Not logged in » Login
May 13 2022

Ransomware – better prevent than pay with Fujitsu Ecosystem

As cyberattacks like ransomware are becoming more and more sophisticated, the phrase “data equals money” expresses the key operational role played by data protection. It keeps the business up and running – not just the IT.

The changing marketing dynamics are driving a new IT setup, which enables higher agility to adopt to new demands. This results in a highly distributed IT infrastructures stretching from the edge (e.g. smart devices, smart factories, the internet of things) to the data center to public clouds. Naturally, these new architectures include more external networks and external IT in general. Consequently, the entry points for potential cyberthreats like ransomware are increasing.

In our series about ransomware, this blog entry provides details about the capabilities of our data protection ecosystem thwarting ransomware.

Image

 

Data protection is a must

Data protection is not a matter of backups, but rather about safeguarding data integrity and ensuring the availability of data for your business when you need it.

A regular, secure backup is the most important preventive measurement – to keep the data available even in case of a ransomware infection. In addition, immutability through isolation of backup data is a critical component of an effective ransomware recovery plan.

In a normal scenario, a ransomware attack happens at the production server, and as it can take months to identify, by then the encrypted data is also backed up and moved to other locations. In such circumstances, the only data which will be safe is your immutable and air-gapped backup data.

 

Image

 

Data protection appliances against ransomware

ETERNUS CS800 backup appliance with backup to tape and secure snapshot features

Our ETERNUS CS800 provides a powerful solution for meeting backup needs and SLA requirements that helps minimize disk requirements, shrinks replication bandwidth needs, and supports secure backup against ransomware attacks.

  • Path-To-Tape

All models of the ETERNUS CS800 offer an application-specific direct path-to-tape (PTT) for copying backup data to an external tape library like ETERNUS LT. Tape provides the last line of defense against ransomware with offline, air-gapped backup, which prevents data from corruption.

  • Secure Snapshot

By using the new feature, the ETERNUS CS800 moves snapshot data to an isolated and secured location within the appliance. This data cannot be deleted or encrypted, making the backups (snapshots) immutable, which in turn means high defense and fast recovery by meeting SLA-required RTOs and RPOs.

Data is recoverable immediately because snapshots will be available in their immutable state in the backup appliance and will become visible to the backup application as soon as the recovery begins. Point-in-time snapshots are quickly identified, and customers can restore images to a newly created share.

Secure Snapshot is free of charge but requires the latest software version 4.5.

 

ETERNUS CS8000 with media break and WORM capabilities

ETERNUS CS8000 is the most reliable central repository for backup, archive, second tier, and object data. Data is automatically managed between different storage tiers, including SSD, disk, deduplication and tape technology, as well as different performance and availability levels.

  • WORM 

The data stored on the ETERNUS CS8000 can be made immutable – data remains as written — with the help of WORM (Write Once, Read Many) technology. The WORM feature makes it possible to protect data for the retention period you specify. During that time, the data can neither be modified nor deleted, creating an additional security layer. Furthermore, the data is immediately accessible, eliminating the need for a lengthy backup process. Policy-based data protection features also let you replicate that data to multiple sites, or to the public cloud if desired. In this case, your data is protected from site-specific threats as well. In the event of a malware attack, restoring your data becomes a simple task of recovery. Administrators roll back to the last good backup before the ransomware was executed and perform a restore, and voilà – your data is back in business.

  • Media Mix

The cross-media mix of ETERNUS CS8000 makes it possible to store data copies on various media and across long distances at geographically separated sites. This media break provides a physical and logical separation of backup data from the primary storage, making the data backup invisible for hackers.

 

Tape technology as the last line of defence

More and more organizations are reconsidering using tape in their data protection strategy to safeguard business data from cyber threats. The LTO (Linear Tape Open) technology provides several capabilities:

 

Image

Encryption: LTO tape drives use the 256-bit Advanced Encryption Standard at the hardware level, and the access is only granted with the encryption key.

 

ImageImmutability: A physical tab on the cartridge can make any tape into a write once, read many (WORM) media.

 

ImageAir gap: If you remove the tape media from a library, nobody can access, modify, or delete the data on the cartridges.

 

ImageOffline: No connection to the network if the tape media is not loaded into the tape drive.

 

ImageBackup scanning: LTO allows scanning of data upon restore to detect and delete malware.

 

 

ETERNUS LT meets data protection needs

ETERNUS LT140 offers multiple options to safeguard your data in the library or offsite with data encryption, depending on the requirements for policy, regulation, compliance, and centralized key management. The modular design with easy exchange of magazines provides the flexibility to use data storage in library or off-site, in a secure and fire-proof location.

 

Quantum Scalar Libraries with extended security framework

In addition to the already outlined tape features, the Scalar tape libraries from our partner Quantum provide multiple security levels:

  • Level 1 – Active Vault: Secure, isolated in-library vault partition not visible to applications or network;
  • Level 2 – Tape Locking: prevents robot from moving tapes via software locking;
  • Level 3 – Ransom Block: Partial eject of magazine to create a physical barrier.

 

The exclusive feature set controls system access, while also providing system monitoring and event detection, data security, encryption, and unique features for cyber protection and data integrity. 

For more details, please read The Quantum Scalar Security Framework: A Technical White Paper.

 

Data protection software

In addition to implementing a multi-tier, secure backup with innovative hardware technology, you need software suites for intelligent data management and protection. Leveraging leading data protection software from our partners Commvault, Veritas, and Veeam, Fujitsu can offer a secure and flexible ecosystem depending on your needs.

For the specific ransomware protection offerings of our software partners, please visit the following blogs:

 

Summary – ransomware strategy

Fujitsu provides a data-driven ransomware strategy to help you strengthen your resilience against ransomware attacks and improve the security of your data – on-premises, in the cloud, or anywhere else. With our strategy, we assist you in implementing data and storage solutions that prepare your company for cybercrimes like ransomware attacks. First, we begin with a thorough examination of your business needs and existing ransomware gaps. We then work with partners to help you build a secure and modern infrastructure. In subsequent steps, we show you how to protect your IT against any hackers who might be targeting your data.

 

Image

 

For a first discussion, we recommend using our new platform: The Fujitsu Customer Experience Lab. It is a new virtual co-creation metaverse to facilitate early-stage creative dialogue among customers and partners in its ecosystem. It offers unique virtual meeting spaces within a cybernetic city to conduct meta conversations.

Discover our comprehensive data protection portfolio at: www.fujitsu.com/dataprotection.

 

Helga Eppig

 

About the Author:

Helga Eppig

International Product Marketing Storage, Fujitsu

SHARE

Comments on this article

No comments yet.

Please Login to leave a comment.

X

Please login

Please log in with your Fujitsu Partner Account.

Login


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now