How safe are your backups?

Issue 6 2022 Information Security

Any terms relating to cybersecurity today invariably focus on the information technology aspect, specifically the elements that get the most attention, such as malware, ransomware and hacking. While all of those are critical, it’s easy to forget about cyber resilience.

Hayden Sadler.

Cyber resilience, as this feature shows, includes the above, but goes much further. Backups used to be something companies had to do in case their IT infrastructure failed, such as hard drive crashes, etc. However, taking ransomware as an example, we can see how important backups are when you suddenly find your data encrypted and held to ransom.

Unfortunately, cybercriminals are aware that it may be easier for companies to restore a backup rather than pay the extortion money, and have adapted to this circumstance. Today, ransomware (and other malware) may reside on companies’ servers for weeks or even months before it is triggered, to ensure that the data which is supposedly safe and backed up is infected or encrypted and can’t be restored.

We also know that data may be stolen and even if the company pays up (one or more times), it can still be sold to the highest bidder. Moreover, it is said that a cyber breach takes an average of 287 days to identify and contain, which means even backups made a month or a quarter ago may be corrupted. Even if those backups are fine, this ignores the fact that the data is old and whatever transpired in the meanwhile is lost forever.

Hi-Tech Security Solutions spoke to Hayden Sadler, country manager at Infinidat, about the backup problem to find out what solutions are available to protect data and to ensure ‘clean’ data is available to restore when something happens.

Time to restore

Sadler believes backups remain a critical part of any IT and cyber resilience programme, however, the time it takes to restore the data is often neglected. It can take days or weeks to restore the data and applications for large companies, which is often as long or longer than the disruption caused by the breach. A cyber resilience process therefore needs to ensure protection as well as fast recoverability.

The traditional 3-2-1 backup standard, where there is one primary backup and two copies are made on different types of media – and one stored offsite – will therefore not help in a case where the criminals have been in your network for a long time. Sadler advises every company to design its backup process based on the following four pillars:

1. They need an immutable (unchangeable) snapshot of their data. This system should also have integrated anomaly detection to immediately warn if the data is infected with any type of malware.

2. It needs to be ‘air gapped’, meaning it is not stored in the same area or network as the original data. (Having a directory named ‘backups’ on the server doesn’t really help.) In the past, tape backups were the natural way of air-gapping backups, but the restore times can be lengthy and there is generally no way to ensure the tapes are malware-free.

3. Companies need a safe environment to restore and test backups to avoid restoring malware and to make sure the restoration works properly.

4. They need to be able to restore their data almost immediately.

Triple redundancy

Infinidat offers customers a triple-redundant architecture where it mounts an immutable snapshot (or a separate server) using a separate physical network. This allows snapshots to be tested before being stored and offers a safe environment to restore to before overwriting your data.

The company’s InfiniGuard solution is equipped with InfiniSafe to ensure cyber protection at the highest levels at no additional cost. InfiniSafe’s comprehensive cyber storage resilience approach provides rapid recovery into production. Sadler cites an example where a 1,5 PB Veeam backup dataset was restored in just over 12 minutes.

The company says InfiniGuard solutions can scale up to an effective 50 PB of data and support multiple protocols (such as VTL, NFS, CIFS, OST, RMAN and DB2), with “in-line ingest rates of up to 180 TB per hour.” Apart from the rapid recovery capability, its InfiniBox architecture also provides multiple levels of data protection, including role-based access control and multi-factor authentication, at-rest encryption, encrypted replication, the above-mentioned isolated storage via immutable snapshots, and more.

Infinidat recently announced an expansion of its guaranteed service level agreement (SLA) programme, the industry’s first cyber storage guarantee for recovery on primary storage – the InfiniSafe Cyber Storage Guarantee. It ensures that enterprises and service providers recover and restore their data at near-instantaneous speed in the wake of a cyberattack by using a guaranteed immutable snapshot dataset with a guaranteed recovery time of one minute or less.

Infinidat operates in South Africa via channel partners, but the company is involved directly with customers to ensure they understand what is required and how InfiniBox, InfiniGuard, InfiniSafe and the related enterprise storage solutions can effectively provide modern data backup services, as well as cyber resilience.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

From the editor's desk: A sad but exciting goodbye
Technews Publishing News & Events
      Welcome to the final monthly issue of SMART Security Solutions. This is the last issue of the year and the last monthly issue we will print. We are witnessing digitisation across all industries, and ...

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.

Unmasking insider risks
Information Security
In today’s business landscape, insider risks can manifest in various forms, including data theft, fraud, sabotage, insider trading, espionage, whistleblowing, negligence, truck hijacking, goods robbery from warehouses, and more.

When technology is not enough
Information Security
[Sponsored] Garith Peck, Executive Head of Department for Security at Vodacom Business, writes about the importance of creating a cybersecurity strategy in a world where threats never sleep.

Reinforcing cyber defences in a world of evolving threats
Sophos Information Security
[Sponsored Content] In South Africa, the urgency to amplify cybersecurity measures is underscored by alarming statistics revealing the continued vulnerability of organisations to ransomware and other sophisticated cyberattacks.

Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.