Data is the lifeblood of today’s enterprises, and an extremely lucrative target for attackers. Ransomware, which essentially holds data “hostage” by encrypting it until a ransom is paid by the company, is increasingly common and becoming more advanced every day.
In fact, some estimates say that a ransomware attack occurs every 11 seconds. These attacks can cripple an organization, causing unexpected downtime and wreaking havoc on an enterprise’s operations, production, customer service, and even future reputation.
It can cost a lot of time, effort, and money to recover from a ransomware attack. Simply having a backup of your data is no longer sufficient, because attackers can now infiltrate backups as well.
In addition to practicing “defense in depth,” IT professionals are now beginning to see the critical need for immutable backups as a last line of defense from ransomware and other attacks—and a smart way to maintain a successful strategy for business continuity and disaster recovery.
Host: Andy Whiteside
Co-host: Harvey Green
Co-host: Jirah Cox
Data is the lifeblood of today’s enterprises, and an extremely lucrative target for attackers. Ransomware, which essentially holds data “hostage” by encrypting it until a ransom is paid by the company, is increasingly common and becoming more advanced every day.
In fact, some estimates say that a ransomware attack occurs every 11 seconds. These attacks can cripple an organization, causing unexpected downtime and wreaking havoc on an enterprise’s operations, production, customer service, and even future reputation.
It can cost a lot of time, effort, and money to recover from a ransomware attack. Simply having a backup of your data is no longer sufficient, because attackers can now infiltrate backups as well.
In addition to practicing “defense in depth,” IT professionals are now beginning to see the critical need for immutable backups as a last line of defense from ransomware and other attacks—and a smart way to maintain a successful strategy for business continuity and disaster recovery.
Host: Andy Whiteside
Co-host: Harvey Green
Co-host: Jirah Cox
WEBVTT
1
00:00:02.460 --> 00:00:16.470
Andy Whiteside: Hello everyone, welcome to episode 56 I think I just looked and then I can't remember 36 of mechanics weekly i'm your host Andy white so i've got Harvey and jarrod on with me I guess we're, to the point where you don't need introductions anymore.
2
00:00:19.140 --> 00:00:23.160
Jirah Cox: But, again, I think it's been a little while, since all three of us actually we're on the same episode same time.
3
00:00:23.340 --> 00:00:24.480
Yes.
4
00:00:25.620 --> 00:00:30.300
Andy Whiteside: I think i've been jumping on and saying we are doing great have fun bye and i'll go.
5
00:00:32.520 --> 00:00:34.830
Andy Whiteside: Today I am I am here.
6
00:00:36.000 --> 00:00:38.010
Jirah Cox: I get it that's, all I can say all any of us can say.
7
00:00:38.610 --> 00:00:42.390
Andy Whiteside: i'm here I got up i'm good I got new ideal stickers.
8
00:00:44.070 --> 00:00:45.360
Jirah Cox: cool is that a.
9
00:00:46.680 --> 00:00:47.280
Jirah Cox: beaver.
10
00:00:48.150 --> 00:00:48.900
Andy Whiteside: And what is it that we.
11
00:00:50.160 --> 00:00:52.140
Andy Whiteside: are so disconnected from our world.
12
00:00:54.150 --> 00:00:55.020
Andy Whiteside: As a hedgehog.
13
00:00:55.260 --> 00:01:06.870
Jirah Cox: is, I think I mean the audience i'm so sorry audience for not painting a good word picture here, I think I can be forgiven for mistaking a beaver and a hedgehog like a big miss on my part yeah and i'm seeing a.
14
00:01:06.870 --> 00:01:15.930
Andy Whiteside: hard time that's like conversation number one we introduce somebody to I was like, why is it called I Joe and I gel is pronounced eagle in German, and he Gal in German, is a head talk.
15
00:01:16.770 --> 00:01:17.250
Jirah Cox: There you go.
16
00:01:17.970 --> 00:01:24.120
Andy Whiteside: Closer and I think he gail is like the abbreviations for the company that started them and that's how they ended up is.
17
00:01:24.480 --> 00:01:34.320
Jirah Cox: That totally totally cool company name I i'm legitimately just passed wondering about how to drink nobody's getting named because I just I just assume we're running out of good names, so you can get.
18
00:01:34.650 --> 00:01:34.980
yep.
19
00:01:36.240 --> 00:01:37.410
Andy Whiteside: yep INTEGRA.
