arthead -

Kasten backup adds Kubernetes ransomware detection, security

As ransomware becomes a bigger concern for container admins, updates to the Kasten backup and disaster recovery platform for Kubernetes take a proactive security stance.

Security continues to be top of mind for backup vendors, a trend that extends to protection of increasingly popular containers.

Kasten by Veeam added ransomware detection to its K10 Kubernetes backup and disaster recovery platform.

"As more and more applications come up on Kubernetes, a lot of them are mission-critical," said Gaurav Rishi, vice president of product and partnerships at Kasten. As a result, attackers are increasingly likely to hit containerized workloads.

Johnny Yu, a research manager at IDC, said vendors he's conferred with are seeing an uptick in ransomware attacks on containers.

"In the past, there haven't been many attacks on containerized environments, not because of anything specific to containers, but frankly, I think it's because that's not where the money was," Yu said. "And as that starts to change, as more critical workloads are being brought into containerized environments, that is where the money is going to be. So that's what the bad guys are going to start going after."

The new feature in Kasten K10 v5.0 -- announced in conjunction with this week's KubeCon + CloudNativeCon Europe and VeeamON user conferences -- provides early detection of a potential or impending attack. This release builds off Kasten K10 4.0, launched in April 2021, which added ransomware protection native to Kubernetes, including data immutability in the event of an attack.

"Data protection and security have been treated as separate disciplines," Yu said. "But the point that they're really making is that in order to be in a better position to address ransomware, you need that security component."

Security focus brings proactive protection

In K10 v5.0, Kasten backup has extended its ransomware protection module for immutability with detection capabilities for data integrity attacks, according to Rishi. Since Kasten has full visibility on how application backups are read and written on S3 and S3-compatible object stores, it can determine whether the backups show indicators of potential compromise.

"We can detect whether a human actor -- both accidental or malicious -- is accessing or attempted to modify backup data," Rishi said.

Security vendor partners provide the early alerts of a potential compromise.

Screenshot of Kasten K10 5.0 dashboard
Kasten K10 5.0 includes ransomware detection and data protection policy guardrails.

The ransomware detection in Kasten backup is a good start, IDC's Yu said. It's more proactive than the after-the-fact check of backup patterns that typical anomaly detection provides. For example, the Kasten feature notes when access records don't look right.

"This is the direction that data protection should be headed in," Yu said. "Going forward, you're trying to be more on the proactive side of things than just reacting."

One of the reasons Kubernetes gets attacked is because it's still relatively new, according to Rishi.

"People misconfigure or give overpermissions and so on," Rishi said.

Kasten K10 v5.0, expected to be generally available in June, supports Kubernetes-native role-based access control (RBAC) objects, which restrict network access based on the role of the user.

This is the direction that data protection should be headed in. Going forward, you're trying to be more on the proactive side of things than just reacting.
Johnny YuResearch manager, IDC

"It's tough to go ahead and set those configurations if you're new to Kubernetes," Rishi said. "This Kubernetes-native RBAC, exposed in a simple UI dashboard, is something that helps reduce the gap of not setting the right permissions."

Several other backup vendors have emphasized security with releases in the last year, such as Acronis, Cohesity, Commvault's Metallic, HYCU and Rubrik. Kasten, however, stands out because it's a Kubernetes-focused product.

"They're basically saying, 'The same amount of seriousness that's being taken to address ransomware outside of container data protection, we need that same level here for containers,'" Yu said. "You can't just ignore that."

He added that CloudCasa by Catalogic and Trilio offer security features in their Kubernetes backup products.

Blueprints, reports among other new features

Data protection policy guardrails, another new security measure in Kasten backup, help plug vulnerabilities by identifying and fixing misconfigurations.

"We allow you to not think of data protection as an afterthought … but something that gets baked into your processes," Rishi said.

Kasten K10 v5.0 also added support for Veeam's ransomware safety feature that hardens Linux repositories with immutability. Kubernetes helps organizations manage Linux containers.

Other new elements of Kasten backup include an integrated add-on for Amazon Elastic Kubernetes Service blueprints to enable data protection on EKS clusters; built-in blueprints for Microsoft SQL Server and PostgreSQL Operator; and a reports generator with operational parameters that include license status, actions run, policies and compliance information.

Dig Deeper on Data backup and recovery software

Disaster Recovery