Co-authored by : Rahul Tyagi
Data lies at the heart of almost every business transformation.The ever-increasing value of data in driving this digital evolution has made it a lucrative target for cyber-attacks.Data breaches driven by ransomware attacks are taking a toll on organizations across industries and geographies, especially with the onset of COVID-19. The evolving sophistication of these attacks is threatening the ability of enterprise data protection teams to bounce back quickly. To add to organizations’ woes, the number of ransomware infestations continue to peak with mutated and more sophisticated attack vectors.
Despite advanced defense mechanisms being in place, 2020 was replete with ransomware attacks of varying types and forms. The fact that the FBI recorded a 300% rise in cyber-attacks post the onset of COVID-19 , bears testimony to this assertion. According to a 2020 study conducted by CrowdStrike, called the Global Security Attitude Survey , “the average ransom paid by organizations (27% of the total surveyed) was $1.1 mn."
Cyber-attacks are traditionally contained with the help of layered security designs. However, most of these methods are often not fool-proof and are unable to avert next-gen cyber-attacks. Identifying the scope of the attack and locating the affected data breaches are also cumbersome. Backup copies are the panacea that provide the last line of defense against ransomware attacks. However, typical data protection approaches need additional support to forestall such attacks. Some of the possible scenarios are as follows:
- Most filesystems are not natively immutable or fully immutable. This makes the filesystem more vulnerable to security threats, as it is written on standard protocols such as NFS/SMB with weak authentication. In such cases, the existing backups may be modified and this accentuates the risk of man-in-the-middle kind of attacks in the customer environments.
- Many customers use an assortment of security solutions. A number of these are point solutions and only identify basic patterns such as high file change, bulk file deletion, or modification, etc. These security solutions are devoid of advanced machine learning, causing complex attacks to go unnoticed.
- Organizations across the globe have varied restore SLAs , depending on the nature of their businesses. Some often deploy manual processes to recover critical applications and data without having orchestrated recovery as an option, which cuts down SLAs
The tenets of building a modern cyber-resilient architecture include:
Fully immutable filesystem: While primary storage systems must be open and available for client systems, your backup data must be immutable. Backup data should never be available in read/write mode to an external client at any time. This easily opens up that data to being corrupted or deleted by an attacker.
Zero-trust design: All the internal communication within the cluster as well as communication with external applications should happen over secure protocols like TLS 1.2, with certificate-based mutual authentication for secure communication. This zero-trust design provides a logical airgap, without any additional costs and the burden of complex physical airgap appliances or solutions.
Rapid anomaly detection using AI/ML: Restoration is only one part of the recovery. Knowing what applications and files to restore and where they are located is usually more difficult. Backups contain rich metadata that can be securely analysed to identify and generate alerts on anomalous activity, complimented with ML-based technologies as the last line of defence.
Faster recoveries: In the event of a security breach, it should be easy to identify and restore to the most recent, clean version of your data. Backup data must be instantly available and enable you to immediately recover without any rehydration. Additionally, leveraging automation via APIs allows greater flexibility while restoring and can speed up search and recovery at a large scale.
Managed services rollout plan that comprises three systematic phases- Consulting and advisory, cyber recovery implementation, and managed services (Day 2 operations).
To counter the threat of cyber-attacks and enable organizations to adopt the best practices in cyber resiliency, HCLTech has partnered with Rubrik to build a joint solution, around Cyber Resiliency-as-a-Service. This eases out the process of proactively monitoring and neutralizing cyber-attacks through a unified solution for backup, archiving, disaster recovery, and cyber recovery.
HCLTech VaultNxt helps you build a proactive ransomware protection plan
HCLTech VaultNxt leverages Rubrik as one of the partners, covering the above aspects for a cyber-resiliency platform. This ensures that customers can be hassle-free, while relying on their backups to recover quickly, with as limited data loss and financial impact as possible. We also help customers develop and test a strong remediation plan prior to an attack. With Rubrik as the go-to backup management platform, HCLTech VaultNxt eliminates the cumbersome methods of data security and cyber resiliency by adopting modern techniques such as immutability, RADAR, and live mounts. This not only prevent ransomware attacks, but also detect and perform an orchestrated recovery.
A real-life use case: HCLTech and Rubrik jointly created a cyber-resilient backup and recovery architecture for an American food distribution company, with improved SLAs and better response mechanisms. With this solution in place, the enterprise was approved for cyber insurance to proactively protect the business against cyber-attacks.
HCLTech’s end-to-end consulting and implementation services combined with Rubrik’s next-gen ransomware attacks recovery platform helped the company build a robust response to cyber-attacks.
Learn more about Rubrik and HCLTech’s partnership here: https://www.rubrik.com/en/partners/service-delivery-partners/hcl-technologies