Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SecByDesign
Viewer
‎03-11-2024 05:58 AM
‎03-11-2024 05:58 AM

Offline backup of real-time data?!

How can you take an offline backup of a set of files that can change every second?

 

I received the task to work on a disaster recovery project.

One scenario I need to tackle is to recover from a ransomware attack (where the data is encrypted).

Some of the data that needs to be protected received an RPO (Recovery Point Objective) of 1s (meaning real time).

 

I have no clue how we can solve this.

Any suggestions?

 

Reply
3 Replies
Caute_cautim
Community Champion
‎03-11-2024 06:34 PM
‎03-11-2024 06:34 PM

@SecByDesign   I suggest examine this link initially for ideas:

 

https://www.ibm.com/ransomware

 

Eventually you will come to this link:  https://www.ibm.com/flashsystem

 

Regards

 

Caute_Cautim

Reply
0 Kudos
denbesten
Community Champion
‎03-12-2024 11:10 AM
‎03-12-2024 11:10 AM

Everyone wants zero data loss and instant recovery.  Sounds more like they want some sort of journaling/snapshot filesystem (or in database terms, "transaction log") and maybe a high-availability cluster of systems.  Zero-loss is a naive position that lasts until one sees the price tag.  After that lightbulb goes off, one can start to talk about the affordable compromises.

 

Do keep in mind that in a ransomware scenario, you do not want the 1 second old backup.  You want something older, before the file was ransomware'd.  So, there inherently is a risk of data-loss. 

 

 

Reply
0 Kudos
Caute_cautim
Community Champion
‎03-12-2024 05:40 PM
‎03-12-2024 05:40 PM

@denbesten   I agree, you need to know the original backup data is secure and has not been compromised.  A journal type system, will take a copy, from the original, but as you state if the original has been compromised, then it is no longer safe in terms of integrity and availability.  Another approach is to ensure that you can detect and prevent these attacks occurring to the original storage system, and that you have a secondary system which has an independent secure backup (i.e. it is encrypted) system, which can be trusted, so that recovery can be obtained without impact to the organisation.  But as you know, there is no point, recovering to the same systems that were compromised, if you can no longer trust them. 

 

In the previous links I provided, it uses:

 

The FCM4 technology in new FlashSystem arrays is designed to capture and summarize detailed statistics about every I/O in real time. FlashSystem uses machine learning models to distinguish ransomware and malware from normal behavior, positioning organisations to take action and keep operating in the event of an attack.

 

It also provides the following:  The FlashSystem Cyber Recovery Guarantee is designed for anyone who purchases a new Flashsystem Array with Storage expert care and Storage Insights Pro. With this package, IBM guarantees recovery of a SafeGuarded Copy (immutable snapshot) restore point within 60 seconds or less. 

 

This is the type of technology which is now available these days, and like the IP protection from various Vendors on AI LLM Models, having to establish trust, integrity is big business these days.  There is an old metaphor "Practice what you preach", which can be used for protecting storage systems against cyberattacks too.

 

Regards

 

Caute_Cautim

Reply
0 Kudos