PCD / Converge blog

Ransomware Attacks – Cyber-Recovery Vault principles (part 2)

To protect themselves against the risk of Ransomware attacks, many companies are putting in place Cyber-Recovery Vault solutions. Here are a few examples of solutions that can be implemented thanks to the latest technologies from Cohesity, PureStorage and Microsoft Azure Cloud services.

image009

 

Cyber-Recovery Vault principles

 

Unlike backup infrastructure or a disaster recovery site, a cyber-recovery vault is a solution specifically focused on the protection of critical data and systems, and their recovery in case of cyberattack. The most business-critical applications, information and system configuration data are coded in advance. This sensitive data is then isolated in an electronic vault according to two main approaches.

Here are the basic principles:

  • Traditional approach: Data is stored outside of the rest of the network, with no permanent IP link to the vault, for example, on tapes that are then sent externally. While this method does work, it is used less and less because of the very long recovery time (RTO). Additionally, due to COVID-19, fewer people are physically at work to rotate tapes.
  • Modern approach: Automated software policies and a data management platform are used to encrypt, transfer and synchronize data toward an external source (a vault), once a day or more often, by breaking any communication link between each sequence (air gap). A secure operating system is used for reliable protection against any changes (WORM). This modern approach is being used more and more because the possible SLAs / RPOs / RTOs are more in line with companies’ current needs.
  • The backup software target manages replication as well as a continuous security and integrity analysis of stored data.
  • These data copies are managed through distinct access accounts for authorized officers designated by the company.
  • Golden images for main business-critical systems, and executable source codes for applications considered the most essential to operations recovery are also kept in this vault.

 

Cohesity and PureStorage integrated solution

 

Through their partnership, Cohesity and PureStorage aim to help businesses quickly put in place adapted solutions against cyberattacks. Their primary objective is to propose a simple and integrated end-to-end solution that combines a next-generation backup platform (Cohesity DataProtect), Cloud storage service integration capabilities (IaaS), and an ultra-powerful, ultra-fast data recovery technology (Pure FlashBlades). Their combined solution is called Pure FlashRecover® – Powered by Cohesity.

If you know our technical team well, you’ll know that we needed more than a good presentation to convince us. In 2020, several clients were putting in place their ransomware protection strategies, giving us the chance to evaluate various technologies and solution combinations with local Cloud provider services. The exercise allowed us to build an entire lab, and particularly helped us better understand in what context some solutions are more appropriate.

In the end, one of the solutions that clearly stood out from the rest for its design quality, integration with the public Cloud, simplicity of deployment and use, and support of new platforms, is the Cohesity + PureStorage combination and its possibility of integration with Azure IaaS services.

 

image011

 

Advantages of the Cohesity solution:

 

  • Data is stored in an enterprise backup architecture including several levels of security, access restrictions and controls, detection and compliance, using WORM DataLock® FIPS-140-2, PCI-DSS, etc., thus making it immune to any form of ransomware attack.
  • The Cohesity software platform simplifies the centralization and protection of all data from different applications, platforms and/or the Cloud.
  • It uses automated software policy principles to apply appropriate protective measures (policies based on required RTOs / RPOs, security, compliance requirements, etc.) to each type of data.
  • It integrates perfectly with VMware, vSAN and Kubernetes technologies, among others.
  • It continuously processes and optimizes data thanks to advanced deduplication, compression, encryption and archiving functionalities, as well as WORM DataLock®, which translates to space and cost savings.
  • It manages replication mechanisms within the cyber-recovery vault (air gap), whether it be physically on-premise or on a Cohesity virtual appliance in the Cloud.

 

image010

image012

 

Advantages of the PureStorage solution:

 

  • In terms of security, the Pure SafeMode® functionality allows you to automatically create snapshots that cannot be altered or modified, even by an administrator.
  • The Pure FlashBlade® technology combines management of both file and object storage loads. PureStorage therefore offers your company a complete solution to protect all types of data and applications.
  • Using FlashBlade® systems means far superior performance and processing power compared with other solutions on the market and traditional Purpose-Built Backup Appliances (PBBAs) and tape libraries.
  • Pure FlashRecover® ensures ultra-fast data recovery in case of attack, allowing you to meet your SLAs / RTOs.
    The entire solution can easily integrate with various solution scenarios, including the public Cloud.

 

FlashRecover® (Cohesity and PureStorage’s integrated solution) also allows you to optimally and independently scale your Compute nodes with Cohesity, and your storage with PureStorage.

More information is available on the FlashRecover® solution introduction site: https://www.purestorage.com/solutions/data-protection/data-backup/flashrecover.html

image016

 

Next step

No matter at what stage your team finds itself, the members of our professional services group can help, starting with asking the right questions and guiding you one step at a time toward a protection strategy adapted to your organization.

 

Questions

Feel free to send us your questions or comments. We look forward to discussing possible solutions with you.

To better understand our services and how PCD can help, visit the Data Protection section on our website.

 

Manuel Abellan

Consultant, Storage and Data Protection solutions
PCD Solutions, a Converge company
mabellan@pcdsolutions.com