Organizations worldwide are in the midst of a massive wave of cybersecurity threats. Gartner reported that “ransomware families have grown by more than 700% in the last few years.” Every company is struggling to protect their data – the most important digital asset. As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. It is no longer something that happens to someone else; it is happening globally to both small and large organizations, indiscriminately, across all industries.
So, what are the implications? Imagine being a CIO of a hospital hit by a ransomware attack during a pandemic. The immediate impact is a major interruption in the ability to service patients, schedule appointments, retrieve patient records, and crippling all communication. The potential long-term impact is loss of sensitive patient data, loss of reputation, and of course loss of revenue.
Defense-in-Depth
There is no magic silver bullet that can prevent or insure against all ransomware threats. It is important to practice “defense-in-depth.” Defense-in-depth is a multi-layered approach to protecting your data. Some of the defense mechanisms that you might consider include educating end users, carrying out regular vulnerability scanning, application whitelisting, role-based access control, and creating regular backups of your data. As important as these defense-in-depth techniques are, backups are your ultimate last line of defense and can restore your data after a cyber attack has already occurred. Combining security best practices with sound backup and recovery planning can thwart costly cyber attacks. In this blog, we outline the capabilities of Nutanix and best practices that you can incorporate into your organization’s backup strategy for preventing and recovering from ransomware.
Ransomware protection has three aspects: prevention, detection, and recovery. Obviously, preventing a ransomware attack is ideal, but as attackers and tools become more sophisticated this is not always possible. In some attack forms, there might be a long lag between the actual infection and the activation of the malware. Detection algorithms are continuously enhanced and might be able to flag the malware before it gets activated. In the unfortunate case of the actual execution of malware, your company needs to be able to recover quickly to prevent costly downtime. Let’s look at some of the tools and best practices that you can leverage to protect your data.
1. Prevent
- Data Fabric Best Practices:
- Physical separation and segmentation of production networks and backup infrastructure network
- Apply the 3:2:1 backup methodology: three copies of your data on two separate media and one copy off-premises.
- Leverage a hyper-converged infrastructure (HCI) powered data protection platform such as Nutanix Mine to manage data backup and recovery. The Mine platform leverages the hardening (STIG, etc.) of standard AOS and AHV.
- Leverage Nutanix Mine for immutable storage by enabling WORM capabilities to “lock” backup copies for the specified period to prevent deletion or encryption of backups. Not even admin-access can delete or modify these backup copies.
- Nutanix snapshots created on the production platform and leveraged for backups are read-only and immutable. Most backup solutions can leverage these snapshots for very quick (low RTO) restores of workloads, while still providing protection against most attacks.
- Day-to-Day Management Best Practices:
- Do not use default passwords; adhere to strong password policies
- Use multi-factor authentication when possible
- Use network segmentation to separate backup management traffic separated from production traffic
- Restrict access based on roles and user identities with RBAC
- Do not use Active Directory integration, but use local credentials for backup so AD attacks do not affect your data protection environment
- Don’t forget to look after your backup, they are your friend:
- Put in place regular backup schedules, and perform periodic reviews of backup policies
- Test your restores periodically to ensure your backup and recovery strategies are working properly to meet the intended SLAs, and your data is safe
- Keep backups of known-infected datasets for future analysis and detection
2. Detect:
- Leverage data protection tools to perform anomaly detection on backup sizes and traffic patterns
- Periodic (ideally automated) restore of workloads in a secure environment to perform antivirus and security scanning
- Use up-to-date security tools
- Log scanning for unauthorized access attempts
3. Recover:
- Rapid Recovery using Nutanix native snapshots
- Leverage the excellent performance of the Nutanix Mine platform to speed up the restoration of backed-up workloads
These best practices will help your organization recover quickly and revert to secure clean copies of backups with minimal downtime and disruption to the business.
Data Protection Through Partnerships: Find Out More
We Believe in Building Strategic Partnerships as Most of Our OEM Partners Are Leaders In The Gartner Quadrant And Forrester Report Establishing Our Vision Of Being A Pan African Company Providing Innovative Solutions
Nutanix continues to cultivate a rich and highly specialized backup partner ecosystem to serve our customer’s growing needs for data protection. When software-defined infrastructure meets software-defined data protection, organizations can have confidence in the security and integrity of their data.
Get Started Today!
Want to take a self-guided tour of Nutanix Mine, integrated data protection to protect your data at scale? Speak to an expert here at ActivEdge Technologies.