Top 5 Enterprise Anti-Ransomware Backup Solutions
From Cobalt Iron, Asigra, Commvault, Unitrends and Veritas
Keep in mind having Tape backup off line and offsite is the key
(AIR GAP), we are today
looking at the DCIG top 5 Enterprise Anti-Ransomware Software solutions:
Ransomware: Clear and Present Danger
Expectations as to
the features that an enterprise backup solution “must” offer often come about
due to technology advancements. Backup appliances, backup-as-a-service (BaaS),
cloud connectivity, deduplication, and hyperconverged appliances represent
recent advancements that many enterprise backup solutions now possess. As we
enter the 2020’s, this has, for the moment, changed. Ransomware, a type of
malware, represents an external force driving many of the innovations currently
occurring in enterprise backup solutions.
It represents a clear and present danger vs. which all enterprises must
defend. The latest strains of ransomware increasingly target enterprises in
hopes of scoring large paydays with hefty ransoms. Ransom requests often come in
at $1 million that must be paid in short timeframes.
While cybersecurity software is the best means to detect and prevent
ransomware, it cannot identify every form of it. Here is where enterprise backup
solutions enter the scene. Using these solutions, enterprises may create a
secondary perimeter around backup data. The anti-ransomware features these
solutions offer can help to detect, protect, and recover from ransomware
attacks.
Legacy Backup Features, New Relevance
All enterprise
backup solutions, by default, offer some means of protection vs. ransomware.
They collectively make copies of production data and store it somewhere else –
the cloud, network drives, and/or DAS. These copies of production data ensure
some level of protection vs. ransomware and generally provide a means to
recover.
Further, many of these solutions support removable media, such as disk or
tape. Removing the media creates an air gap that ransomware cannot bridge. This
air gap serves to protect the data from a ransomware attack.
Integration with Microsoft Active Directory (AD) to authenticate user logins
also helps repel ransomware attacks. Some ransomware strains, such as
DoppelPaymer, target backup software and attempt to log into it using an admin
login and password.
Once logged in, it seeks to compromise existing backups in at least 2 ways.
It may simply delete or corrupt the backups. Alternatively, it may copy the data
and send it to the hacker. The hacker may then threaten to release and publish
the data unless the enterprise pays the hacker a ransom. Using backup software
integration with directory services such as LDAP or Microsoft AD, enterprises
can more easily implement and manage more sophisticated logins and passwords.
They can then use these to better deter ransomware attacks vs. the backup
software itself.
Next Gen Anti-Ransomware Features
While legacy features
help enterprises respond to ransomware’s threats, they only go so far. New
technologies exist that better equip organizations to detect, prevent, and
recover from ransomware attacks.
These next gen features complement, rather than replace, the legacy
approaches in defeating ransomware.
Some of these next gen features include:
- Storing data in immutable object stores. Immutable object stores may reside in multiple locations. These include on-premises, in general-purpose clouds, purpose-built clouds, or any combination thereof. Using an immutable object store, once data is written to it, the data cannot be erased though it can be overwritten. Overwrites may occur if the ransomware finds the object store and encrypts the data in it. However, if ransomware does encrypt it, one may configure the object store to retain older, previous versions of the data. In this way, one can recover and restore earlier versions of the data.
- Integration with cybersecurity software. A backup solution’s integration with cybersecurity software may occur in at least two ways. Some backup solutions partner with cybersecurity software providers to help enterprises better secure their endpoint devices from ransomware attacks. Others integrate cybersecurity software into their offering to scan backup data for ransomware and alert to its presence. In both cases, the cybersecurity software helps organizations detect and defeat ransomware before it detonates, which is always preferable.
- AI and ML algorithms. Using AI or ML, each scans production and/or backup data and looks for abnormal change rates or unexpected changes to it. Detecting these changes can help alert enterprises to the possible presence of ransomware in their environment.
Of these three next-gen technologies, AI and ML are perhaps the most
immature. Currently, they cannot conclusively determine if ransomware resides in
the data. Expect significant advancement in this technology in the coming years.
For example, they may more tightly integrate with cybersecurity software to
better determine if anomalous data does, in fact, contain ransomware.
Distinguishing Features of Enterprise Anti-Ransomware Backup
Solutions
DCIG identified over 50 solutions in the marketplace that
offer backup capabilities for businesses and enterprises. Of these 50, DCIG
classified 11 of them as meeting DCIG’s definition of an enterprise
anti-ransomware backup solution.
These evaluated 11 solutions target large enterprise environments in their
documentation:
- Asigra Cloud Backup
- Cobalt Iron Compass
- Cohesity DataProtect
- Commvault Complete Backup and Recovery
- Dell EMC Avamar
- Dell EMC NetWorker
- IBM Spectrum Protect
- Micro Focus Data Protector
- Rubrik Cloud Data Management
- Unitrends Backup and Forever Cloud
- Veritas NetBackup
Attributes that distinguish enterprise solutions from
those targeted at SMBs and SMEs include support for one or more of the
following:
- Protecting
multiple hypervisors and OSs.
Enterprise backup solutions support the most common hypervisors and OSs as
well as legacy OSs. They all support common hypervisors such as Hyper-V and
vSphere as well as the Linux and Windows OSs. However, these solutions will
support other hypervisors such as Xenserver, KVM, and Red Hat Enterprise
Virtualization (RHEV). They will also support various versions of Unix such
as HP-UX, IBM AIX, and Oracle Solaris.
- Protecting
databases other than SQL Server.
The other databases each one protects varies by solution. Most will
minimally protect Oracle Database and Sybase databases. However, many
support DB2 and Informix, MySQL, and MongoDB, among others.
- Offering
multiple deployment options.
Enterprises may deploy the backup solution in one or more of the following,
to include: backup appliance, software only, on-premises SaaS, cloud-based
SaaS, and, as a HCI solution.
- Storing and
managing data in immutable object stores.
These solutions interface with immutable object stores through standard S3
APIs. These object stores may reside in on-premises or off-premises
locations such as general-purpose and purpose-built clouds.
- Storing and
managing data on removable media.
These solutions initially stored backup data to removable disk and/or tape
to save money. However, storing data on removable media that is removed and
stored elsewhere creates an air gap to better protect data from a ransomware
attack.
Top 5 Enterprise Anti-ransomware Backup Solutions
- Cobalt Iron Compass
- Asigra Cloud Backup
- Commvault Complete Backup and Recovery
- Unitrends Backup and Forever Cloud
- Veritas NetBackup