Any business of any size is a potential target for a cyber-attack and cyber threats are becoming increasingly sophisticated. Even with the most advanced security measures in place, businesses are still at risk of having data attacked, corrupted or inaccessible.
In recent years, advanced ransomware attacks have infiltrated backups, leaving businesses with little chance of recovery without paying the ransom.
Cyber Insurance is available, but the increase in the number and size of ransomware payouts has meant that insurance providers are putting additional requirements into their policies before they will offer coverage. These requirements are particularly focused on the integrity of data backups.
So, what do you need to do to meet these requirements and make your business Cyber-Resilient.
Protection Goes Beyond Preventing Cyber-Attacks
We shall assume that you already have front end security measures in place such as anti-virus software, network firewalls and user security training. Whilst these are important, we should expect that a sophisticated cyber attack will find a way through these protections. Almost all businesses that suffer a cyber-attack, have these front-end security measures in place.
What is important is being able to recover, should such an attack take place. This starts with having a good, clean backup copy of your data.
Isolation, Immutability and Intelligence
Current research shows that there are three key areas to focus on when planning how to make your business cyber-resilient. Isolation, Immutability and Intelligence.
The following table shows the type of threats that are most common and how these measures protect against them.
So, what do these look like in practice. Let’s go through each to explain in more detail.
Isolation
This involves creating a copy of your data backup that is isolated from your core network. This copy is stored in such a way that it cannot be accessed by anything running on your core network or anyone who has access to that network.
This means that if a cyber attacker manages to gain access to your core systems or infect your local data backup, it cannot infect the isolated backup.
Immutability
To achieve immutability, you need to ensure that the original copy of your data cannot be changed. It cannot be modified, overwritten or deleted. Additionally, by keeping multiple copies of immutable backups, organizations guarantee recovery from ransomware attacks by finding and recovering from a clean backup.
Intelligence
Intelligence is the final and arguably the most important part of the cyber-resilience jigsaw. It involves using analytics and machine-learning software tools to analyze the backup looking for known threat patterns. The software effectively knows what ransomware looks like and can raise the alarm and isolate the infection before it is launched.
What Solutions Are Available to Make Your Business Cyber-Resilient
There are many solutions and services on the market that meet one or more of these requirements, but few meet all three. One solution that does meet all three is Dell’s Cyber Recovery solution.
Cyber Recovery can be deployed on premise in the main business data center, at a remote location or a cloud service. In each case, data isolation and immutability are achieved by building a Cyber Recovery Vault based on Dell’s Data Domain technology. Local backup is performed by software backing up to a Dell Data Domain appliance.
Another Data Domain Appliance resides in the Cyber Recovery Vault. Cyber Recovery software also resides in the Vault and periodically pulls a copy of the backup into the Vault. Once this has occurred, Cyber Recovery shuts the port isolating the Vault copy from the core network.
A retention lock is applied to the copy in the Cyber Recovery Vault to ensure that it remains immutable.
The final component is the CyberSense software. This provides the Intelligence, but analyzing the data that is brought into the Vault. CyberSense has a library of known cyber threat patterns that it uses as a reference to find and isolate infected data.
Infected data is interrogated to allow for further analysis. This also raises an alarm of a possible ransomware attack so appropriate steps can be taken to remove the infection from the core business network and isolate any infected systems.
“The Dell EMC PowerProtect Cyber Recovery solution offers comprehensive ransomware detection and recovery capabilities both on-premises and in the public cloud. The solution supports an immutable and air-gapped architecture and meets Sheltered Harbor recommendations.” Gartner Magic Quadrant for Enterprise Backup & Recovery Software Solutions – July 19, 2021
Deployment Options for Cyber Recovery
The Cyber Recovery Vault can be deployed in 3 ways.
- On premise in the main corporate datacenter
- At a remote business location
- As a service delivered by a cloud provider such as Abtech’s StorTrust
This gives the business the flexibility to choose the deployment solution that best meets their resources. Deploying a solution on premise or at a remote business location involves more up-front cost and ongoing management resources but provides the benefit of having total control of the solution. Deployment by a cloud provider spreads the cost of the solution and can take the ongoing management responsibility away from the business IT team. Both options follow Dell’s rigorous validation process.
Summary and Next Steps
I hope this article helps provide some direction in how to achieve cyber-resilience for your business. We have covered the types of threat that are most common, the steps to take to protect against these threats and presented a market-leading solution.
Abtech is fully certified to design and deploy Dell Cyber Recovery and CyberSense. We are also certified in Data Domain and Dell’s suite of backup software tools.
If you would like to know more, please reach out to our Data Protection team and we can set up a presentation.
We look forward to working with you to achieve cyber-resilience for your business.
