Protect FlashStack from Ransomware with Cisco and Veeam

The last couple of years have created the perfect storm for ransomware. With shutdowns, companies responded quickly by moving more applications and services online so their customers, partners and employees could continue doing business. This created more opportunities for ransomware criminals to target, and ransomware itself transformed from something hard to develop into easier things like ransomware-as-a-service.

This has created a major headache, and source of sleeplessness, for IT management. No IT professional wants their company to be tomorrow’s latest ransomware headline news story. Especially with your most critical business applications, which if brought down will cripple your company for an unknown amount of time.

The other thing to keep in mind is that ransomware criminals are not software companies that care deeply about the quality of their software. Even if you pay the ransom, and get the decryption keys, will the decryption work? And will it work in an acceptable time frame?

But not all the news about ransomware is bad news!

Veeam and Cisco have good news for you. With best-of-breed ransomware prevention tools from Cisco, and best-of-breed ransomware recovery tools from Veeam, you can create a ransomware recovery plan that will allow to make ransomware infection much less likely, and ransomware recovery much more reliable and performant.

You will be able to replace the anxiety about being the next ransomware headline with the confidence that you can recover from an attack with minimal disruption.

FlashStack critical business applications

FlashStack is a joint solution from Cisco and Pure Storage designed for your critical business applications with high performance and uptime requirements. FlashStack is a rigorously tested and validated architecture that combines Cisco server and networking gear with Pure Storage all-flash storage. The output of the testing and validation is a Cisco Validated Design (CVD). The CVD for FlashStack provides step-by-step instructions on how to implement FlashStack in customer environments.

Modern Data Protection – More than just backup

Your critical business applications, and their data, running on FlashStack require Modern Data Protection. Modern Data Protection is much more than just backup and recovery (Figure 1), it includes other critical services like data security, disaster recovery (DR), and cloud mobility. Modern Data Protection must enable our customers to have their data where they need it, when they need it, whether that is on premises, in the public cloud, or leveraging a managed services provider (MSP).

Figure 1

The threat of ransomware

To use dramatic, but appropriate, language — ransomware is a disaster. As you can see in Figure 2, the cost of ransom itself is a fraction of the overall cost of the attack. No longer can companies hope they won’t be targeted by ransomware criminals; they must build strong ransomware protection and have a tested ransomware recovery plan.

Figure 2

Veeam completes Cisco ransomware protection story

Strong ransomware protection must include not only proactive defenses, but also a validated recovery plan.

Cisco’s security products provide best-of-breed layers of defense to prevent ransomware attacks from getting through to your data. As you can see in figure 3, Cisco Secure Email can provide inbound email inspection to filter out malicious email; Cisco Umbrella and Secure Endpoint can prevent user actions from infecting computers and can tell you when an attack started, how far it’s spread and what systems were impacted, allowing you to target recovery; Cisco Secure Access by Duo can provide strong multi-factor authentication to prevent attackers from compromising accounts; and Cisco Identity Services Engine can prevent attackers from moving laterally across the systems in your network.

But you must plan for the contingency that the attackers will penetrate all your defenses and encrypt your production data along with disabling or destroying vulnerable backups.

Figure 3

Veeam ransomware protection, from detection to immutability

At Veeam, we refer that contingency plan as a ransomware recovery plan. There are two critical elements this plan must have:

  1. Valid, usable backup copies that are safe from the attack
  2. Fast recovery as the recovery needs may be extensive

As we will see, Veeam can assist you with the first part, and Cisco can assist with the second.

Veeam has the most comprehensive ransomware protection capabilities in the data protection industry. Veeam can ensure that your backup data has not been disabled or destroyed by leveraging what we call “ultra-resilient” backup media. This can be immutable, air-gapped or offline storage for both the on-premises and the off-site copies of your backups.

Veeam customers can automatically verify the recoverability of backups with SureBackup jobs. SureBackup jobs can leverage Veeam Secure Restore, which allows you to scan your backed up machines for virus or ransomware threats using today’s anti-malware signatures, so you can detect any machines that were backed up with day zero infections. Secure Restore can also be used when recovering data to ensure that you don’t reinfect “cleanroom” environments.

Veeam ONE, Veeam’s monitoring and analytics product, can detect suspicious ransomware behavior for a number of scenarios, including if the production machines begin to exhibit behavior consistent with a ransomware infection, or if the size of an incremental backup changes dramatically. If Veeam ONE detects these types of behaviors, it will alert the IT backup and security administrators, and it can even take action to contain the infection, like disabling the network interfaces on those machines.

For a comprehensive list of Veeam’s secure backup capabilities to protect against ransomware, please follow this link.

The second critical element of a ransomware recovery plan is to be able to rapidly recover large amounts of data. Cisco UCS storage servers, like the S3260 and the C240 All-Flash (Figure 4) can provide both high-speed backup and high-speed recovery, and are ideal backup storage choices when you are building a strong ransomware recovery plan.

Cisco, Pure Storage and Veeam collaborated on the Veeam Data Protection for FlashStack CVD. The CVD includes the results from both backup and recovery tests of the UCS S3260 and C240 All-Flash.

Figure 4

It’s been our experience that customers pay the ransom because they believe it’s faster and easier than restoring the data from backup because they treat detection and recovery as siloed processes. Companies who build an integrated security architecture will have the ability to see when an attack began, identify patient zero, know what systems were impacted and be able to recover faster and more reliably which makes not paying the ransom the right choice.

There is one final piece of good news to share, and that is that customers that build strong ransomware recovery plans do not have to pay criminals the ransom. They can recover with minimal disruption to their customers, partners and employees; and spend far less overall than customers that do not have a strong ransomware recovery plan.

Finally, some bad news for the ransomware criminals!

Get weekly blog updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our blog with this weekly digest.
OK

#1 Cloud Data Management

for Cisco UCS and HyperFlex

Leave a Reply

Your email address will not be published.