Not logged in » Login
Mar 21 2022

How to tackle the dynamic danger of cyberattacks with Veeam

Digital facilities are increasingly essential for the way organizations operate. The many cyberattacks publicly visible in the last few years and the extremely intrusive disruptions they caused, are an eye-opener for many on how dependent their core business processes are on digital technology in the event of disruption. The target of cyberattacks is 9 out of 10 your data. Data is the life blood of any organization, so any hindrance to its flow or quality will mean instant paralysis of the organization.

Image

 

Causing a business emergency for data protection

The key driver behind this is that the data protection challenges facing businesses are immense and diverse. For the second year in a row, cyberattacks have been the single biggest cause of downtime, with 76% of organizations reporting at least one ransomware event within the past 12 months (n=1880). Not only is the frequency of these events alarming, so is their potency. Per attack, organizations were unable to recover 36% of their lost data. Source: Data Protection Trends Report 2022 - http://vee.am/DPR22

Image

Figure 1 – Thinking about the most significant ransomware attack your organization suffered in the last 12 months, how did the ransomware enter your organization’s environment?

 

Most organizations are likely unaware of the cyberattacks they are facing on a continuous basis. When looking at how cyberattacks unfold, most are aimed at easy access vectors which include people, spam email, malicious links, theft of credentials, or a disgruntled employee selling access to your data.

 

Can you be 100% secure?

So how can we tackle the dynamic danger posed by such cyberattacks? Think about it like this: “a strong defence is hard to crack, but no defence is uncompromisable!” By taking realizing that you can’t prevent all cyberattacks, you need to take the necessary steps to be prepared to effectively protect your data when a cyberattack does breach your defences. 

 

Availability strategy

The most pressing question from most IT organizations these days is, “Can I recover from a ransomware disaster?” Recovery is almost always possible. Unfortunately, many organizations don’t feel confident in the recovery process, which is why it’s important to take the steps to ensure your environment can recover from ransomware. Create an availability strategy that runs through all steps needed so fundamental requirements will surface and get the right spotlight and attention.

 

Design for Recovery

Cyberthreat protection is not all about stopping threats at the front door. Intelligent attacks sometimes get through even the best defence systems. Backups will be your ultimate line of defence. In the past, you had to backup 100% of your data and you restored maybe 3-5% of that data during normal scenarios – i.e. meaning someone accidentally deleted something or equipment broke down.

With the risk factor outpacing the growth of data, the stakes changed dramatically: now, it’s necessary to have 100% restore capability. With the rapid growing data set, fast restoring capabilities have become even more critical and challenging with the laws of physics in mind. Now suddenly also the testing and validity of that data becomes more important than ever. How else can you be 100% sure that you will fully succeed in bringing all the data back.

 

“Backups are pointless if they don’t work”

 

Most organizations designed their infrastructure and processes for backup and not for recovery instead. The backup should fit within a 24-hour window, be sized for incremental throughput, and be stored on a small as possible footprint. Does that sound familiar? If so, you are with the other ~95% of organizations worldwide.

 

Instant Recovery at Scale

Veeam pioneered instant recovery of data in 2010 and has refined and extended this capability ever since. Today, Veeam is optimized to quickly restore multiple machines simultaneously to handle even the largest enterprise recovery needs. But you can also granular instantly restore a disk, database, or files (NAS). 

Image

Figure 2 – Instant Recovery by Veeam

 

To be able to instantly restore your services, look at your design and the components you put in place. For example, use a Fujitsu PRIMERGY server with Linux on it to create a fast Hardened Veeam repository, which brings immutability to your fast primary backup storage. But also, do not forget that you can use the storage integration with Fujitsu ETERNUS DX/AF series where you can orchestrate snapshots only through Veeam and instantly restore from those. And yes, snapshots are no backup but can certainly help in your availability strategy and battle against ransomware.

 

Where to recover to?

Think about where you are going to recover to, if your whole infrastructure is roped off like a crime scene because forensics are ongoing after a cyberattack that came through. By thinking ahead of time and being prepared on how and where you are going to recover, it becomes so much easier to make sure that a crucial data set is already positioned and ready at the designated location.  

 

Secure data recovery

Ransomware dwell times can be many months. Because of this, you need automation to ensure that you never restore malware back into your cleansed or new environment.

Building upon the Instant Recovery capability mentioned earlier, Veeam integrates with leading anti-malware solutions to deliver an automated recovery process to

check and clean infected backup data, ensuring that backup data recovered into production is free of cyber threats and that re-infections are eliminated. Veeam Secure Restore provides users an optional, fully integrated anti-virus scan step as part of any chosen recovery process.

 

Disaster Recovery Orchestration

Make no mistake, cyberattacks are disasters. In an emergency, your team needs automated, repeatable results. Your tool set must allow regular tests and audits of how quickly you could recover from a disaster, including automated testing of server and application accessibility and usability post-restore. And the testing process and results should be self-documenting to satisfy management and external security auditors.

Veeam’s industry leading Veeam Disaster Recover Orchestrator (VDRO) lets you fully automate and document complex workflows, including non-disruptive, large-scale recovery testing with dynamic documentation. Incident response/recovery documentation can also be updated with non-Veeam information, such as contact lists and other mission-critical response information.

 

Protection strategy

To even be able to recover, you need a solid foundation in the form of a data protection strategy. Cyberattacks are known to attack the backup layer, so you need to have a process in place to ensure resilience. Veeam recommends following the 3-2-1-1-0 backup rule, which is our enhancement of the well-known industry 3-2-1 rule. The rule states there should be at least:

 Image Figure 3 – Data Protection Strategy by the 3-2-1-1-0 Rule

 

As the threat of ransomware has evolved, we recommend at least one copy of data be resilient either by being air-gapped, offline, or immutable. This is imperative for effectively defending yourself against ransomware. We’ve also added a zero to the rule because automated backup verification ensures your data is valid and usable for recovery. Backups are pointless if they don’t work!

The first thing to do to protect your data from ransomware is to ensure you have a recent, successful backup. This backup becomes critical after machines have been encrypted. After encryption, you will need to restore to a previous backup.

Depending on how long the ransomware sat idle on your system, you will also want to scan the restored system to ensure you are not introducing the threat back into the environment.

 

Protecting your Backups

Cyber criminals now routinely attempt to encrypt or delete an organization’s backups as part of any ransomware attack. Success for the attacker is critical here because

without backups the victim must pay handsomely to recover their data. Resilient backups are simply backups that cannot be destroyed by an attacker — even one who has acquired administrative credentials. Trusted immutability is part of that solution to prevent modification and/or deletion. But also look at deploying other measures (e.g. encrypting your backups against exfiltration) and more to create that layered security defence.

ImageFigure 4 – Measures to protect your backups

 

Conclusion

How prepared are you against cyberattacks? Is your last line of defence solid, resilient, and secure? With Veeam, you already have all tools needed to your disposal to create that resilient secure backup as your last line of defence. Together with Fujitsu solutions, Veeam provides modern data protection to protect and manage ALL workloads from data center to edge to cloud.

 

If you like to learn more about how you can protect yourself from ransomware, please see this whitepaper I wrote together with Rick Vanover – https://www.veeam.com/wp-protection-yourself-from-ransomware.html?wpty

 

-----------------------------------------

ImageGuest Author:

Edwin Weijdema,

Global Technologist Product Strategy & cybersecurity specialist, Veeam

 
SHARE

Comments on this article

No comments yet.

Please Login to leave a comment.

X

Please login

Please log in with your Fujitsu Partner Account.

Login


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now