A SECURE VAULT FOR YOUR COMPANY DATA
The pattern varies. Companies are often first encrypted in the backup and then the cyber criminal systematically moves on to the primary systems. Depending on when the attack is detected, the company can rescue its data: pull the plug, prepare an emergency manual, determine the damage, procure equipment, rebuild the system, etc. In many cases, the BSI (German Federal Office for Information Security) must be notified, which means that the affected systems must first be investigated to identify the perpetrators and may not be used until the investigation has been completed. This can sometimes take several days.
The experience with Cyber Recovery from Dell Technologies has been very positive. Customers who use the solution consisting of PowerProtect Data Domain and a cyber vault have had a great opportunity to get back online very quickly. If companies use a Data Domain as the target storage for the backup in an initial expansion stage, they were able to take advantage of two benefits that make it more difficult for attackers to encrypt the systems. The first is the so-called BOOST protocol, which could not be hacked so far, the second is the "Retention Lock" function, in which the data is written away in a "WORM mode" (write once read many) and therefore cannot be encrypted. Companies that place a second or third Data Domain in a cyber vault behind another firewall are even better protected. The cyber vault can only be accessed via an air gap - a process that physically and logically separates two IT systems but still allows data to be transferred. In the maximum expansion stage, a backup server is also located behind this firewall and can be used directly for the recovery/restoration of non-encrypted data if the primary systems are no longer usable.
UNIQUE PROTECTION SOFTWARE
Due to the increasing threat of ransomware attacks, Dell Technologies has developed protection software that is currently unique in its concept and capabilities. Cyber Recovery is included with the newer Data Domain systems and forms a kind of last line of defense against malware attacks of all kinds. Retention Lock can be used as a governance or compliance mode. This data cannot be changed, overwritten or deleted for the period of time specified in the retention lock. Compliance mode is used for strict company regulatory standards and secures the data domain system against internal and external attacks via a security officer. Once the security officer has been created, all other users only have operational rights and cannot exclude users, delete, change or encrypt data.
Based on the observation that modern ransomware is increasingly targeting companies' backup systems and seeking to disable or control them, Dell Technologies developed the concept of a vault that is completely inaccessible to attackers. This Cyber Recovery Vault stores a kind of gold copy of the company's data so that the previous data status can be restored at any time. And there's more: the Cyber Recovery Vault can also store the backup server itself, thus ensuring the functionality of the recovery routines. With the Dell NetWorker and Data Manager backup solutions, this process can even be automated; with other backup products, the administrator has to set up the server manually. It is then possible to restore not only the data records blocked by the malware, but also the fully configured server, thus restoring a clean and functioning production environment in the shortest possible time.
