Dell EMC Isolated Recovery€¦ · •Retention lock with separate security officer credentials...
Transcript of Dell EMC Isolated Recovery€¦ · •Retention lock with separate security officer credentials...
GLOBAL SPONSORS
Dell EMC Isolated Recovery RECOVERING YOUR BUSINESS
Aamir Saleem Senior Manager , Data Protection Solutions
© Copyright 2017 Dell Inc. 2
© Copyright 2017 Dell Inc. 3
A different challenge
“It erased everything stored on 3,262
of the company’s 6,797 personal
computers and 837 of its 1,555 servers.
The studio was reduced to using fax
machines, communicating through
posted messages, and paying its 7,000
employees with paper checks.”
— Fortune, July 2015
© Copyright 2017 Dell Inc. 3
© Copyright 2017 Dell Inc. 4
With serious stakes
“A Fortune 1000 company will fail because of a cyber breach”
“In 2017, the basic fabric of trust is at stake as CEOs
grapple with how to defend against escalating, dynamic security and privacy risk.”
© Copyright 2017 Dell Inc. 5
© Copyright 2017 Dell Inc. 6
ARE YOU STAYING AHEAD OF THE CRIMINAL EVOLUTION
CYBER CRIME GETS SOPHISTICATED
Cyber Theft
Denial of Service Attacks
Cyber Extortion
Cyber Destruction
Traditional Threats Emerging Threats
© Copyright 2017 Dell Inc. 7
Incident Response: Categories of Cybercrime Activity
37%
12% 9%
7% 7% 5%
27%
Ransomware Banking Trojan Business EmailCompromise
Web Script Adware Spam Other
April to June 2016
* DoS, unknown, digital currency mining and credential harvesting
*
© Copyright 2017 Dell Inc. 8
True Costs of Ransomware
Lost Revenue 2,500,000
Incident Response 75,000
Legal Advice 70,000
Lost Productivity 250,000
Forensics 75,000
Recovery & Re-Imaging 60,000
Data Validation 25,000
Brand Damage 500,000
Litigation 200,000
Total Costs of Attack $3,785,000
Ransom: $30,000
© Copyright 2017 Dell Inc. 9
NIST Cybersecurity Framework [CSF Draft v1.1]
Dell Technologies Aligned Services
Risk Management
RSA Incident Discovery Identity Management
RSA NetWitness®
security analytics for
early detection
Security Hardening
Services
Event Logs
Monitoring (ESRS)
Isolated Recovery
Solutions
Isolated Recovery Governance &
Measurement Program
• Asset Management
• Business Environment
• Governance
• Risk Assessment
• Risk Management
Strategy
• Supply Chain Risk
Management
Protect
• Access Control
• Awareness and
Training
• Data Security
(Integrity Checking)
• Information Protection
Processes and
Procedures
• Maintenance
• Protective Technology
• Anomalies and Events
• Security Continuous
Monitoring
• Detection Processes
• Response Planning
• Communications
• Analysis
• Mitigation
• Improvements
• Recovery Planning
• Improvements
• Communications
• Validation
Identify Detect Respond Recover
Measurement Program
RSA NetWitness® Forensics / RSA Archer Recovery Management
Focus
Incident Response Retainer
Advanced Cyber Defense
© Copyright 2017 Dell Inc. 10
Not preventative against
attacks
Hacktivists can encrypt your
encrypted data
For data protection, not
recovery
Potential negative impacts on
cost to store, replicate and
protect
Traditional Strategies Are Not Enough
Data Encryption Tape Backups Cyber Insurance
Too long to recover
Difficult to validate data
Requires backup infrastructure
to recover
May not protect:
Backup Catalog
PBBA [Data Domain]
Tape Library Meta Data DB
All breaches may not be
covered
Policies have baseline security
requirements
Monetary limits may not cover
all damages
Does not protect:
Patient needs
Brand
Lost trust
© Copyright 2017 Dell Inc. 11
Advanced Protection Services
• Isolated recovery solution
• EMC/EY service offerings: assess, plan, implement, and validate
• Use of evolving security analytics: RSA & Secureworks
Additional Hardening and Protection Features
• Product specific hardening guides
• Encryption in flight and/or at rest
• Retention lock with separate security officer credentials
