Asigra has added the ability to remove ransomware infections from files while keeping the file intact with its new Content Disarm and Reconstruction feature.
Asigra has added a new feature to its Tigris Data Protection software as a more security-focused backup in the fight against ransomware.
Content Disarm and Reconstruction (CDR) is designed to add another layer to its customers' cyber recovery process in the fight against ransomware. CDR can keep the original backup file, even if infected, by breaking it down into its known components, identifying and removing malicious code that may be buried in the file, and reconstructing the file so that it can continue being used. CDR also conducts bidirectional scanning of data as it's backed up and then again before it's pulled into production to identify potential anomalies.
Asigra's CDR, which is included in the company's cyber package for an additional fee, is another example of a growing trend of data protection vendors placing emphasis on helping companies recover from a cyber attack, according to Johnny Yu, a research manager at IDC. The vendor did not give specific pricing.
"It seems to no longer be a matter of, 'Do you have cyber recovery capabilities,' but more along the lines of, 'How good are your cyber recovery capabilities,'" Yu said.
Beyond quarantining data
Asigra sees itself at the intersection of backup and security, according to Pete Nourse, CMO and chief revenue officer at the company. As attacks keep evolving, security and data protection should evolve as well, he said. That brought Asigra to develop CDR.
CDR goes beyond just quarantining something that is infected; it breaks a file down into its component parts and isolates anything that shouldn't be there.
Marc StaimerPresident, Dragon Slayer Consulting
"CDR goes beyond just quarantining something that is infected; it breaks a file down into its component parts and isolates anything that shouldn't be there," said Marc Staimer, president of Dragon Slayer Consulting.
He pointed to JPEGs, as an example, which have a known file structure that can be pulled apart, analyzed for malware and rebuilt for use, Staimer said.
"Infection isn't the same as detonation," Staimer said. "[Previously,] the only way to prevent an infection from spreading or detonating was removing the file, even in the backup."
Removing a file to prevent infection, however, can also mean removing important data. With CDR, customers can continue using the file while lowering risk of infection, Staimer said.
Scanning up and down
CDR also helps to scan files. Scanning data going into backup is a core part of the backup process, Staimer said. Most customers, however, don't rescan the data before running it in production because it's a time-consuming process.
With CDR, backups are automatically scanned again, so look for malware as they are backed up and before they are restored, Staimer said.
"[Asigra can] do that scanning without a performance penalty of any significance," he said.
With CDR, Asigra provides a competitive product against other major backup vendors such as Commvault, Veeam and Veritas, Staimer said. But customers will have to consider their company needs when making a decision. For example, compared with Commvault, Asigra provides stronger ransomware protection, but Commvault protects more aspects of data.
"A lot of people are under the misconception that immutability and air gapping are enough," he said. "[They think], 'If I have this, I'm OK, my backup data is safe, my last line of defense is safe.' But that really hasn't been true for a number of years."
Staimer agreed, saying air gapping and immutability are not a robust enough defense. Once an infection starts, it can spread over time, lying dormant and getting pulled into an air-gapped or immutable data backup only to detonate later, he said.
"[Air gapping and immutability] are still a line of defense, just not very effective," Staimer said.
IDC's Yu said that air gapping and immutability should be seen as tools in the toolkit but not powerful enough to fix the problem of ransomware. "Hopefully you have a pretty expansive toolkit," he said.
Adam Armstrong is a TechTarget Editorial news writer covering file and block storage hardware and private clouds. He previously worked at StorageReview.com.
