Dell EMC Isolated Recovery€¦ · •Retention lock with separate security officer credentials...

GLOBAL SPONSORS

Dell EMC Isolated Recovery RECOVERING YOUR BUSINESS

Aamir Saleem Senior Manager , Data Protection Solutions


A different challenge

“It erased everything stored on 3,262

of the company’s 6,797 personal

computers and 837 of its 1,555 servers.

The studio was reduced to using fax

machines, communicating through

posted messages, and paying its 7,000

employees with paper checks.”

— Fortune, July 2015



With serious stakes

“A Fortune 1000 company will fail because of a cyber breach”

“In 2017, the basic fabric of trust is at stake as CEOs

grapple with how to defend against escalating, dynamic security and privacy risk.”


ARE YOU STAYING AHEAD OF THE CRIMINAL EVOLUTION

CYBER CRIME GETS SOPHISTICATED

Cyber Theft

Denial of Service Attacks

Cyber Extortion

Cyber Destruction

Traditional Threats Emerging Threats


Incident Response: Categories of Cybercrime Activity

37%

12% 9%

7% 7% 5%

27%

Ransomware Banking Trojan Business EmailCompromise

Web Script Adware Spam Other

April to June 2016

* DoS, unknown, digital currency mining and credential harvesting

*


True Costs of Ransomware

Lost Revenue 2,500,000

Incident Response 75,000

Legal Advice 70,000

Lost Productivity 250,000

Forensics 75,000

Recovery & Re-Imaging 60,000

Data Validation 25,000

Brand Damage 500,000

Litigation 200,000

Total Costs of Attack $3,785,000

Ransom: $30,000


NIST Cybersecurity Framework [CSF Draft v1.1]

Dell Technologies Aligned Services

Risk Management

RSA Incident Discovery Identity Management

RSA NetWitness®

security analytics for

early detection

Security Hardening

Services

Event Logs

Monitoring (ESRS)

Isolated Recovery

Solutions

Isolated Recovery Governance &

Measurement Program

• Asset Management

• Business Environment

• Governance

• Risk Assessment

• Risk Management

Strategy

• Supply Chain Risk

Management

Protect

• Access Control

• Awareness and

Training

• Data Security

(Integrity Checking)

• Information Protection

Processes and

Procedures

• Maintenance

• Protective Technology

• Anomalies and Events

• Security Continuous

Monitoring

• Detection Processes

• Response Planning

• Communications

• Analysis

• Mitigation

• Improvements

• Recovery Planning

• Improvements

• Communications

• Validation

Identify Detect Respond Recover

Measurement Program

RSA NetWitness® Forensics / RSA Archer Recovery Management

Focus

Incident Response Retainer

Advanced Cyber Defense


Not preventative against

attacks

Hacktivists can encrypt your

encrypted data

For data protection, not

recovery

Potential negative impacts on

cost to store, replicate and

protect

Traditional Strategies Are Not Enough

Data Encryption Tape Backups Cyber Insurance

Too long to recover

Difficult to validate data

Requires backup infrastructure

to recover

May not protect:

Backup Catalog

PBBA [Data Domain]

Tape Library Meta Data DB

All breaches may not be

covered

Policies have baseline security

requirements

Monetary limits may not cover

all damages

Does not protect:

Patient needs

Brand

Lost trust


Advanced Protection Services

• Isolated recovery solution

• EMC/EY service offerings: assess, plan, implement, and validate

• Use of evolving security analytics: RSA & Secureworks

Additional Hardening and Protection Features

• Product specific hardening guides

• Encryption in flight and/or at rest

• Retention lock with separate security officer credentials

Traditional Data Protection Best Practices

• Deploy a layered data protection approach (“the continuum”)

for more business critical systems but always include a point in

time off array independent backup with DR Replication (N+1)

• Protect “Born in the Cloud” and endpoint Data

Level of Protection

Good Better Best

Layered Cyber-Security for Data Protection



Isolated Recovery Production Apps

Business Data

Tech Config Data

(Mission-critical Data)

Isolated recovery solution – how it works Critical data resides off the network and is isolated

Corporate

Network

RISK-BASED REPLICATION PROCESS

Dedicated Connection

Air Gap

DR/BU


Compute

Applications

Validate & Store

Highest Priority Data

The Most Critical Data First

• Protect the “heartbeat”

of the business first

• Prioritize top

applications or data sets

to protect

• Usually less than 10% of

data

• Start with a core set and

build from there


Isolated Recovery – Dell EMC Data Domain

• Create backup of data

• No management

connectivity to IR Vault

• Enable data link and

replicate to isolated

system

• Complete replication and

disable data link

• Maintain WORM locked

restore points

• Optional security

analytics on data at rest

• Professional Services

Primary Storage Isolated Recovery

System

Backup Appliance

DD

Replication

Management

Host

Recovery

Test Hosts

ISOLATED RECOVERY VAULT

Backup

App Hosts

Air Gap


Isolated Recovery – Dell EMC VMAX

• No management

connectivity to IR Vault

• Enable data link and

replicate to isolated

system

• Complete replication

and disable data link

• Maintain WORM

locked restore points

• Optional security

analytics on data at

rest

• Professional Services

Primary Storage Isolated Recovery

System

SRDF

Management

Host

Validation

Hosts


Restore

Hosts

Air Gap


Proactive Analytics in the IR Vault Why Analytics in the Vault?

• Increase effectiveness of Prevent/Detect cybersecurity when

performed in protected environment.

• Diagnosis of attack vectors can take place within an isolated

workbench.

• App restart activities can detect attacks that only occur when

application is initially brought up.

Categories of Data

• Transactional Data – dynamic/large (log variances, sentinel

records, etc.)

• Intellectual Property – static/large (checkums, file entropy)

• Executables / Config. Files – static/small (checksums, malware

scans)

Isolated Recovery

System

Management

Host

Validation

Hosts


Backup

App Hosts


Current State: Risk Profile Summary


Technical People & Process

All data is currently susceptible to a cyber attack IT Engineering and Ops have access to most if

not all Backup Assets

Primary storage replication can replicate

corruption

Security teams not assigned to assets. Bad

actors inside the firewall can create havoc.

Backup catalog not replicated Franchise critical and non-critical data are not

segregated

Recovery of backup catalog from tape is slow

and failure prone

Backup images can be expired without

authorization

Backup copies not isolated from network

• These risks are consistent with traditional Prod/DR models.

• This is a different challenge and requires a different architecture.


Next steps

We Know The Data To Protect We Need More Help

• Confirm current backup infrastructure –

compatibility, etc.

• Determine sizing and location of backup

data on Data Domain (by mTree)

• Verify Data Domain sizing requirements

• Sample SOW with Pricing Estimate

• Isolated Recovery Introductory Advisory

Engagement

– Workshops to determine IR metrics, DR

Maturity, data classification and sizing


Dell EMC Isolated Recovery€¦ · •Retention lock with separate security officer credentials...

Documents

Transcript of Dell EMC Isolated Recovery€¦ · •Retention lock with separate security officer credentials...