Secure your business
Who’s protecting your backup and DR environment?
Is your backup enough?
“I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it. We have suffered catastrophic destruction at the hands of a hacker. This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can” “At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost”
The service VFEmail is effectively gone and it will likely not return.
Just an example of a company thinking backup was enough however, this incident shows that business data, servers, endpoints and applications were not protected with appropriate measures.
For years we have been relying on virus scanners identifying viruses using viral code signatures. Nowadays new sophisticated malware and zero day attacks are not caught simply because the viral code signatures do not exist or are not recognized.
Using Responsive automation enables you to shorten the time needed to respond to unknown processes and their behavior to ensure it does not impact your organization.
So let’s have a deep dive in how we can prevent disruption in your organization combined with our Excepta secure Backup and DR appliances. Imagine you are working at your desk when the first signs of infection appear due to;
- Employees start complaining systems are slow or unreachable
- Data start changing in front of your eyes to unreadable file formats
- Traffic on the network is spiking and you notice you are under attack
As we all know not everyone is a security specialist. So trying to revive your systems could be a massive challenge and how do you know you’re in the clear?
In fact, it takes an average of 200 days for a company to detect an infringement, a credit to the skilled nature of attackers who can hide their attack. This means that a successful infection that occurred on January 1 would not be discovered until mid-July! For smaller organizations, the problem is even worse, with an average detection time that takes almost 800 days. It should come as no surprise that only 39% of companies think they are highly effective in detecting threats. Unfortunately, in the case of medium-sized companies, most infections are not detected at all by the victim, but by a third party who discovers the consequences in other ways.
Even once it is detected, responding and repairing the threat is another challenge. The average attack needs 73 days to be fully repaired. Responding to threats in time can be the difference between a quick fix and a major security incident.
Without the right security expertise, many medium-sized companies will be powerless to effectively manage the threat. Responsive automation allows these organizations to respond faster and stay up-to-date with the latest threat information with minimal effort from their IT teams.
How Responsive Automation works
Advanced detection techniques
Behavioral and statistical modeling makes it possible to detect ongoing attacks by correlating information about security events from different parts of your environment. Automation makes it possible to keep the models behind these approaches up to date with the latest threats, without the need for IT teams to take action.
Correlated threat score
Correlated scoring of threats to get the guesswork out of the process. By assigning each indicator a score based on its severity, and combining related indicators into a global incident score, it is possible to expose threats that are almost impossible to detect in themselves.
Even with the guidance that a threat score offers, IT teams can be left behind with a large number of threats that have been identified as suspicious. The process of examining each can claim a disproportionate amount of time from your team, with an average business spending more than 286 hours a week on indicators that prove to be false positive.
Artificial intelligence trained to identify patterns that people can miss, can offer tremendous value here and you can automate the process of obscuring suspicious threats.
With an effective threat model for threats, responding to threats can be highly automated, allowing you to dictate the actions that the system takes when a threat gets a certain score. Machine infected? Automation makes it possible to immediately isolate infected endpoints from the wider network until they can be restored to good condition. From there, malicious files can be quarantined, processes killed, and malicious registry keys destroyed without you having to lift a finger.
Extra security measures
Excepta Appliance responsive automation integration
By integrating responsive automation in our Excepta appliances we can ensure the systems are not infected. Detecting threats on backup and Disaster Recovery systems should not be an optional feature but should be part of your Business Continuity Plan and the technical aspects it holds.
Excepta Appliance MFA integration
Not only threat detection is a necessity but also blocking staff from causing harm to your “Last Resort” is very important. A good way to ensure you have control of your systems is the integration of Multi-Factor Authentication. This way you can ensure yourself whatever happens you stay in control and don’t have to worry.
Excepta Firewall integration
Adding extra layers of defense will help in safeguarding your backup and DR environment. Using responsive automation combined with Multi-Factor Authentication (preferable on all servers and end-points) will ensure malicious files will drastically reduce as does the chance of ransomware.
But this is not the ultimate solution for keeping malicious files and people out. Hackers know that backup is the only way back in case of disaster so that will be their primary target. So what if hackers can’t find your backup systems thus unable to penetrate them and ruin your business you have working so hard for all those years?
Be aware social engineering is rising and you will not be victim to external attacks but from within! Ensure you have taken proper counter measures!
So ask yourself, who’s protecting your backup and DR environment?
Combining next-gen technology from Quest and WatchGuard in our Excepta appliances has resulted in the only appliance on the market providing integrated security. Build from the ground up with security in mind the appliances offer unparalleled performance whilst being able to perform the job they’ve been built for!
Sources: WatchGuard & Excepta
Want to ensure you have made the right choice? Ask us for more information or talk to us about your challenge!