presented by peters & associates · 2020-01-23 · “ransomcloud” strain encrypts o365...
TRANSCRIPT
![Page 1: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/1.jpg)
Presented by Peters & Associates
![Page 3: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/3.jpg)
Veeam is…
A software company
Privately held, self-funded
100% channel focused with an ecosystem of 49,000 partners
$1B and growing
A leader in the 2018 Gartner Magic Quadrant for Data Center Backup
One of Forbes 2018 World’s Best 100 Cloud Companies
![Page 4: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/4.jpg)
Who has seen ransomware?
2012 — Reveton
2014 — Cryptowall
2017 — Ransomware as a Service
![Page 5: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/5.jpg)
What are we talking about?
Layered defense!There is no one
single magic bullet!
![Page 6: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/6.jpg)
Many tips, many strategies
Select the ones that work best for your organization.
Think of these tips as a mindset rather than a specific architecture.
![Page 7: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/7.jpg)
Use special credentialsfor backup storage/backup job
Tip #1
![Page 8: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/8.jpg)
Tip #1: Use different credentialsfor backup storage
Worst practice
using DOMAIN\Administratorfor everything
Better practice
Use DOMAIN\service-account
Best practice
Use LOCALHOST\service-account (don’t join the repo to the domain)
Worst practice
using DOMAIN\Administratorfor everything
![Page 9: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/9.jpg)
Backup Admin Access
Tip #2
![Page 10: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/10.jpg)
Tip #2: Give each backup admin individual access
Important to track who is doing what!
More on visibility coming up later!
Mischievous backup admin
Compromised account
Accidents
![Page 11: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/11.jpg)
Utilize offline storage
Tip #3
![Page 12: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/12.jpg)
Tip #3: Utilize offline storage
Why offline?
Ransomware attacks connected shares
Take your media offline when possible
AIR GAP
Don’t let Elliott ruin your day!
![Page 13: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/13.jpg)
Tip #3: Utilize offline storage
Media type Characteristic
Tape Completely offline when not being written to or read from
Replicated VMsPowered off and, in most situations, can be a different authentication framework (ex: vSphere and Hyper-V hosts are on a different domain)
Primary storage snapshots
Can be used as recovery techniques and usually have a differentauthentication framework
Veeam® Cloud Connect backups
It’s not connected directly to the backup infrastructure and usesa different authentication mechanism along with different API
Rotating hard drives (rotating media)
Offline when not being written to or read from (similar to tape)
![Page 14: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/14.jpg)
Leverage different file systems / protocols for
backup storage
Tip #4
![Page 15: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/15.jpg)
Tip #4: Leverage different file systems/protocols for backup storage
Dell EMC DataDomainUsing DDBoost
HPE StoreOnceUsing Catalyst
ExaGridUsing native
Veeam data mover
Linux serverwith JBOD
Example: Linux repositories, Deduplication appliances
![Page 16: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/16.jpg)
Backup storage with native snapshot capabilities
Tip #5
![Page 17: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/17.jpg)
Veeam BackupServer
BackupRepository
Storage StorageVolume
Volume Snapshot
Tip #5: Take storage snapshotson backup storage if possible
![Page 18: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/18.jpg)
DR isn’t just for natural
disasters
Tip #6
![Page 19: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/19.jpg)
![Page 20: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/20.jpg)
Tip #6: DR isn’t just for natural disasters
Replication Orchestration
Backup repository
Backup server
Target host
Sourcehost
Backupproxy
VeeamData Mover
VeeamData Mover
Backupproxy
VeeamData Mover
WAN
![Page 21: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/21.jpg)
Document your
recovery plan
Tip #7
![Page 22: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/22.jpg)
Tip #7: Document your recovery plan
![Page 23: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/23.jpg)
Dynamic documents
Automatedtests
Reliablerecovery
Veeam Availability OrchestratorAutomatically create, document and test DR plans, fully-prepared for C-level executive and stakeholder signoff, proving compliance with
industry regulations and audits through
![Page 24: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/24.jpg)
DataLabs & Secure
Restore
Tip #8
![Page 25: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/25.jpg)
• Released VBR v5 (2010)
• AUTOMATED Recovery verification of backed up VMs
• Performs sets of tests in isolated “DataLabs” environment
• Receive test results status reports
• No additional equipment required
• Many other uses….
SureBackup
![Page 26: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/26.jpg)
Permits restore without re-exploitation of zero-day risks
Secure Restore
![Page 27: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/27.jpg)
An optional part of the restore process:
DataLabs Secure Restore
Veeam Backup &
Replication
Veeam Repository
1. Select Restore
Point
2. Mounts restored disks from
backup file directly to backup
server
3. Triggers AV scan of mounted volumes
4c. If infection found – abort recovery
4a. No issues found - restore
4b. If infection found –
restore without network
![Page 28: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/28.jpg)
Veeam Backup for
Microsoft Office 365 data
Tip #9
![Page 29: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/29.jpg)
But it is SaaS....“Ransomcloud” strain encrypts O365 e-mail in realtime!
![Page 30: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/30.jpg)
![Page 31: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/31.jpg)
Updates – Know your
resources
Tip #10
![Page 32: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/32.jpg)
Updates…
It’s a lot of work, but it needs to happen. For the backup infrastructure, you could make the case that this is more important than anything. Consider aggressive patch management for:
Software for the backup infrastructure Hardware
Veeam backup server Server hardware, firmware
Veeam backup proxies, software repos Hypervisor hardware
Windows Operating Systems Backup repositories
Linux Operating Systems
![Page 33: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/33.jpg)
Follow @VeeamKB..... FORUMS!
![Page 34: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/34.jpg)
Have visibilityinto suspicious behavior
Tip #11
![Page 35: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/35.jpg)
Tip #11: Have visibilityinto suspicious behavior
Use monitoring software to automatically detect suspicious VM behavior
Example: Predefined alarm “Possible ransomware activity”in Veeam ONE™ — This alarm triggers if there are a lot of writeson disk and high CPU utilization.
![Page 36: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/36.jpg)
Tip #6: Have visibility into suspicious behavior
![Page 37: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/37.jpg)
One more thing...
![Page 38: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/38.jpg)
Master the 3-2-1-0 RuleRecover from any scenario, especially ransomware attacks!
* Don’t forget your offline copy!
2Different media
3Different copiesof data
1of which is off-site*
0No errors afterbackup recoverabilityverification
![Page 39: Presented by Peters & Associates · 2020-01-23 · “Ransomcloud” strain encrypts O365 e-mail in realtime! Updates –Know your resources Tip #10. Updates](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3c7def629b8240a23aade/html5/thumbnails/39.jpg)
SaaS
Intelligent data management platform that delivers the hyper-availability of data demanded from
the enterprise
Orchestration
PrivateCloud
PublicCloud
ManagedCloud
Edge &IoT
Physical
Universal APIs
Visibility & Control
Cloud SaaS Physical
DataLabs
Backup& Recovery
Replication& Failover
Veeam Hyper-Availability Platform
Any app, any data, across any cloud