In our recent blog, Immutable Backups and 5 reasons why you need them for your disaster recovery plan, we introduced immutable backups. Now it’s time to dive into the different solutions that are out there, to help you decide which one is the best approach for your environment.
Cyber-attacks have become more sophisticated than ever. They no longer simply corrupt your environment, but your backups too. While many cyber insurance companies have not yet made “immutability” a requirement, we know it’s coming soon. According to NIST SP 800209 Security Guidelines for Storage Infrastructure, “Immutability involves the ability to lock data after it has been created, thereby preventing it from alteration or deletion.” [1]
As promised, we’ve contacted our partners over at Cohesity to take a deeper dive into their immutable solutions and AirGap-as-a-Service virtual vault, FortKnox.
In this blog, we’ll explore the following topics:
Here’s what they recommend for data backups and for building an effective Disaster Recovery plan.
To get started, we wanted to note that Cohesity has been recognized as the 2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software [2], so the efficacy of their solutions and methodology is undeniable. With that validation, they’ve outlined some vendor-agnostic advice for you regarding the components of an effective recovery. Here are the four main components you need to Protect, Defend, and Recover according to Cohesity.
The best offense is defense. What better way to defend, than to first understand what it is you’re defending. To build a plan, you must first identify within your environment:
By understanding this information, you can then build your disaster recovery playbook. This generally includes:
In this step, you need to discover the threat actor/adversary’s objective. A few examples of such objectives include:
Additionally, your dedicated team must define the full extent of the event and have a solid understanding of the technical mechanism used to access your environment.
The next step is what Cohesity calls, the Tactical Recovery Phase. This includes stakeholders from all business units and focuses on the validation of the actual recovery (where immutability comes into play), and the restoration of services.
Cohesity’s final component of an effective recovery is what they call the Strategical Recovery Phase. This reviews the quality of the recovery and the overall impact on the organization. A few metrics you could use to validate the impact include:
The purpose of this final component is to help you better prepare for future events by zeroing in on the actual cost of the breach, and holes in your DR plan.
What makes Cohesity different in the backup space is that they have their own data platform, Helios. This platform not only has backup and recovery, but also allows you to add on use cases and features that you need. This is Cohesity’s key differentiator from other backup and recovery providers.
Their data platform:
Hackers won’t be able to simply identify your defense blueprint and work around it. The AI adapts to the issues, allowing you to quickly identify anomalies and act.
Cohesity offers an ecosystem friendly immutable backup solution in addition to some tried and true methodology, like data isolation, and their AirGap-as-a-Service solution, FortKnox, which we will cover shortly. This is often referred to as Cohesity’s Threat Defense Architecture. Their immutability isn’t just a part of one solution, it’s a part of their entire methodology. Some of the key benefits they offer to protect your data include:
Cohesity strives for fast and accurate ransomware detection. This makes ransomware recovery more effective.
Next, let’s dive into data isolation and their AirGap-as-a-Service data vault solution, FortKnox.
Cohesity demonstrates why you need to isolate your data by first highlighting the biggest threats to that data.
You need to keep an untouchable version of your data to quickly restore your environment should one of these events occur. This is where the 3:2:1 rule comes into play.
Have 3 copies of your data in 2 different locations/mediums and 1 in a segregated environment. Their solution, FortKnox solves this issue.
This is Cohesity’s AirGap-as-a-Service product. It’s available on any of your Cohesity clusters. It is Cohesity’s single solution to vault data for sources including Virtual Machines (VMs), files, databases, etc.
This as-a-service model includes a dynamic connection/ “Virtual Air Gap” which means you create a token that connects to FortKnox, push out the data, and sever the connection. Data sent to FortKnox is completely separated, unreachable, and indestructible.
The benefits of utilizing FortKnox vs. Cloud Archive:
There are multiple ways to protect your data, and often these methods are combined with others to enhance your security fortitude. While we’ve discussed virtual data isolation and AirGaps which is a better fit for enterprise data simply for convenience, and scalability, there is another option, and that’s physical data isolation.
This method involves creating a data backup to a physical hard drive and securing it in an offsite location. There are a few key drawbacks to this option. Because enterprise data has grown so large, it requires more physical media to hold all the data.
What makes this method arguably inconvenient is that for it to really function as it should (represent a current data backup), the data must be transported and updated daily which can get costly. Additionally, recovering this data is SLOW. So, if you’re considering physical data isolation, remember that there is a cost to downtime. Finding a solution that costs less than paying the ransom should be the goal.
There’s nothing worse than feeling like you made an investment that doesn’t cover all your cyber insurance requirements. The great thing about Cohesity is that it integrates with some of the best-in-class (and most used) security products/vendors, so it SUPPLEMENTS what you have in place, not replaces it. Below are some of the major Cybersecurity names that Cohesity is currently interoperable with.
Not only is it interoperable, but it will amplify your existing controls. The Cohesity software has integrations to SOAR, SIEM, KMS, and more!
One thing that many people don’t consider is the length of downtime that comes with a breach. Your Down Time to Recovery (DTR) means everything. We’ve heard of instances where a company pays the ransom because the cost is less than the revenue they’d lose in their downtime. In extreme cases, businesses can go belly up due to lost revenue and customer trust during that downtime. Fast recovery time is just as important as immutability nowadays, especially when every minute counts.
Cohesity offers functionality that allows for INSTANT mass restore. Which means if your system goes down, you can roll out an uncorrupted backup and get back to business in minutes rather than days. This function allows you to restore uncorrupted data instantly and at scale. It allows you to recover Virtual Machines (VMs), databases, and Network Attached Storage (NAS) volumes instantly on-prem AND in the cloud.
If you are searching for a data backup and disaster recovery solution, you’ll want to consider the speed that you can roll out a backup. It could mean the difference between experiencing minimal ill effects from a data breach or going bankrupt.
The truth is cyber criminals likely know what your cyber insurance policy covers. This means they know exactly how much money they can reliably extort from you. They understand that companies unprepared to defend against such attacks will pay the ransom to avoid downtime. What other choice would these companies have? Remember, hackers are unethical, not uneducated, and they will likely leave a back door into your environment to extort you again if you don’t improve your security.
Cohesity's AirGap-as-a-Service platform, FortKnox, their Threat Defense Architecture, and their distinct data platform make them a compelling option when looking for quick and effective data restoration solutions. Note that no matter what platform you utilize for data protection, it will be ineffective if it is misconfigured or if you aren’t performing routine testing. Consider working with an expert upon initial implementation to ensure it is deployed properly.
Depending on the size of your environment and the volume of data you must protect, Cohesity could be an ideal solution, though it’s not the only one. In our next installment we’ll dive into VEEAM’s immutable backup solutions.
Don’t miss out, sign up to get notified whenever we release related immutable backups content.
Sources:
[1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-209.pdf
https://www.cohesity.com/glossary/data-isolation/
https://www.cohesity.com/products/fortknox/
https://www.cohesity.com/why-cohesity/threat-defense/
https://www.cohesity.com/next-gen-data-management/threat-defense/