Ransomware attacks are proving to be extremely profitable for hackers, and organisations that think their backups provide sufficient protection could be in for a nasty surprise. These attacks are constantly evolving and the latest threats specifically target backup applications with the aim of deleting all backups before the primary storage encryption process is triggered.
ExaGrid's Tiered Backup Storage offers a unique approach that protects backups from ransomware and provides fast recovery services in the event of an attack. Included with all ExaGrid EX appliances, the Retention Time-Lock feature takes advantage of their two-tier architecture to place an air gap between the network-facing tier and non-network-facing tier.
ExaGrid's Tiered Backup Storage uses patented Landing Zone and Adaptive Deduplication features to provide fast backups and restores without the performance impact of data deduplication from which traditional data reduction solutions suffer. It's highly scalable as a site supports up to 32 EX appliances (a 2.7PB full backup) and each is a complete system with its own storage, CPU, memory and networking, so compute power and network bandwidth increase in step with capacity.
Data received from the backup application is written directly to a disk cache in undeduplicated format. As backups complete, the data in the Landing Zone is 'tiered' and written to a separate long-term retention repository where it is compressed and deduplicated.
ExaGrid's Retention Time-Lock feature comes into play by delaying delete requests to the deduplicated long-term retention data in the offline repository. Delete requests will be carried out in the repository, but only once the time-lock period has expired, so that there is no impact on the desired long-term retention in the repository. It's more cost-effective than solutions that use additional hardware as it only requires about 10% of an existing storage repository to be allocated to it. The Retention Time-Lock period defaults to 10 days but can be as long as 30 days, and this delayed delete setting is separate from the system's backup retention policy that can be any number of days, weeks, months or years.
ExaGrid's scale-out sites are managed from a central console which provides colour-coded status views of site capacities and free space plus Landing Zone and retention repository utilisation. To configure a site Retention Time-Lock period you simply click on its icon in the main dashboard and enter the value in days.
Even the Retention Time-Lock setting is protected as changes to this must be verified by a user with the ExaGrid Security Officer role. Any attempts to change it result in a request being sent to this user where it appears in their console awaiting approval.
If an attack is detected, the ExaGrid system issues warnings and allows administrators to respond immediately by suspending all further share access and taking them offline. And if the attack does succeed in encrypting data, ExaGrid has immutable data objects that are not modified or overwritten so all previous retention does not change.
It's a simple process to recover from a ransomware attack as you browse the retention repository for the latest unencrypted backup. Selecting a date and time enables all previous backups from that period and initiating a recovery makes the selected point-in-time backup available to the application for subsequent restoration.
Ransomware threats are becoming more devious, but ExaGrid's Tiered Backup Storage and its innovative Retention Time-Lock feature deliver essential protection with a secure, air-gapped retention repository, delayed deletes and immutable data objects. It ensures critical backups are safe from malicious deletion and even if an attack does succeed in encrypting primary data, ExaGrid's highly efficient recovery services will have you up and running in no time. NC
Product: Retention Time-Lock for Ransomware Recovery