Embed Size (px)
Citation preview
Presented by Peters & Associates
Veeam is…
A software company
Privately held, self-funded
100% channel focused with an ecosystem of 49,000 partners
$1B and growing
A leader in the 2018 Gartner Magic Quadrant for Data Center Backup
One of Forbes 2018 World’s Best 100 Cloud Companies
Who has seen ransomware?
2012 — Reveton
2014 — Cryptowall
2017 — Ransomware as a Service
What are we talking about?
Layered defense!There is no one
single magic bullet!
Many tips, many strategies
Select the ones that work best for your organization.
Think of these tips as a mindset rather than a specific architecture.
Use special credentialsfor backup storage/backup job
Tip #1
Tip #1: Use different credentialsfor backup storage
Worst practice
using DOMAIN\Administratorfor everything
Better practice
Use DOMAIN\service-account
Best practice
Use LOCALHOST\service-account (don’t join the repo to the domain)
Worst practice
using DOMAIN\Administratorfor everything
Backup Admin Access
Tip #2
Tip #2: Give each backup admin individual access
Important to track who is doing what!
More on visibility coming up later!
Mischievous backup admin
Compromised account
Accidents
Utilize offline storage
Tip #3
Tip #3: Utilize offline storage
Why offline?
Ransomware attacks connected shares
Take your media offline when possible
AIR GAP
Don’t let Elliott ruin your day!
Tip #3: Utilize offline storage
Media type Characteristic
Tape Completely offline when not being written to or read from
Replicated VMsPowered off and, in most situations, can be a different authentication framework (ex: vSphere and Hyper-V hosts are on a different domain)
Primary storage snapshots
Can be used as recovery techniques and usually have a differentauthentication framework
Veeam® Cloud Connect backups
It’s not connected directly to the backup infrastructure and usesa different authentication mechanism along with different API
Rotating hard drives (rotating media)
Offline when not being written to or read from (similar to tape)
Leverage different file systems / protocols for
backup storage
Tip #4
Tip #4: Leverage different file systems/protocols for backup storage
Dell EMC DataDomainUsing DDBoost
HPE StoreOnceUsing Catalyst
ExaGridUsing native
Veeam data mover
Linux serverwith JBOD
Example: Linux repositories, Deduplication appliances
Backup storage with native snapshot capabilities
Tip #5
Veeam BackupServer
BackupRepository
Storage StorageVolume
Volume Snapshot
Tip #5: Take storage snapshotson backup storage if possible
DR isn’t just for natural
disasters
Tip #6
Tip #6: DR isn’t just for natural disasters
Replication Orchestration
Backup repository
Backup server
Target host
Sourcehost
Backupproxy
VeeamData Mover
VeeamData Mover
Backupproxy
VeeamData Mover
WAN
Document your
recovery plan
Tip #7
Tip #7: Document your recovery plan
Dynamic documents
Automatedtests
Reliablerecovery
Veeam Availability OrchestratorAutomatically create, document and test DR plans, fully-prepared for C-level executive and stakeholder signoff, proving compliance with
industry regulations and audits through
DataLabs & Secure
Restore
Tip #8
• Released VBR v5 (2010)
• AUTOMATED Recovery verification of backed up VMs
• Performs sets of tests in isolated “DataLabs” environment
• Receive test results status reports
• No additional equipment required
• Many other uses….
SureBackup
Permits restore without re-exploitation of zero-day risks
Secure Restore
An optional part of the restore process:
DataLabs Secure Restore
Veeam Backup &
Replication
Veeam Repository
1. Select Restore
Point
2. Mounts restored disks from
backup file directly to backup
server
3. Triggers AV scan of mounted volumes
4c. If infection found – abort recovery
4a. No issues found - restore
4b. If infection found –
restore without network
Veeam Backup for
Microsoft Office 365 data
Tip #9
But it is SaaS....“Ransomcloud” strain encrypts O365 e-mail in realtime!
Updates – Know your
resources
Tip #10
Updates…
It’s a lot of work, but it needs to happen. For the backup infrastructure, you could make the case that this is more important than anything. Consider aggressive patch management for:
Software for the backup infrastructure Hardware
Veeam backup server Server hardware, firmware
Veeam backup proxies, software repos Hypervisor hardware
Windows Operating Systems Backup repositories
Linux Operating Systems
Follow @VeeamKB..... FORUMS!
Have visibilityinto suspicious behavior
Tip #11
Tip #11: Have visibilityinto suspicious behavior
Use monitoring software to automatically detect suspicious VM behavior
Example: Predefined alarm “Possible ransomware activity”in Veeam ONE™ — This alarm triggers if there are a lot of writeson disk and high CPU utilization.
Tip #6: Have visibility into suspicious behavior
One more thing...
Master the 3-2-1-0 RuleRecover from any scenario, especially ransomware attacks!
* Don’t forget your offline copy!
2Different media
3Different copiesof data
1of which is off-site*
0No errors afterbackup recoverabilityverification
SaaS
Intelligent data management platform that delivers the hyper-availability of data demanded from
the enterprise
Orchestration
PrivateCloud
PublicCloud
ManagedCloud
Edge &IoT
Physical
Universal APIs
Visibility & Control
Cloud SaaS Physical
DataLabs
Backup& Recovery
Replication& Failover
Veeam Hyper-Availability Platform
Any app, any data, across any cloud
