System Source Pizza Webinar - “Locking Ransomware Out of Your Backups” – 9/17 Dennis Kloster System Source Senior Consultant [email protected]Chris Connolly Solutions Architect Hewlett Packard Enterprise [email protected]Van Flowers Systems Engineer, Veeam: VMCE, VMCT, VCP [email protected]
42
Embed
System Source Pizza Webinar - “Locking Ransomware Out ......System Source Pizza Webinar - “Locking Ransomware Out of Your Backups” –9/17 Dennis Kloster System Source Senior
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
During the Webinar… Audio – In presentation mode until end
Control Panel
View webinar in full screen mode
In Chat – Tell us what you hope to learn today?
Feel free to submit written questions
Presentation and video available after webinar
Evaluation just after webinar finish
Please complete Poll, at end of webinar (just three
questions☺) – I will alert you when to start!
Dennis Kloster
1) Ransomware emails spiked 6,000% - 2018 vs. 2017
2) 40% of all spam email had ransomware
3) 92% of surveyed IT firms reported attacks on their clients
4) 70% of businesses paid the ransom
5) 20% of businesses paid more than $40,000
6) Most businesses face at least 2 days of downtime
Source: IBM via CNBC
Ransomware Prevention• Make sure antivirus is installed and kept up to date on all endpoints
• Computers and laptops
• Servers!!!!! (I constantly see servers that don’t have AV installed)
• Phones?
• Tablets?
Ransomware PreventionPatching
• Patch Windows
• Java, Flash, Adobe, etc…
• Use a patch management solution to make sure all endpoints are in compliance
• Patch everything!
Ransomware Prevention
AND THE SINGLE MOST IMPORTANT COMPMONENT………
Ransomware Prevention
END USER EDUCATION AND AWARENESS!!!!!!
Other Important Components of a Ransomware Readiness Plan
Backups• Test your backups! Just because the backup software says that your nightly backup was
successful doesn’t mean you can restore what you need.
• Disk to Disk backups: Ransomware can infect anything that is online. If you are using disk to disk backups, you must take your backups offline in order to protect them
• Best practice: 3 backups copies. 2 different formats. At least one copy is offsite
Other Important Components of a Ransomware Readiness Plan
VM level replication• Much quicker restore capabilities than a backup
• DR plan can be programmed ahead of time
• Easy testing capabilities
• Can be SAN based on software level (Veeam, Zerto, etc)
• Use your own DR site or a hosted site
• Major potential benefit is it (in theory) is a “clean” site
•Complimentary Products
•Single Vendor Solution• Traditional Acquisition
• GreenLake
•Reference Architectures and Design Guides•HPE has the most complete portfolio for deploying Veeam infrastructure
• Choose the right solution for your Veeam deployment: HPE StoreOnce, HPE Apollo, HPE MSA, HPE Nimble Storage, StoreEver
• HPE + Veeam Milestones• Integration dating back to 2012 (StoreVirtual)
• Alliance and reselling agreement since January 2017
• StoreOnce – First inline dedupe backup appliance to support IVMR
• Nimble - First inline dedupe secondary storage array supporting DR workload from Veeam backup
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 15
WHY HPE FOR VEEAM BACKUP SOLUTIONS
Federico Venier 2019
HPE SIMPLIVITY
Chris ConnollySolutions Architect
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY16
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 17
HPE SIMPLIVITY AND VEEAM: BETTER TOGETHER USE CASE SUMMARY
MixedEnvironments
Extendto Cloud
Long TermRetention
App AwareBackup
GranularRestore
Built-in data protection within the SimpliVity federation
Near instantaneousbackup and restore
within the SimpliVity federation
Guaranteed Data
Efficiency
SQL Server consistent backups
File level recovery
HPESimpliVity
Different Admins: reduced risk of deleting backups along with production due to unintentional/malicious errorsDifferent platforms: prevent a firmware bug from compromising backups and production by saving to a different storage system
Protect data across mixed environments
Archive data to cloud platforms
Archive to 3rd party long term storage / tapes
Multi-app consistent backups
Multi-app granular object restore
HPE APOLLO
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY18
The best server platform for compute and high-density storage in a single chassis
• HPE Apollo 4200 and HPE Apollo 4510 are HPE servers that combine:• Legendary ProLiant compute capabilities• High-density storage• HPE iLO and all the features you expect from a ProLiant
server• HPE Apollo server can host all Veeam components• Veeam Server and Microsoft SQL Server databases• Veeam proxy and backup repository• Veeam tape server
• Data reduction based on:• Veeam compression and deduplication• New Veeam virtual-synthetic-full based on ReFSblock
cloning• For additional reduction, install HPE StoreOnce VSA
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 19
HPE APOLLO 4200 AND 4510 GEN10
HPE Apollo 45104U Intel based server60 LFF + 2 SFF disks
Question: Does HPE StoreOnce further reduce Veeam data?
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 25
Legacy disks compared with HPE StoreOnceBENEFIT OF HPE STOREONCE DEDUPLICATION FOR VEEAM REPOSITORIES
2 to 1
Answer: HPE StoreOnce requires 486 / 60.5 = 8X less disk storage than traditional solutions
Notes: Better deduplication is expected in real-world configurations with many VMsHPE StoreOnce deduplication works across all VMs increasing deduplication (operating system data portion is always the same)
• Lab test: Bandwidth reduction after 3% data change and 12% incremental backup• Up to 80—100 to 1 (98% to 99%) for full backup (after the first one)
• Up to 15—30 to 1 (93% to 97%) for incremental backup
• Why is dedupe on full backup so good?• A full backup contains a copy of all data even if the actual changes since the previous backup (full or
incremental) are limited
• HPE StoreOnce deduplication engine identifies the changed date and dedupe the large amount of “already seen” data
• Why is dedupe on incremental backup so good?• Veeam incremental backup is based on CBT technology
• CBT reports to Veeam 1 MB blocks regardless of the amount of changed data inside the block
• HPE StoreOnce can identify the actual changed data inside the 1 MB block because its deduplication engine works at a higher granularity (4 KB on average)
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 26
VEEAM AND CATALYST DEDUPLICATION OVER WAN
Benefit: Bandwidth reduction, higher throughput
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 27
Plan in advance because there are unexpected challengesRANSOMWARE AND DATA PROTECTION: DO YOU FEEL PROTECTED?
How to recover when your files get
encrypted?
It is not matter of “if” but “when”?
Pay and “pray”Yes, unencrypt may not work
FBI link
Make sure your backup data is invulnerable to ransomware attacks
Arrange a backup policy with enough retention
(snapshot + backup)
The FBI does not support paying a ransom to the adversaryPaying a ransom does not guarantee the victim will regain access to their dataIn fact, some individuals or organizations are never given decryption keys after paying a ransom
30 + Years working in IT Storage – Virtualization –Networking – Data Centers - Presentations
Started with Veeam April 9, 2018
Guitar Builder – Guitarist – Music Junkie – Mac Geek
I am married to the most amazing woman on the planet – 4 Kids from 30 to 17 – too many animals –living in the woods in a big house with lots and lots of land
Van Flowers| Systems Engineer| VMCE VMCT VCP | DC, MA and Northern VA
• The only cure for ransomware is prevention• Companies have to choose between paying or losing data• Brand damage control post-compromise
Data security and data reuse challenges
Data reuse
• Providing fresh data for development and security testing• Providing fresh data for data mining scripts and applications• Dealing with increasing requests for these operations