Traditional Data Protection Best Practices
• Deploy a layered data protection approach (“the continuum”)
for more business critical systems but always include a point in
time off array independent backup with DR Replication (N+1)
• Protect “Born in the Cloud” and endpoint Data
Level of Protection
Good Better Best
Layered Cyber-Security for Data Protection
© Copyright 2017 Dell Inc. 11
© Copyright 2017 Dell Inc. 12
Isolated Recovery Production Apps
Business Data
Tech Config Data
(Mission-critical Data)
Isolated recovery solution – how it works Critical data resides off the network and is isolated
Corporate
Network
RISK-BASED REPLICATION PROCESS
Dedicated Connection
Air Gap
DR/BU
© Copyright 2017 Dell Inc. 13
Compute
Applications
Validate & Store
Highest Priority Data
The Most Critical Data First
• Protect the “heartbeat”
of the business first
• Prioritize top
applications or data sets
to protect
• Usually less than 10% of
data
• Start with a core set and
build from there
© Copyright 2017 Dell Inc. 14
Isolated Recovery – Dell EMC Data Domain
• Create backup of data
• No management
connectivity to IR Vault
• Enable data link and
replicate to isolated
system
• Complete replication and
disable data link
• Maintain WORM locked
restore points
• Optional security
analytics on data at rest
• Professional Services
Primary Storage Isolated Recovery
System
Backup Appliance
DD
Replication
Management
Host
Recovery
Test Hosts
ISOLATED RECOVERY VAULT
Backup
App Hosts
Air Gap
© Copyright 2017 Dell Inc. 15
Isolated Recovery – Dell EMC VMAX
• No management
connectivity to IR Vault
• Enable data link and
replicate to isolated
system
• Complete replication
and disable data link
• Maintain WORM
locked restore points
• Optional security
analytics on data at
rest
• Professional Services
Primary Storage Isolated Recovery
System
SRDF
Management
Host
Validation
Hosts
ISOLATED RECOVERY VAULT
Restore
Hosts
Air Gap
© Copyright 2017 Dell Inc. 16
Proactive Analytics in the IR Vault Why Analytics in the Vault?
• Increase effectiveness of Prevent/Detect cybersecurity when
performed in protected environment.
• Diagnosis of attack vectors can take place within an isolated
workbench.
• App restart activities can detect attacks that only occur when
application is initially brought up.
Categories of Data
• Transactional Data – dynamic/large (log variances, sentinel
records, etc.)
• Intellectual Property – static/large (checkums, file entropy)
• Executables / Config. Files – static/small (checksums, malware
scans)
Isolated Recovery
System
Management
Host
Validation
Hosts
ISOLATED RECOVERY VAULT
Backup
App Hosts
© Copyright 2017 Dell Inc. 17
Current State: Risk Profile Summary
© Copyright 2017 Dell Inc. 17
Technical People & Process
All data is currently susceptible to a cyber attack IT Engineering and Ops have access to most if
not all Backup Assets
Primary storage replication can replicate
corruption
Security teams not assigned to assets. Bad
actors inside the firewall can create havoc.
Backup catalog not replicated Franchise critical and non-critical data are not
segregated
Recovery of backup catalog from tape is slow
and failure prone
Backup images can be expired without
authorization
Backup copies not isolated from network
• These risks are consistent with traditional Prod/DR models.
• This is a different challenge and requires a different architecture.
© Copyright 2017 Dell Inc. 18
Next steps
We Know The Data To Protect We Need More Help
• Confirm current backup infrastructure –
compatibility, etc.
• Determine sizing and location of backup
data on Data Domain (by mTree)
• Verify Data Domain sizing requirements
• Sample SOW with Pricing Estimate
• Isolated Recovery Introductory Advisory
Engagement
– Workshops to determine IR metrics, DR
Maturity, data classification and sizing
© Copyright 2017 Dell Inc. 18