Following in the line of building secure environments in organizations in the face of one of the most destructive cyberattack trends of the last decades ramsonware, it is imperative that companies know all the existing possibilities to have solid recovery capabilities. There are many, but whatever methodology is chosen, it must be a framework that allows defining quantifiable results and rapid protection and recovery against an attack. In this post we analyze the 7 capabilities for a safe and fast recovery.
7 Capabilities for Fast and Secure Recovery vs. Ramsonware
First of all, it is essential as we have seen in previous posts the creation of a framework that defines how protection and its methodologies should be applied. As the standard mentioned in the previous post the NIST CFS (National Institute of Standards and Technology) with the 5 best practices against ramsonware.
Once this framework has been defined, the necessary capabilities must be taken into account to achieve a fast and secure recovery.
1.Broad and extensible protection platform
You must have a platform capable of protecting all critical workloads both physical and virtual such as container-based regardless of their location (on-premises or in the IaaS or SaaS cloud) such as having the ability to scale based on requirements and workloads.
2.Backups with automated verification
Having verified and tested backups is the first step towards a successful recovery. IT teams need to automatically verify the integrity of the data of the backups once they are made, because if a problem is detected, another copy can be made in production, not once made and it is not possible to have it because it is compromised or considered unreliable and with integrity deficiencies.
To do this, it is recommended to follow the 3-2-1-1-0 backup rule.
3.Rugged backups: with airspace and immutable
It is important that backups cannot be destroyed even though they have administrative credentials.
Resilient backup storage means having one or more copies of the data in any combination of the following:
– Tape backups (and removed from the library or marked as WORM)
– Immutable backups in S3 or S3 compatible object storage
– Offline and air-powered brackets (i.e. removable units, rotating units)
– Immutable backups in a hardened repository
4. Digital hygiene
Once the immutability is implemented, whatever the level, extreme encryption is necessary to prevent exfiltration and data leakage.
For this there are several good practices of digital hygiene, fundamental for an adequate authentication and remedy the injection of data:
– Unique passwords for each access and password manager.
– Multi-factor authentication (MFA).
– Remove non-essential devices, applications and programs and non-essential utilities from all servers.
– Patch management, running updated software levels that have underpinned any known vulnerabilities.
-Offline copies of data, necessary to combat insider threats, including data destruction.
5. Instant Data Recovery
Have the resources to ensure the rapid restoration of multiple computers simultaneously by providing the ability to recover physical and virtual files and workloads in virtualized environments. In addition to the ability to instantly recover key business applications such as databases and the ability to roll back the entire Network Attached (NAS) and shared files to a good, pre-infected state.
6. Secure Data Recovery
It is necessary to have an automation that prevents the new environment from reestablishing malware-infected data. This capability allows:
– Detect “sleeping” ransomware in backup data and invoke antivirus remediation to disinfect the data before it returns to the production environment.
– Verify backups from locations with less IT control, such as remote offices and branch offices (ROBO), before restoring them to primary data.
– Analyze backup data with additional antivirus solutions to better detect rare or zero-day malware.
7. Recovery Automation
The solution suite should enable testing and auditing that shows the speed of disaster recovery that includes accessibility automation testing, in-app accessibility, and usability after restoration.