Over the past several months I have been told by numerous DoD Command and C-Level Federal Agency executives that they are being kept up at night by the possibility of a ransomware attack that they could not recover from. This is a real concern in all aspects of IT. There are some good solutions that I have discussed with the individuals that not just work but work great.
First and foremost, a good first line of defense along with the rest of the cybersecurity solutions is a good malware solution. Also, key to this is making sure your malware solution is kept updated.
The second is user education, know when to click and when to not click.
As far as backups go, Dell Technologies has two very viable solutions. The first is their Data Domain solution that features a two-factor authentication, and the other very important feature is that the system clocks cannot be changed in order to cause the data backed up to reach the expiration date via a threat actor.
If you are like me, you are asking yourself, what if they restore the malware again? That is always a possibility with any solution that is not running analytics on that backup data. This is where the up-to-date malware comes into play.
Data Domain also has an option for using tape as an offline medium (I know, I have heard tape is dead also, but it still lives). This meets the air-gap challenge of getting the data totally offline, but still leaves the chance to restore a threat.
My favorite solution is, the Dell Technologies PowerProtect Cyber Recovery Solution. Here is the reason why! Good is not good enough – nor is DR.
|Threat or Issue||Problem|
|Backup||Ransomware: Can mount, delete or even encrypt data or catalog, destroy server|
|Insider: Delete the backup.|
|Snaps||Ransomware: PRO is short, sleeperware issues, destroy server|
|Insider: Delete snaps|
|“Immutable” or “Hidden”||Ransomware: Be careful of definition; immutable/hidden in what manner; is it 17a4-(f)(2) equivalent?|
|Insider: Simply delete the data|
|True Retention Lock||Ransomware: Good protection – but need to also protect the catalog: single platform failure|
|Insider: Turn off RL – There is not Admin Override.|
|Disaster Recovery||Ransomware: Nature, impact of disaster different – isolated, targeted selective|
|Insider: No need/value|
Step 1 in this solution is a synchronized air gap between the production backup Metadata and the backup data. Step 2 Immutable copies of backup meta data and data are stored. Analytics, Machine Learning and Forensic Tools are used to Quickly Detect & Recover from Attack. Step 3 Any threats or suspected threats are placed in a Sandbox to prevent an attack from being restored.
This solution is a total turnkey solution that includes Software/Hardware and Services to manage a secure Air-Gapped vault holding clean gold copies of your mission critical backup data providing rapid restore after a cyber-attack.
In closing, I understand that the big push is cloud, but when it comes to your missions RPO and RTO the cloud will not make the cut. I am not saying cloud is bad, but there is certain mission data that just cannot reside in the cloud. When that cyber-attack happens, knowing you have a solution that can restore clean data is absolutely mission critical.
To take a deeper look into the Dell Technologies Cyber Recovery Solution, please reach out to your IMPRES Team and we will be happy to sit down with you and architect your mission critical air-gapped vault.
Hello everyone. Thanks for stopping by our blog! I joined IMPRES Technology in May of 2018 as a Senior Systems Engineer. Prior to that I had spent over 20 years in the IT industry as a Systems Engineer specializing in enterprise level datacenter solutions for companies like IBM, Arrow and TechData. I’ve embraced the opportunity to work in the federal space supporting our DoD war fighters and civilian agencies. When not busy assisting customers and partners, I enjoy spending time in the outdoors and with my family and friends or volunteering at Habitat for Humanity.