20
00:01:42.120 --> 00:01:44.550
Andy Whiteside: it's become an icon oh yes.
21
00:01:45.720 --> 00:01:48.600
Jirah Cox: I agree exes are cool more x's and your name.
22
00:01:48.960 --> 00:01:53.340
Andy Whiteside: so bad, to remind me of the day, well how we got the day and I was like oh that's right, that is where it came from.
23
00:01:54.690 --> 00:01:57.870
Andy Whiteside: It came from where I thought it came from, but I forgot who it came from.
24
00:01:59.370 --> 00:02:06.690
Harvey Green: Oh, I don't know if I know the WHO it came from I bought the who was that guy and i'm looking at right now.
25
00:02:07.080 --> 00:02:08.700
Andy Whiteside: know somebody else came up with the name.
26
00:02:10.740 --> 00:02:15.720
Andy Whiteside: yeah true true story I won't call it on the podcast because they might not be proud of it, or they might be proud of it.
27
00:02:18.690 --> 00:02:22.080
Andy Whiteside: there's a chance they might be listening, because they are involved in new tannic swirl.
28
00:02:23.010 --> 00:02:31.440
Andy Whiteside: whoa they took my ideas and made it a name made a name out of it and, to be honest, I love the logo, because I love it's flatten the way it looks.
29
00:02:32.160 --> 00:02:44.790
Andy Whiteside: Just depends like reason, if you say rural southern you say it like with a Latin accent or maybe put an exact a game of the body or whatever, when the Latin guy says INTEGRA I really like it.
30
00:02:46.740 --> 00:02:50.130
Andy Whiteside: When my country friends says INTEGRA I don't like it so much.
31
00:02:50.640 --> 00:02:55.980
Jirah Cox: I mean i'm not sure I can't think of any type of tech company name it would just work really well in that context.
32
00:02:58.650 --> 00:03:00.540
Andy Whiteside: Microsoft didn't work.
33
00:03:02.040 --> 00:03:05.010
Andy Whiteside: yeah Amazon aws.
34
00:03:05.460 --> 00:03:06.300
Andy Whiteside: comes along.
35
00:03:06.600 --> 00:03:08.010
Andy Whiteside: yeah no I don't even have to try.
36
00:03:08.070 --> 00:03:10.080
Andy Whiteside: Like that accent i'll have to try lily comes out.
37
00:03:10.110 --> 00:03:11.010
It literally comes up.
38
00:03:12.300 --> 00:03:15.000
Harvey Green: into your presence was definitely missed Sir.
39
00:03:16.800 --> 00:03:18.960
Andy Whiteside: If you can't laugh at yourself even left.
40
00:03:21.270 --> 00:03:21.750
Jirah Cox: volunteer.
41
00:03:28.890 --> 00:03:29.340
Andy Whiteside: work.
42
00:03:31.800 --> 00:03:32.280
Jirah Cox: fancy.
43
00:03:33.480 --> 00:03:34.890
Jirah Cox: yeah and then didn't catch fire.
44
00:03:35.580 --> 00:03:38.520
Andy Whiteside: No, it did not catch fire i've got the newest latest greatest when all the bugs.
45
00:03:39.270 --> 00:03:40.230
Jirah Cox: Okay, there you go.
46
00:03:43.350 --> 00:03:46.470
Andy Whiteside: by car, but it wasn't that close oh my wife's not listen.
47
00:03:47.550 --> 00:03:48.690
Jirah Cox: there's no firmware fix for that.
48
00:03:50.310 --> 00:03:52.830
Andy Whiteside: Not for that one that one's that's called look both ways.
49
00:03:55.170 --> 00:04:03.420
Andy Whiteside: All right, so guys for jumped on you guys were chit chatting about what the cover today and we came up with the always relevant talk at topic.
50
00:04:04.230 --> 00:04:21.450
Andy Whiteside: Of immutable backup immutable backup the best Defense against ransomware I feel like we've covered this, but you can never cover this enough, and maybe there's something beyond what we've covered that we're going to talk about here.
51
00:04:23.370 --> 00:04:28.020
Andy Whiteside: Well, maybe it's just like you know, like your mom brush your teeth brush you tell me all the time, I know I keep telling you brush teeth.
52
00:04:29.070 --> 00:04:29.490
Harvey Green: Yes.
