If you‘re going to do something critical like changing retention periods or deleting or rerouting backups, and you can set this to what you want, multiple people have to authenticate at the same time.”

The second person could be at the customer site, a system administrator, or an executive at the MSP, Nourse said.

“It has to be coordinated,” he said. “It has to be done together, and could also be tied to compliance. This is also really important to fighting insider threat.”

Robert Goodwin, chief technology officer at Infosystems, a Chattanooga, Tenn.-based MSP, said Asigra seems to have a unique approach to tackling ransomware issues with its agentless technology and the scan-in, scan-out capabilities.

Goodwin told CRN that Asigra’s scan-in, scan-out technology can’t guarantee every bit of deep ransomware can be eliminated, but then again no technology can do so.

“It’s not a bad method,” he said. “I mean, they’re putting out thousands and thousands of different malware and other attacks every day. There’s no company that’s gonna keep up with that. None of us good guys have the financial resources or backing to dedicate to try to chase all that down. So I think they got a pretty solid product there.”

Goodwin said his customers are already seeing some of the sophisticated ransomware attacks Nourse mentioned, but getting them to put the latest technology in place is not always as easy as it should be.

“You can lead the horse to water, but you can’t make it drink,” he said. “We’re like, ‘Hey, warning, we’ve done a security analysis on your environment, you should do this.’ They say, ‘Ah, we don’t want to spend the money on it.’ Boom! Then, ‘Now you think it‘s important. Now you’re throwing all kinds of money at it.’ Right?”

Infosystems serves as the trusted advisor for about 80 percent of its customers, Goodwin said. 

“So about 80 percent of our customers, I’m gonna say, will listen to us and go, ‘That’s OK, we know what you‘re talking about, so yeah, we’ll do this,” he said. Then there’s the handful, the 20 percent, that are like, ‘Well, we don‘t have the budget,’ or ‘It’s not important to me,’ or some C-suite guys saying, ‘We’re not doing that.’ And then disasters happen.”

Leave a Reply

Your email address will not be published.