The threat of ransomware may have a silver-lining if it provides the impetus needed for us to widely implement state-of-the art backup technology. I stress modern backup technology. In the past, I’ve said that backups are not a great way to deal with ransomware because restoring from old style backups are time consuming, likely to fail, expensive in terms of IT staff time and user productivity plus the normally daily backup frequency means you lose a lot of changes. So even if you technically have backups it’s often more desirable to just pay the ransom to avoid all of that. Even the FBI says “To be honest, we often advise people just to pay the ransom.”
By old style backups I mean the classic nightly backup to some kind of storage that is either replicated or physically transported off-site. Old-style backups are truly a last resort, just-in-case, “if we really must” strategy. They usually involve an assortment of backup utilities and scheduled jobs. Seldom tested. Seldom used other than to recover some mistakenly deleted files. Old-style backups are often very much a data-centric strategy with the assumption you’ll be rebuilding the server, re-installing applications and configuring everything before restoring the data that was backed up. The next level up in backup maturity are system-level backups, usually performed less often, with the goal of backing up the whole computer – OS and applications. The idea in this case being that if you lose the entire computer you’ll setup new server, restore from your most recent system backup and then restore your more recent data backup. We hope we never have to actually use these backups because it’s a largely manual process, fraught with peril and littered with opportunities for mistakes and failures only discovered after waiting for long running processes.
So I haven’t been viewing backup as a primary defense against malware because I wasn’t thinking in terms of modern backup technology even though I was familiar with it. I put 2-and-2 together though when a colleague who used to be at a next-gen AV company, reached out to me recently from his new post at a backup and continuity company with an idea for doing a webinar. I told him that while backups are certainly part of the security triangle (confidentiality, integrity and availability) that it might not be a great fit for us at UWS. But then he showed me what his company, Unitrends, has done specifically to address malware detection and recovery.
In this webinar, we will look at how modern backup and recovery technology makes it trivial to recover from ransomware. That’s great but it’s still a bit reactive and passive, right?
So we’ll also look how modern backup technology is in the perfect position to detect ransomware early in its process. This is very cool. Think about it these 2 points: 1) Modern backup technology is continuous and 2) employs change deltas and deduplication. I’ll explain how those 2 facts mean that backup technology is already doing the very data analysis necessary to recognize that ransomware is at work. It notices that every byte of one file after another is getting re-written. Who does that? The answer is usually ransomware.
I think this will be an eye-opening webinar to show how we can get a lot more value and risk reduction from our backups. This is important because disasters are not becoming less common and ransomware is only getting started. Encryption isn’t the only way to hold a network hostage.
Modern backup technology has come so far. Instead of just backing up files and databases on a nightly basis, modern technology backs up workloads on a continuous basis with very short recovery point intervals. Modern backup continually tests itself by even restoring entire virtual machines to an isolated LAN segment, booting the restored servers and testing them at the application level. You can even automatically “re-IP” replica-systems at a disaster recovery site or cloud so that each system automatically gets a new IP address appropriate for local network.
We will also discuss the critical requirement that backup data is protected from accidental or intentional destruction. The worst thing I can imagine is doing great backups – only to have them destroyed by malware.
Joe Noonan from Unitrends will briefly demonstrate the ransomware capabilities of their solution. Please join me for this real training for free session.