53
00:04:29.580 --> 00:04:30.270
Jirah Cox: I mean, I guess.
54
00:04:30.810 --> 00:04:44.070
Jirah Cox: If you if a customer was listening in like was 100% sure that their backups were completely recoverable couldn't be attacked we're going to be there when they need them, I guess, they can soliciting now for everybody else, maybe there's something for them, and the rest of this episode.
55
00:04:47.070 --> 00:04:51.600
Harvey Green: And we assume 99% of people are still listening at this point.
56
00:04:53.310 --> 00:04:56.640
Andy Whiteside: it's like if you try to think about that right for you go to bed every night whatever.
57
00:05:00.000 --> 00:05:01.080
Harvey Green: You dream about.
58
00:05:02.610 --> 00:05:10.350
Andy Whiteside: Like right before bed last night right for me to sleep last night, my wife gave me like two or three things she would like to have done like honey do things Marty exhausted from the weekend.
59
00:05:11.550 --> 00:05:13.170
Andy Whiteside: took me a little bit to go to sleep after that.
60
00:05:14.250 --> 00:05:17.550
Andy Whiteside: I just want to get I just want to get into Monday Monday to start that's all.
61
00:05:18.510 --> 00:05:23.910
Jirah Cox: In a professional context you want to be like, can you please open a ticket, but I probably can't do it at home.
62
00:05:25.020 --> 00:05:28.320
Andy Whiteside: Now that's not a bad idea to they make they make service now home edition.
63
00:05:31.740 --> 00:05:34.080
Jirah Cox: Yes, results, probably not guaranteed.
64
00:05:35.700 --> 00:05:37.290
Harvey Green: That would be frowned upon.
65
00:05:39.630 --> 00:05:41.760
Andy Whiteside: What it that's not a bad idea.
66
00:05:41.880 --> 00:05:43.890
Jirah Cox: My users, without feedback.
67
00:05:47.280 --> 00:05:48.420
Andy Whiteside: there's a product there somewhere.
68
00:05:50.940 --> 00:05:53.460
Andy Whiteside: The honey do ticketing system.
69
00:05:55.830 --> 00:05:56.820
Andy Whiteside: Well okay so.
70
00:05:58.020 --> 00:06:06.720
Andy Whiteside: jarrod Harvey started gyro what's a why cover this, I think we just covered while cover this, but is it truly just a matter of.
71
00:06:08.160 --> 00:06:12.780
Andy Whiteside: Making sure everybody just though doesn't forget how important this topic is.
72
00:06:15.240 --> 00:06:16.320
Jirah Cox: I think it's a pretty good reason yeah.
73
00:06:19.260 --> 00:06:24.660
Jirah Cox: it's evergreen right like as long as about technology we've had a need for good backup so that technology right like they.
74
00:06:25.260 --> 00:06:26.130
Jirah Cox: saw him.
75
00:06:26.580 --> 00:06:29.490
Andy Whiteside: So I think the main topic here right is about immutable backup.
76
00:06:30.480 --> 00:06:37.260
Andy Whiteside: And so Okay, and I had this conversation a week ago with somebody I forget what was what is immutable backup.
77
00:06:40.020 --> 00:06:44.670
Jirah Cox: So the immutability there would imply that you know can't be.
78
00:06:46.170 --> 00:06:51.300
Jirah Cox: tacked can't be modified makes it more resilient against loss.
79
00:06:53.190 --> 00:06:58.320
Jirah Cox: You know and there's certain ways that you could get there with with crucial backup technology right with like file permissions.
80
00:06:58.770 --> 00:07:11.490
Jirah Cox: access control lists, but that's still you configuring a platform to add that versus the immutability being actually intrinsic aspect of the medium you're writing your backups to so.
81
00:07:11.520 --> 00:07:19.560
Andy Whiteside: Let me ask you this, I didn't understand what ransomware worked until a couple days ago and somebody so what happens is it makes a copy of your data encrypts that copy and then deletes your copy.
82
00:07:20.730 --> 00:07:23.850
Jirah Cox: yeah it's probably yeah, broadly speaking, you have pretty fair.
83
00:07:24.090 --> 00:07:26.340
Andy Whiteside: So then, just put it all in one big massive zip file.
84
00:07:26.790 --> 00:07:27.870
Harvey Green: hmm no.
85
00:07:28.080 --> 00:07:35.490
Andy Whiteside: Copies encrypts while you know, during the copy process or afterwards and then delete yours and then your your data is gone.
