Comprehensive data protection for all workloads
Post Reply
alesovodvojce
Enthusiast
Posts: 43
Liked: 2 times
Joined: Nov 29, 2016 10:09 pm
Contact:

airgapped backups - follow-up

Post by alesovodvojce » Feb 16, 2017 11:05 pm

Following the excelent Gostev's post this week about Ransomware as a service
here: https://www.veeam.com/blog/ransomware-a ... hreat.html

At the end of this post there is a proposed solution to this threat: air-gapped backups.

But what if the problem is not in remote vs local access to backups? What if the problem is in trust we put in one person?
How about putting more (different) people in the scheme.
The temptation of money in Ransomware as a service scheme, and hence morally failing IT administrator, can be mitigated by putting the responsibility for backups onto more people:
Primary backups administered by one person, but secondary (or every second backup) administered by different entity (outsourced / Veeam partner / etc.). This way there has to be too many different people involved in troubles, not just one person from IT department with bad day.

For some environments backing up 10's of TB's daily this would be much more practical solution than air-gapped backups. What do you think?
Don't hesitate to share your proposals too.

Andreas Neufert
Veeam Software
Posts: 3815
Liked: 684 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: airgapped backups - follow-up

Post by Andreas Neufert » Feb 16, 2017 11:22 pm

You speak about segregation of duty.
Many customer do this today even with their normal backup targets.

Group 1 runs the backup software and administrate the primary backup targets, group 2 the secondary backup targets. Group 2 create storage snapshots so that Group 1 can delete all backups on primary and secondary, jobs, VMs whatever by mistake or willful, there is a copy of the data protected in the snapshot. Even if ransomware encrypted the data. Some of our Cloud Connect Partner offer such services as well.
As well a good idea is to offload to tape and vault them to a external organisation by manual movement.

We have a customer that had a huge fire and fire service capped all power connections. He was not able to open the tape library. Luckily he was able to take the disk backup storage out of the rack before the flames destroyed everything to not loose all data. A external copy is pretty important even if you have 2 fire sections. If the fire is big enough...

Gostev
SVP, Product Management
Posts: 24788
Liked: 3521 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: airgapped backups - follow-up

Post by Gostev » Feb 17, 2017 1:24 am

alesovodvojce wrote:How about putting more (different) people in the scheme.
The temptation of money in Ransomware as a service scheme, and hence morally failing IT administrator, can be mitigated by putting the responsibility for backups onto more people:
Primary backups administered by one person, but secondary (or every second backup) administered by different entity (outsourced / Veeam partner / etc.).
Correct, and this is exactly what I have proposed as the solution in my post too ;) have your off-site backups sitting at a partner, with a copy of them air gapped - isolated from your IT staff so that they cannot delete them without obtaining physical access to the service provider infrastructure.

tqmbill
Novice
Posts: 8
Liked: never
Joined: Jan 29, 2017 12:15 am
Full Name: Bill Cox
Contact:

Re: airgapped backups - follow-up

Post by tqmbill » Apr 19, 2017 1:55 am

Any thoughts on including an auto-eject USB drive feature in Veeam B&R, like this? --
"Veeam Endpoint Backup FREE 1.5 includes:
CryptoLocker protection for USB Storage: Protect USB-based storage targets from potential CryptoLocker threats by automatically ejecting them after a successful job run"

And would it be possible to then reconnect prior to the next backup? Maybe even automatically alternate between 2 USB drives that remain physically connected but only one at a time would be logically online.

This wouldn't help with the single IT person vulnerability, but it would avoid the hassle of physically swapping out drives.

Mike Resseler
Product Manager
Posts: 5729
Liked: 607 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: airgapped backups - follow-up

Post by Mike Resseler » Apr 19, 2017 5:44 am

Hi Bill,

If we would be able to "reattach" the USB device, after that it was ejected, wouldn't that mean that the attackers can do the same and still erase the backups from disk?

tqmbill
Novice
Posts: 8
Liked: never
Joined: Jan 29, 2017 12:15 am
Full Name: Bill Cox
Contact:

Re: airgapped backups - follow-up

Post by tqmbill » Apr 19, 2017 11:47 am

I guess so. Does this mean the Endpoint functionality is not effective, or is there a way to avoid the attackers reattaching the drive?

Gostev
SVP, Product Management
Posts: 24788
Liked: 3521 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: airgapped backups - follow-up

Post by Gostev » Apr 20, 2017 12:59 am

There's no reliable way to do this (we actually had the feature request to automatically reattach storage before next backup and so investigated/tested the process before). And in any case, ransomware would have to know the drive is actually there before trying to re-attach, but it cannot know this.
tqmbill wrote:is there a way to avoid the attackers reattaching the drive?
There's one 100% reliable way that will work no matter what ;) just pull the storage out of the computer, air gap ftw!

Post Reply

Who is online

Users browsing this forum: Bing [Bot], DDIT, Schnuecker, Shinji and 71 guests