News/Trends, Product, Tech/Engineering

End Ransomware Threats With Good Backups


When the best offense is a good defense

Modern enterprise cybersecurity always takes a layered approach. For example, only people with the right passes can enter a building. Firewall hardware protects network perimeters. Security software guards on-premise enterprise applications. This layered, “defense-in-depth” approach, when done right, reduces vulnerability to the onslaught of new and innovative ransomware, viruses, bots, and other threats.

However, there are two crucially important points here:

  • Protecting enterprise data requires multiple techniques.
  • You can minimize threats but you can’t eliminate all of them.

The reality is some threats to your data will be successfully carried out.

Ransomware, though currently losing favor to banking trojans and cryptominers, is a good example of why even the most elaborate security precautions occasionally fail. Simple versions of ransomware rely on user error: someone opens an interesting, innocent-looking link. This kind of “spear phishing” is all it takes—firewalls don’t catch everything, some malware links get through, and some users open them. And ransomware is so effective that skilled hackers actually offer ransomware-as-a-service to lesser coders.

Even if your preventive security stops 99.99% of ransomware, eventually one will get through, and that’s why enterprises have to assume that hackers will, on occasion, ransom, erase, or corrupt corporate data. When that happens, enterprises need a response plan that immediately isolates and removes the infection and quickly restores data so people can get back to work.    

A joint, multi-pronged approach, where users and providers share responsibility for minimizing gaps and vulnerabilities to prevent malware damage, is how AWS uses a Shared Security Model: AWS takes responsibility for protecting the hardware, software, networking, and facilities that run AWS Cloud services. The Druva SaaS backup solution ensures all proper security controls are handled with regard to its interaction with the AWS cloud. The customer is then responsible for configuring Druva for internal security controls such as service access and privacy.

And when malware succeeds, enterprises rely on data protection solutions from Druva to quickly restore pristine data, time-indexed to minimize any loss in productivity. Leveraging AWS, Druva meets stringent physical separation requirements – the “air gap”– with a logical separation approach of virtualization, encryption, and deploying compute to dedicated hardware. Druva backs up endpoints such as laptops, tablets, and smartphones, all of which are often outside firewalls and are particularly vulnerable to threats, as well as enterprise Linux, SQL, VMware, and Windows server data with astonishingly fast global deduplication. Data is transferred securely, stored in a local AWS region as an isolated tenant, and strongly encrypted in transit and at rest. In addition, Druva inSync provides Anomaly Detection, tracking unusual file deletions, modifications, encryptions, and header changes, alerting IT to security threats and enabling quickly finding the most recent “safe” backup.

This approach has been well articulated by Cisco in its 2018 Annual Cybersecurity Report. It includes these recommendations for ransomware defenders:

  • Implementing first-line-of-defense tools that can scale, like cloud security platforms.
  • Adopting next-generation endpoint process monitoring tools.
  • Backing up data often and testing restoration procedures—processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.

In other words, optimizing preventative measures and being ready to replace compromised data with fast, reliable cloud backups is the most effective way to minimize damage and win the war against modern ransomware.

Next Steps