Training for a good strategy to protect data
This weekend news of a ransomware attack has surfaced as runners, bikers, pilots, and many other outdoor enthusiasts were unable to log activities from their favorite Garmin device. News quickly spread via social media and Garmin added a page with limited information about the outage. While we at EchoStor cannot speak to the factors involved in the Garmin Ransomware attack, it’s never a bad time to review your backup and recovery strategy.
EchoStor’s VMware practice lead, Matt Hoeg, breaks a good strategy down into three simple principles:
- Stop the attacks – Mitigate the risk of attack using firewalling technologies (IDS/IPS) along with endpoint protection/anti-virus solutions.
- Reduce the attack surface – Leverage network micro-segmentation technology so that if an intruder does find a way in, they’re unable to reach beyond the segmented network that has been breached.
- Rapidly recover – Build a malware recovery plan that involves an immutable copy and/or air-gapping the secondary copy from the network.
Daniel Clydesdale-Cotter, Solutions Architect for EchoStor recalls his response to a similar experience. “At one of my organizations, we experienced a ransomware attack and we used Netapp Snapshot rollback after isolating the infected machine that was performing the data encryption.”
The solutions and technologies are complex and EchoStor has teams that can help guide organizations through this challenging but ever more necessary process. If you would like to review your current BC/DR strategy or build a new one, contact us to begin fortifying your defenses today.
Here is a small sampling of technologies and some resources that EchoStor can help to deploy in your data center:
- NetApp(snapshot capability) for file restoration – this could be any vendor with that capability, but the snaps need to be taken regularly. More sophisticated malware can actually encrypt online backups.
- https://www.netapp.com/us/media/tr-4572.pdf– Guide from NetApp
- DellEMC PowerStore – Snapshots and Thin Clones
- CommVault – Offline backup recovery, if the data is encrypted in the online backup system.
- Rubrik– Polaris Radar for detection of what files and who is encrypting them
- Varonis– Detection of what files and who is encrypting them
- VMware Carbon Black– For the machines themselves, endpoint protection such as VMware Carbon black would help
- Vmware NSX – Mico-Segmentaiton