Security Firm Unveils SSD With Built-In Ransomware Protection To Safeguard Data

hero secure ssd plus
Cigent Technology is a data security company whose main product is the Data Defense software-as-a-service security suite. The company's about to introduce a new line of SSDs, though, and one of those is pretty interesting: the Cigent Secure SSD+, with automated anti-ransomware technology that claims to be able to protect sensitive data from sneaky malware before it gets encrypted.

How does this work exactly? Well, Cigent says that there's a microcontroller on the SSD that monitors all traffic going through the controller. It apparently uses machine learning (or "AI") in some fashion to tell what traffic is normal everyday I/O and what is ransomware. Once it detects ransomware activity, the drive will lock and require multi-factor authentication to access files.

This brings up all kinds of questions, but thankfully, we have answers to a few of them. First of all, this scanning process supposedly has no impact on the performance of the drive because the microcontroller is connected to the SSD controller, and not in the main data path. Also, the technology isn't infalliable—Cigent admits on the datasheet that it's possible some data could be modified before the drive locks it.

secure ssd plus capabilities

That's to say nothing of the still-unreliable nature of most machine learning technologies. In the worst case, having your drive locked until you unlock it isn't that bad, but it could certainly be a huge problem if there are a lot of false positives. Likewise if the solution doesn't actually work when it needs to. The Secure SSD+ datasheet says that it has "mature ML algorithms" that "provide protection against newest ransomware," and also that detection sensitivity can be dynamically tuned, so that's good, at least.

Still, Cigent says that it's a much better solution than typical Endpoint Detection and Response (EDR) products because those offerings typically rely on responding after the attack has already occurred, not as it happens. In a statement to The Register, Cigent's CRO says that the SSD puts attack prevention "as close to the data as possible" so that it can prevent attackers from destroying data even if other security measures have been breached.

Currently, the Secure SSD+ has to be used as the primary operating system drive in whatever system is using it, and it has to be running Windows—no support for Linux yet, although Cigent says that's coming soon. The datasheet is understandably focused on the security features of the NVMe SSD and very light on hardware details, but we know it will be using some sort of Phison controller and that it will come in 480, 960, and 1920 GB capacities when it launches in May.