SSD Uses AI to Protect Your Data From Ransomware Attacks

Cigent Secure SSD+
Cigent Secure SSD+ (Image credit: Cigent® Technology, Inc.)

Cigent Technology, Inc., a specialist in data security, has announced the company's new lineup of Cigent Secure SSD+ drives. Unlike the company's previous Secure SSD series, the Cigent Secure SSD+ debuts with a unique AI microprocessor that uses machine learning (ML) to stop ransomware attacks and prevent perpetrators from stealing or encrypting the data on the drive.

The Cigent Secure SSD+ focuses on a prevention-first approach, to impede ransomware attacks before they can do any damage. This means allocating the attack prevention inside the storage itself. The integrated AI microprocessor monitors the SSD's activity with ML algorithms to fight ransomware attacks. In addition, consumers can tweak the detection sensitivity to their needs to avoid false positives.

Together with the company's Cigent Data Defense software, the Secure SSD+ has a couple of protection mechanisms in place once it detects a potential attack. For example, the SSD can go into a "Shields Up" mode, requiring multi-factor authentication (MFA) from users to access protected files. In addition, the software can automatically contain the data on the drive to block any unauthorized access from malware or Windows processes. Alternatively, users can put the drive in read-only mode so attackers can't modify, erase or encrypt the data for ransom.

Once an attack is detected, the Cigent Data Defense software gives security personnel a heads-up to activate "Shields Up" on other Cigent-protected systems on the network, even if they don't house a Secure SSD+.

The Cigent Secure SSD+ logs all data access to the drive, so it's nearly impossible for criminals to cover their tracks in an attempt to steal any data. Furthermore, the company has implemented safeguards to prevent bad actors from disabling security controls. Additionally, an embedded storage firmware hides the SSD's data if the Cigent Data Defense software is disabled. Finally, a future update will reportedly prevent criminals from closing, wiping, or accessing the data if the drive is booted from a different operating system.

There are a few caveats with the Cigent Secure SSD+, though. First, consumers need to install the SSD as the primary drive with the operating system. In its current form, ransomware detection is only available on Windows, although Linux support should arrive soon. Finally, the ML algorithm, although mature, isn't perfect. So some files may fall victim to ransomware before the protection kicks in.

The full Cigent Secure SSD+ specifications are unknown at this point. The manufacturer only confirmed that it's an M.2 2280 drive with a double-sided design. Therefore, the SSD may not fit ultra-thin laptops. The Cigent Secure SSD+ will be available in May 2023, so we should have more information on the performance and pricing very soon.

Zhiye Liu
News Editor and Memory Reviewer

Zhiye Liu is a news editor and memory reviewer at Tom’s Hardware. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

  • bit_user
    I'm reminded that Intel bought McAfee back in 2011, saying the same sorts of things about putting anti-virus into the hardware. The problem with that is false-positives. When it happens at a software level, you can just get an annoying pop-up or whatever. But, if your hardware decides something is a virus and just decides to abort, then it looks & acts pretty much like a random failure.

    Speaking of this product, there are a couple ideas I like. For instance, being able to prevent log file erasure, at the hardware level, sounds interesting. Tricky to implement, but maybe if you put them in a separate volume with a special flag set in the partition table, the drive could key off of that to know they're logfiles.
    Reply
  • citral23
    What this industry has come to invent to try to make up for Microsoft's abysmal security practices never ceases to amaze me
    Reply
  • USAFRet
    citral23 said:
    What this industry has come to invent to try to make up for Microsoft's abysmal security practices never ceases to amaze me
    Ransomware is almost entirely the result of clueless user action.
    And not trivially fixed due to actions (inactions) by clueless system administrators.
    Reply
  • hotaru251
    citral23 said:
    make up for Microsoft's abysmal security practices
    defend is basically good as many 3rd party anti virus now-a-days.
    and randomsware and like are always advancing so gl trying to entirely shut them out.
    Also practice proper backup & msot home users have no need worry about ransomware.
    Reply
  • cryoburner
    bit_user said:
    I'm reminded that Intel bought McAfee back in 2011, saying the same sorts of things about putting anti-virus into the hardware. The problem with that is false-positives. When it happens at a software level, you can just get an annoying pop-up or whatever. But, if your hardware decides something is a virus and just decides to abort, then it looks & acts pretty much like a random failure.
    In this case though, it sounds like the monitoring software will pop up a message when the hardware blocks access, and allow the user to override it. There's not really any reason Intel couldn't do something similar. Of course, false positives could disrupt business, particularly if they require someone to look into what's happening and perform multi-factor authentication once they've determined that it's not a threat.

    citral23 said:
    What this industry has come to invent to try to make up for Microsoft's abysmal security practices never ceases to amaze me
    Except there's been Linux ransomware too.
    Reply
  • hotaru.hino
    citral23 said:
    What this industry has come to invent to try to make up for Microsoft's abysmal security practices never ceases to amaze me
    What "abysmal" security practices?
    Reply
  • bit_user
    cryoburner said:
    In this case though, it sounds like the monitoring software will pop up a message when the hardware blocks access, and allow the user to override it. There's not really any reason Intel couldn't do something similar.
    Not really for server apps, where increased security would have the greatest business value.

    And let's look at what actually happened. Intel sold off McAfee, without ever fulfilling its promise to integrate their technology into its hardware. So, it was all for naught.
    Reply