Despite how rapidly such attacks occur, it can take organizations months to recover from ransomware — and that’s often after they’ve contributed their share of extorted money to the $20 billion in damages ransomware cybercriminals will inflict in 2021.
The fact is, most backup products were designed before ransomware became a popular way of stealing personal and business data. Their multiple-point architecture (media servers, media agents, storage repositories, etc.) and resulting data sprawl make them vulnerable to today’s exploits. And cybercriminals have learned quickly that if they want to get paid, they need to target not only organizations’ production systems but also the backup systems those same organizations are counting on to restore IT services. That’s why modern backup systems need to be architected differently than those of the past.
Cohesity’s backup and recovery solution defends data against ransomware attacks better because of immutability— providing backup copies that cannot be modified, encrypted, or deleted. With our modern, multicloud data management architecture featuring immutable, anti-ransomware technology, Cohesity software protects backups from cybercriminals as they attempt to strike.
Why is Immutable Backup Safe?
Why does immutability matter? Immutable data can’t be tampered with, modified or removed. Law enforcement turns to this approach for digital video and audio surveillance footage because the authenticity of the data is so critical. Healthcare providers, for their EHRs, are required to have immutability in their primary as well as archival systems. These days, organizations of all kinds are embracing immutability to avoid paying ransom while securing critical information, enforcing retention policies, and streamlining compliance.
When it comes to ransomware, immutable backups effectively throw up a wall against attacks. An immutable backup can’t be encrypted, modified or deleted, which are common tactics of these cybercrimes — basically, a cybercriminal attempts one of the three to try and force a ransom payment. When a company detects a ransomware attack, it can use an immutable backup to instantly recover to its last healthy state, unaffected by the malware.
What Makes Cohesity’s Backup Immutable?
Baked into the foundation of Cohesity is SpanFSTM, an immutable file system. Based on hyperscale architecture, Cohesity SpanFS stores all the backed-up data in internal Cohesity Views that are inaccessible from outside of a Cohesity cluster. The backup snapshots are stored in a read-only state, which means that no external application or unauthorized user can modify the snapshot. Any attempts to write to an immutable backup snapshot, for example, any incremental backups, are written on (zero-cost) clones, which are also marked read-only upon completion of each Protection Run. For any mount-based restores used during Cohesity’s instant mass restore process, the internal view is first cloned and then exposed to the external environment, always keeping the internal view inaccessible externally.
Writes to internal views during backup are only allowed via trusted internal services and authenticated APIs. For additional security, Cohesity views include DataLock, Cohesity’s Write Once Read Many (WORM) feature. If DataLock is enabled, the backup snapshot cannot be deleted by anyone, including administrators, until the DataLock expires.
Cohesity immutability and DataLock capabilities go hand-in-hand with other features to prevent backups from becoming a target of cybercriminals, including:
Granular Role-based Access Control (RBAC) helps stop any unauthorized access and enables organizations to grant users appropriate privileges to perform their duties without risking data.
Multifactor Authentication requires that anyone accessing a Cohesity backup must authenticate using two forms of verification via a single sign-on provider.
Policy-based Air Gap, which enables the IT staff to automatically replicate data to another immutable Cohesity cluster, either on-premises or in the public cloud, so that a copy of the data is always available at another immutable site.
What’s more, integrated into Cohesity’s immutable architecture is a sophisticated machine-learning (ML) system that continuously monitors backup data for anomalies. Should an organization suffer a ransomware attack, Cohesity’s built-in machine learning capability recommends the last known clean copy to perform restores. The ML recommendation engine helps accelerate recovery time by helping identify a clean copy and also avoid re-injecting a vulnerability back into the production environment.
While protecting against ransomware attacks is important, it is equally important to ensure rapid and clean recovery if the worst were to happen. Learn more about Cohesity’s comprehensive anti-ransomware solution, including its unique mass restore capabilities.