Infinidat Blog

Backups are the last line of defense against cyber-attack data corruption and deletion

But here’s the catch: like primary storage, secondary backup storage is also vulnerable. Although most secondary storage runs on a different OS/environment than primary servers/storage, secondary storage is also the target of cyber-attacks. If the cyber criminals only control primary storage, then your enterprise can just restore from your backup copy. Cyber criminals have realized to be effective; they need to have control of secondary storage as well. Moreover, secondary storage can still be deleted and overwritten by new backups, and some of that newly backed up data could be corrupted.

You can’t look at a news site, IT site, or old-style newspaper without reading how enterprises all across the world are under the constant threat of cyberattacks. It is not a question of if you will be attacked, but when and how often. A recent UK government report (January 2022) noted, ~66M records were compromised1, ranging from hospitals and department stores to government agencies. Today, many organizations are making their backup data more cyber resilient by using Infinidat’s InfiniGuard® and its newly introduced, InfiniSafe technology functionality.

Infinidat InfiniGuard Secondary Storage

Infinidat’s InfiniGuard is a secondary purpose-built backup appliance storage solution that stores and retrieves compressed and deduped backup data. InfiniGuard works with several data protection software solutions, such as Veritas, Commvault, Veeam, IBM, and many others, and can be used to back up primary storage from any vendor.

InfiniGuard comes configured with three deduplication engines, two active and one stand-by, plus InfiniBox® enterprise storage to quickly back-up and restore customer backup datasets. To better accelerate, secure and validate backups, Infinidat recently upgraded InfiniGuard with faster InfiniBox internal storage, deduplication engines, and new InfiniSafe cyber resilience capabilities (InfiniSafe is included in all InfiniGuard systems at no charge).

InfiniGuard’s new storage and deduplication engines come with faster compute cores, increased core counts, more memory, and higher capacity storage over the prior generation systems to support faster data backups, restores and replication. Using the new InfiniGuard, customers could cut backup and replication windows in half, as well as significantly reduce restore time. Moreover, the InfiniGuard has up to 50PB of effective capacity, depending on data reduction rates.

InfiniSafe Cyber Resilience Capabilities

InfiniSafe is a new solution to address cybersecurity threats. InfiniSafe is designed to thwart cyberattacks against secondary storage by providing local, logical air gapping, immutable WORM-like snapshot copies of InfiniGuard backup data. Further, with InfiniGuard replication, InfiniSafe logical air-gapped copies are also available at the remote replication site.

Once set up, InfiniSafe copies can expire, but they cannot be modified. In addition, two of InfiniGuard’s three dedupe engines always remain active, with the third on standby. IT can connect the standby dedupe engine to a private network and, thereby, create a fully isolated, fenced environment to mount, test, and validate InfiniSafe snapshots to determine if they contain good recovery points of backups.

InfiniGuard already takes space-efficient, point-in-time snapshots of backup data on an admin-selected schedule. However, these snapshots are overwritten when space becomes tight, and they can be deleted by an admin. In contrast, InfiniSafe uses an independent snapshot schedule that, once established, will take snapshots into a reserved space. InfiniSafe copies can expire but cannot be deleted, and admins cannot reduce expiration dates. As a result, InfiniSafe provides a logical air-gapped copy that is isolated from normal backup storage.

InfiniSafe’s snapshots are taken on a separate, independent schedule applicable only to InfiniSafe processing. Each active dedupe engine can also have its own InfiniSafe snapshot schedule. InfiniGuard replicated backups on the remote site system can have yet another independent InfiniSafe snapshot schedule as well. After setting up the isolated, fenced environment using the standby dedupe engine, admins can attach InfiniSafe snapshots with the click of a button and mount them to isolated environment servers without any additional hardware or software. Competitive systems require additional hardware and software to access their backup data. But with InfiniGuard’s standby dedupe engine, attaching to InfiniSafe copies can all be done within the same InfiniGuard hardware and software.

Once attached and mounted, IT can then test InfiniSafe backup copy data by scanning files, running validation scripts, and, even, executing rudimentary applications, all as a means of verifying that the InfiniSafe backup is a copy of a good recovery point, with clean datasets. A similar effort can be performed at the remote site with InfiniGuard replicated backups.

Following the identification of a good recovery point, you can swiftly recover the backup dataset. Recovery of backup data (not just directories) with InfiniGuard is very fast. Regardless of backup dataset size, from TBs to PBs, recovery (preparation for restoration) takes no more than 30 minutes. Infinidat publicly demonstrated a live recovery of 1.5PB of InifiniSafe VEEAM backup data in only 12 minutes and 25 seconds.

One major delay in recovering from ransomware attacks is figuring out which backups are usable, and which are not. By using the verification process described above for each series of InfiniSafe snapshots, IT can provide a record of all available good backup data to recover from cyber-attack corruption of primary storage. Having a list of known good backup data can substantially reduce ransomware recovery time.

With Infinidat InfiniGuard, InfiniBox storage and InfiniSafe cyber resilience functionality, backups can continue to remain that last line of defense from data center cyberattacks.

Infinidat’s best practices guide2 provides additional insights into how to use InfiniSafe to make data center environments cyber resilient. Organizations that follow these best practices and use InfiniGuard InfiniSafe will improve their data centers’ cyberattack security posture.

1 Please see: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-att… as of 07 February 2022

2 Please see:  https://support.infinidat.com/hc/en-us/categories/360000273777

 

 

About Ray Lucchesi, Silverton Consulting

Ray Lucchesi is president/founder of Silverton Consulting, Inc. (est. 2004), tweets @RayLucchesi, blogs at RayOnStorage.com, co-hosts GreyBeardsOnStorage.com podcast and has worked in storage and systems industry for over 40 years, mostly in engineering and marketing new storage products. Ray participates in Storage Field Day video events and can be found attending just about every major storage and system vendor’s USA conferences.