Data Domain Ransomware Protection

6 Reasons why Data Domain provides Unparalleled Ransomware Protection

Ransomware is a common part of daily life. Ransomware is a common way for criminals, script kiddies, and other malfeasants to make a living. This crypto-plague causes businesses to be crippled and one of their most frequent complaints is that “it encrypted our backups”.

Did you know that backups can be made without ransomware encryption?

Data Domain can Underpin your Cyber Security Process

Aside – Why not use tape?

  • Do you have any experience with data center recovery from tape?
  • I’ll wager $50 that there will be ransomware that also clobbers tapes by mid-2020.

The secret sauce has two components:

  • Data Domain
  • Data Domain Boost

Let’s take a look at what they offer.

1 – A Boost backup is off-platform to your Backup Server

Let’s first consider the simple problem that we often hear about: “Our backups were also encrypted by ransomware” or “Our backups were targeted by ransomware”. Problem is, those backups are permanently visible to any operating system that could be hacked. They were saved to the OS’s local filesystem (e.g. a Windows D drive), or standard SMB and NFS shares. Any process on the operating system can see the files. Infected processes with administrator privilege may scramble the contents.

After you have done a Boost backup, (e.g. via Avamar or NetWorker, Boost for Databases/Apps, or PowerProtect), neither client, server, or (with NetWorker), the storage node mount storage. The Boost API allows accessing hosts to view details about a specific file path that they can send data to. However, the path is not mounted.

It doesn’t matter whether your Windows or egads are infected with Ransomware! Ransomware infects Linux backup servers — the backups will not be affected.

2 – Data Domain Doesn’t Have an Accessible filesystem

If you log in as the sysadmin user for Data Domain, you won’t be able to view the underlying filesystem. Data Domain is an appliance that acts as a protection storage platform. A malicious virus cannot just drop a payload on a Data Domain. It just won’t work that way.

3 – A backup appliance gives you even more protection

You have the option of working with a backup appliance if you need additional protection. Avamar can be used as an appliance. PowerProtect is also an appliance. NetWorker can also be used as an appliance. Yes, NetWorker has an underlying Linux operating platform, as is often the case for appliances, but it’s not intended for general use. For example, you can’t log in remotely as the root user. Traditional Windows ransomware won’t affect the system. The systems are very secure from the moment you install them, and even before you begin hardening. For more information on hardening, please refer to the product security guides.

4 – Data Domain Hardening

Data Domain offers a range of hardening options. This adds an extra layer of protection. You can also refer to the Data Domain OS security guide for additional protection.

5 – Retention Lock is an option

Data Domain retention locks allow you to create rules for stored data that prevent deletion or modification, even if the application has stored it until a certain period has passed. This will ensure that even if an application issues a delete command to the backup server it is blocked from happening. (It turns out that the computer can say no.

Cyber Recovery – 6

Then there are the big guns. Full cyber-recovery solutions provide vaulted protection for critical data. They not only have the option to test and analyze the data but also keep it under lock. The cyber-recovery vault’s data copy is not visible or controlled by your regular backup environment. This provides an additional layer of protection.