What is 360° Ransomware Protection?

IT professionals need to look for 360° Ransomware Protection of their backup infrastructure. Bad actors know that the backup infrastructure is critical in recovering from their ransomware attacks and avoiding paying the ransom. As a result, they target backup data and metadata to make recovery impossible or slow the process down.  

As we will discuss in our upcoming webinar “Three NEW Ransomware Exploits – How to Close the Backdoor” 360° Ransomware Protection shuts the backdoor that legacy backup storage solutions leave open. 

360° Ransomware Protection Requirements:

  • Improve Protection of production data by increasing backup frequency and improving recovery point objectives (RPO).
  • Improve Protection of protected data by providing instant immutability across all protocols. 
  • Improve Protection of Backup indexes and configuration files by hosting them on the backup storage target, storing them immutably while not impacting performance. 
  • Improve the Recovery Environment with standby storage to deliver on-demand production class performance on the backup storage target. 

Improve Protection of Production Data

Ransomware’s primary goal is still to encrypt your production data. The number one responsibility of any backup infrastructure is to ensure that production data is protected. Improving protection means enabling more frequent data capture events in the ransomware era. Using change block tracking (CBT) or block-level incremental (BLI) backup, organizations should be able to backup every hour instead of once per day. The problem is legacy backup storage solutions can’t keep pace with the dozens of backup jobs per hour this schedule would create. 

Increasing backup frequency using CBT or BLI backups creates another challenge. Backup software can only support so many of these jobs before they must consolidate them and synthetically create a new full backup. While full-synthetic backups eliminate the need to perform full backups over the network, they are very IO intensive. Legacy backup solutions can’t handle the IO demands of synthetic fulls, and most customers find that an over-the-network full backup is faster than the synthetic process. 

360° Ransomware Protection Improves RPO

The 360° Ransomware Protection capabilities of S1:Backup enable customers to take full advantage of CBT/BLI capabilities. They can execute backups every 30 minutes or less. The high-performance flash tier of S1:Backup can easily handle the dozens, even hundreds, of simultaneous data capture jobs this design can create. While an All-Flash Backup is not necessary, StorONE can provide a cost-effective, high-capacity flash tier sufficient to store an entire full backup + incremental jobs. When it is time to create a new synthetic full, StorONE’s ability to keep these most recent jobs on the flash tier means that the consolidation effort occurs in record time. 

Improve Protection of Protected Data

The copies of production data that the backup infrastructure stores are critical to a successful ransomware recovery. Protecting that data from being encrypted is now a new responsibility of backup storage targets. The backup storage target must provide immutability and it must provide some form of a physical or virtual air gap. 

ransomware protection

Most legacy backup storage targets don’t provide either of these capabilities. To compensate, many backup software vendors add another storage silo to their backup infrastructure to provide these capabilities. The addition of even more storage silos leads to further complexities and costs. First, additional jobs must be created to move the data from the primary backup storage target to the immutable storage target, which adds to operational overhead. Second, a data transfer needs to occur when moving data from the primary backup storage device back across the network to the immutable storage device, which takes time and may require additional networking. Third, most of these immutable systems force customers to learn a new storage protocol like S3/Object, again adding to operational costs. 

While storing protected data immutably is essential, the cost of that process can’t be so expensive that only a few organizations can afford it. The practice also can’t be so complicated that most organizations can’t consistently apply it. 

360° Ransomware Protection Provides Instant Immutability

S1:Backup’s 360° Ransomware Protection capabilities include making an immutable copy of every backup job less than 30 seconds after it completes, regardless of what protocol the backup infrastructure uses to transfer data. It does not require a separate storage silo or the scheduling and maintaining of additional backup jobs. The copies are capacity efficient and can be retained for months, creating a virtual airgap. S1:Backup’s immutability is simple, consistent, and transparent. S1:Backup can even alert you of a potential attack, so you can stop it early. 

Improve Protection of Backup Metadata

Recent attacks like the one that impacted Kronus, show that immutability by itself does not beat ransomware. Bad Actors also target backup metadata, the indexes, and configuration files that backup software creates. Without this data, the backup software does not know what production data it protected or where it stored it. Backup metadata is usually stored directly on the server that hosts the backup application, making it vulnerable to failures beyond ransomware. 

While most backup applications can recreate this data from manually scanning the files that store production copies, the process can take weeks to complete in some cases. Until the process is complete, you can’t recover data. 

360° Ransomware Protection Protects Backup Metadata

The 360° Ransomware Protection built-in to StorONE’s S1:Backup also protects backup metadata. It does this not by forcing you to create a separate task to copy the metadata. Instead, the performance of S1:Backup enables you to directly host backup metadata on our solution and apply the same immutable policies to it that you apply to protected data. If the ransomware attack gets to your backup metadata, you are less than 30 seconds away from a known good copy. Most customers will find that operations like searching for a file version will execute faster, making the backup application more responsive. Only StorONE’s S1:Backup can host backup metadata on the same system as the protected data and provide instant immutability to both. 

Improve Recovery Performance

The first three steps provide a quality data capture infrastructure and data resiliency, but a ransomware attack brings new recovery challenges. There is more pressure to recover quickly after a ransomware attack because your data center is physically intact, the lights are blinking, and users can’t figure out why it is taking you so long! There is the added pressure of paying the ransom, which may seem like the easy way out. 

Another challenge is you need time to disinfect your production storage properly. As the attack on Kronus proves, it can take months to disinfect your environment correctly and confirm which data sets were infected. This challenge conflicts directly with the need to recover quickly. 

360° Ransomware Protection Provides Sterile Standby Storage

For years, backup software solutions could instantiate virtual machines and applications on the backup storage target. The problem is the performance of these targets is disappointing in the production use case. In addition, the protocols supported are minimal, usually just one. Finally, they don’t have the high availability that organizations require of production systems. 

StorONE’s S1:Backup is the first backup solution to provide these instantiated VMs and applications with performance similar to production. For a prolonged outage, as Kronus experienced, a native restoration provides even better performance. It also provides full protocol support and complete enterprise-class availability.

Wrapping it Up

360° Degree Ransomware protection enhances your current backup software application to provide a complete ransomware protection and recovery environment. It enables you to recover from an attack quickly without the expense of buying new software and the overhead of learning how to use it. Each element of the strategy is critical to closing the circle. If your current backup storage target can’t improve RPO, protect protected data from the backup metadata, and provide a sterile standby storage area, then you are exposed to a potential attack.