Ransomware attacks have increased in recent years. Ransomware encrypts a company’s data and renders it unusable, then demands a ransom for recovery. In a recent report, “damage caused by ransomware” ranks first. This article will show you how to ensure that your backup data is protected from ransomware attacks.
How to “reliably protect” information assets from ransomware attacks
Although it is necessary to introduce security solutions to prevent damage from ransomware attacks, it is impossible to completely prevent damage. Consider how to recover encrypted data in the event of a ransomware attack.
Damage caused by ransomware attacks
Damage caused by ransomware attacks is occurring regardless of the size of the company or organization. In USA alone, the number of reported cases has reached 85 (in the second half of 2021), which is about four times more than the 21 cases in the second half of 2020. By taking regular backups of your data, even if you are infected with ransomware, you can restore your data without paying a ransom. However, recently, backup data itself has become a target of attacks, so it is necessary to strengthen security measures for backup systems.
Considerations for protecting backup data from ransomware
In order to protect backup data from ransomware, it is necessary to consider “simple integrated backup with a single product”, “secure backup server & backup storage”, and “secure remote storage”.
Consolidated backup means using a single backup solution to centrally manage the backup of all data everywhere in the enterprise. If multiple backup products are used for each site and system, management becomes complicated and security risks increase. Integrated backup makes it possible to visualize the entire backup status, streamline management, and unify security levels.
Suitable for a wide range of workloads
With a single backup system, it is possible to integrate and back up any data anywhere in the enterprise, regardless of platform, whether physical, virtual, or multi-cloud. It also supports the latest workloads such as Kubernetes, and can be used with NetBackup SaaS Protection for integrated monitoring of SaaS data backups.
NetBackup implements high-speed deduplication in software. No need for separate deduplication storage. It is possible to reduce the storage capacity of the backup storage destination and perform high-speed duplication to remote locations. Incremental forever backups are extremely fast compared to other companies’ products, achieving daily full backups in the time required for incremental backups.
Because NetBackup Appliances are so fast and have high capacity density, backup systems can be configured with fewer backup servers. Other backup products require multiple backup servers, proxy servers and deduplication storage. In addition, NetBackup Appliance can start small from 10TB.
Secure backup server & backup storage
We recommend using NetBackup Appliance for ransomware countermeasures. Combining NetBackup software features with leading-edge storage technology and servers, NetBackup Appliances ensure backup data is safe from ransomware attacks. NetBackup Appliances provide ransomware protection in terms of protection, detection and recovery. From among the various functions, we will introduce the following four.
Dedicated OS with enhanced security
Windows is the target of 90% of ransomware attacks. Therefore, the risk of backup data being damaged by ransomware is high on backup servers configured with Windows. The NetBackup Appliance is configured with a dedicated OS with security enhancements such as SELinux and container isolation to prevent intrusion from the outside. A uniform security level can be maintained for the entire backup system, reducing the risk of business interruption.
Anomaly detection (behavior detection)
Detect anomalies in backup data by analyzing statistical discrepancies in backup data size, the number of files, deduplication rate, the time required for backup jobs, and data transfer size using AI and machine learning.
Malware scanning is possible for stored backup data. In addition to manual scans and pre-restore scans, you can also automatically run malware scans when anomaly detection anomaly scores are high. This makes it possible to identify and delete infected backup images and files, and prevent the spread of infection by restoring data infected with malware.
Falsification/deletion prevention of backup data
NetBackup Appliance has a WORM function, which can prevent the falsification and deletion of stored backup data. Even the backup administrator cannot change the retention period or delete any backup data within the retention period. NetBackup can also work with WORM functions of cloud storage and third-party WORM storage.
NetBackup Appliance can build a NetBackup server and WORM storage in a container on a single piece of hardware, protecting backup data from tampering. Even if the OS time of the appliance is changed by the compliance clock function, it cannot be expired. Even if the appliance becomes unbootable, you can reinstall the appliance and restore it while leaving the backup data. The WORM functionality of the NetBackup Appliance meets regulatory requirements (SEC, FINRA, CFTC).
In this article, we explained Veritas’ data protection solution “NetBackup Appliance”. Backup data can be reliably protected from ransomware attacks and can be used as a means of recovery in the unlikely event of ransomware damage. Against ransomware attacks that threaten business continuity, it is important to review backups as part of security measures and take firm measures.