Security Firm Unveils SSD With Built-In Ransomware Protection To Safeguard Data
How does this work exactly? Well, Cigent says that there's a microcontroller on the SSD that monitors all traffic going through the controller. It apparently uses machine learning (or "AI") in some fashion to tell what traffic is normal everyday I/O and what is ransomware. Once it detects ransomware activity, the drive will lock and require multi-factor authentication to access files.
That's to say nothing of the still-unreliable nature of most machine learning technologies. In the worst case, having your drive locked until you unlock it isn't that bad, but it could certainly be a huge problem if there are a lot of false positives. Likewise if the solution doesn't actually work when it needs to. The Secure SSD+ datasheet says that it has "mature ML algorithms" that "provide protection against newest ransomware," and also that detection sensitivity can be dynamically tuned, so that's good, at least.
Still, Cigent says that it's a much better solution than typical Endpoint Detection and Response (EDR) products because those offerings typically rely on responding after the attack has already occurred, not as it happens. In a statement to The Register, Cigent's CRO says that the SSD puts attack prevention "as close to the data as possible" so that it can prevent attackers from destroying data even if other security measures have been breached.
Currently, the Secure SSD+ has to be used as the primary operating system drive in whatever system is using it, and it has to be running Windows—no support for Linux yet, although Cigent says that's coming soon. The datasheet is understandably focused on the security features of the NVMe SSD and very light on hardware details, but we know it will be using some sort of Phison controller and that it will come in 480, 960, and 1920 GB capacities when it launches in May.