Backup vendors aid ransomware recovery with data vaults
Veritas and Cohesity introduced offerings that enable customers to put their data in air-gapped, vendor-managed storage vaults, providing an extra layer of ransomware defense.
Veritas Technologies and Cohesity want customers to lock their backup data away to keep it safe -- and they're now offering the means to do so.
This week, each of the backup vendors introduced its own managed ransomware recovery vault product. Customers would be able to store backup data in an air-gapped, immutable storage environment away from their own storage and operational infrastructure, which the vendors said will provide an extra layer of defense against ransomware.
Veritas NetBackup Recovery Vault, expected to be available before the end of this year, is a ransomware recovery vault service. The offering combines NetBackup software with a public cloud storage back end provisioned and managed by Veritas.
Lisa Erickson, senior director of product management at Veritas, said that from an operational standpoint, the managed storage environment removes the burden of provisioning and managing storage and dealing with the lifecycle of the data, which storage admins undertake when building their own ransomware recovery vaults.
From an anti-ransomware standpoint, the vault forms an air gap by storing a customer's backup data outside the organization, and NetBackup software provides additional measures of ransomware protection such as backup and recovery, recovery to a testing or sandbox environment, AI- and machine learning-based anomaly detection, immutability and encryption.
"The 'how' of Recovery Vault is rooted in NetBackup itself. We're not just mimicking and passing through what the cloud provider is selling," Erickson said.
While NetBackup Recovery Vault gives customers an advantage against ransomware, its greatest benefit comes from lowering customers' risk exposure, said Christophe Bertrand, senior analyst at Enterprise Strategy Group, a division of TechTarget. Setting up a cloud storage vault involves many steps to ensure access and security are properly set, and each step is a potential point of failure that bad actors could exploit. Veritas' product offers a more streamlined approach, which customers may find valuable, Bertrand said.
Christophe BertrandSenior analyst, Enterprise Strategy Group
"There's so much complexity in IT," he said. "Anything you can do to simplify will help."
Upon release, NetBackup Recovery Vault's back end will be on Microsoft Azure, but other public clouds will follow, Erickson added. Since the storage is managed by Veritas, customers will not need accounts with any of the public cloud providers to use the service. They do, however, have to be NetBackup customers.
NetBackup Recovery Vault is most directly comparable to Commvault's Metallic cloud storage service, as both are discrete storage services separate from any data protection capabilities. Druva, Clumio and other backup-as-a-service products package backup and cloud storage together.
Cohesity delivers ransomware recovery vault as a service
At this week's Cohesity Connect user conference, the vendor introduced Project Fort Knox, a similar product to Veritas NetBackup Recovery Vault with a slightly different execution. Instead of providing a managed storage service on top of an existing data protection product, Project Fort Knox will be delivered as a standalone SaaS product.
The intended outcome is the same: Customers will be able to use Project Fort Knox to isolate their backup data in a vendor-managed environment. The software provides anomaly detection and allows customers to recover their data to a testing environment before loading it back into production and to run ransomware attack drills to test customers' recovery speed and general preparedness.
Project Fort Knox is a working title and not the final name of Cohesity's ransomware recovery vault product. It is expected to become generally available next year.
Cohesity introduced Project Fort Knox alongside another new SaaS service -- Cohesity DataGovern, which uses AI and machine learning to identify personally identifiable information (PII) in backup and production data. The software also determines who has access to PII data, enabling it to then detect unauthorized access.
Ransomware has gone from hitting production environments to deleting backups to data exfiltration, said Raj Dutt, senior director of product marketing at Cohesity. Now, businesses' biggest ransomware fear is having sensitive information leaked.
"The fact is ransomware is evolving," Dutt said. "Exfiltration is what's keeping business owners up at night."
Project Fort Knox and Cohesity DataGovern work together to address this new threat. DataGovern is designed to help customers figure out what they need to protect, then Project Fort Knox lets customers lock it down. Products like these limit the blast radius of a ransomware attack -- since Project Fort Knox is a separate environment managed by Cohesity, it's less likely to be penetrated, Dutt said.
The Cohesity DataGovern product reflects a convergence of security, compliance and governance, Bertrand said. The data backup strategy is also maturing, as companies are able to use copies of data to do more than just act as an insurance policy; this trend has been playing out for the past two years.
"If you understand what you have, you know how to sanitize and reuse it," Bertrand said.
Johnny Yu covers enterprise data protection news for TechTarget's Storage sites SearchDataBackup and SearchDisasterRecovery. Before joining TechTarget in June 2018, he wrote for USA Today's consumer product review site Reviewed.com.
Malware vs. ransomware: What's the difference?