86
00:07:37.620 --> 00:07:40.320
Andy Whiteside: And the only thing you do is get it back from the last time, so in this case.
87
00:07:40.680 --> 00:07:53.850
Andy Whiteside: We want that data to be sitting there, I guess, with ransomware it's going to it's going to encrypt and do this to your backups as well that are sitting there unprotected, and this This creates a scenario where that copy delete you might get a copy, but you can't delete.
88
00:07:54.750 --> 00:08:03.090
Jirah Cox: Right well that's that's the that's part of the threat model right that yeah that's what address as well as let's say it does whatever basketballs do on the workstation on the endpoint.
89
00:08:03.690 --> 00:08:17.100
Jirah Cox: Right let's make sure that that my backup data which is like my last resort right like the lifeboat there is not something that can do that too right like it let's make sure it can't touch our backup systems yeah.
90
00:08:17.820 --> 00:08:22.740
Andy Whiteside: And to be clear when you say what it does on the workstation I know you know you're talking about, but let me just walk through this with you.
91
00:08:23.100 --> 00:08:31.320
Andy Whiteside: If my workstation has access to a network drive where I have the ability to copy and delete stuff it's going to do that bad stuff over there to.
92
00:08:32.190 --> 00:08:44.340
Jirah Cox: You anywhere, yes, all the above, but yeah basically ransomware can do bad things to anything that you can do as a end user right so local drives network drives shares anything above.
93
00:08:45.060 --> 00:08:49.770
Harvey Green: yeah and anything that you have access to modify.
94
00:08:50.880 --> 00:09:03.810
Harvey Green: You will have potentially have have spread it in that way because it's it's kind of using you and your permissions and your locations to go in and do its work.
95
00:09:05.280 --> 00:09:07.380
Andy Whiteside: yeah that you, you are the key.
96
00:09:07.440 --> 00:09:09.240
Harvey Green: So he's got take away all your power, the key.
97
00:09:10.770 --> 00:09:15.570
Andy Whiteside: Like if I just lock you down, but then you can't do that right, because the people got to get stuff done.
98
00:09:15.840 --> 00:09:17.820
Harvey Green: that's right yeah.
99
00:09:19.410 --> 00:09:25.200
Andy Whiteside: All right, so let's see what is immutable backups How does it work, did we cover how it works and that dialogue.
100
00:09:28.620 --> 00:09:35.010
Jirah Cox: so well, we can we can go a little bit deeper right, so the fundamentally right we want, we want to throw backups that a system where.
101
00:09:35.970 --> 00:09:46.920
Jirah Cox: If we've told the system this data should be immutable then we allow new data to be generated right we're going to write our our nightly backups sets or whatever your interval is right, could be hourly could be weekly.
102
00:09:49.830 --> 00:10:00.600
Jirah Cox: Maybe one a little bit of a cool down timer where they can be maybe change for the first 10 minutes or first hour, but once the period of of immutability has started, then.
103
00:10:02.130 --> 00:10:18.960
Jirah Cox: Normally the functionality is shouldn't ever be able to be deleted, they can only just expire on a plan retention cycle right So if you tell it keep this data for three years or five years, then you can't delete it sooner than three years or five years, whatever your policy is set to.
104
00:10:21.180 --> 00:10:29.460
Jirah Cox: So that's that's what we, we should level set on as what we what we mean by when we say hey your backups relating to land on some kind of immutable data platform.
105
00:10:31.260 --> 00:10:47.430
Andy Whiteside: and going back to the conversation around Okay, so you got the stuff that gets backed up from the system in theory that stuff's, not even if it's not immutable in theory that user doesn't have access to, or if you're the right user with the right credentials, you do have access to it.
106
00:10:49.200 --> 00:11:02.640
Jirah Cox: So for this kind of definition right for middle of backups I would, I would say that actually even even the admin right shouldn't able to touch those right because we've set a policy right as an organization to say this data can't be deleted sooner than X, Y Z.
107
00:11:04.350 --> 00:11:04.620
Jirah Cox: Right.
108
00:11:06.630 --> 00:11:12.450
Jirah Cox: So, then, I can't think of a reason why an admin right should be able to to override that.
109
00:11:12.690 --> 00:11:20.340
Jirah Cox: Well i'm sorry because it gives you might have like legal you know you can you can have a business justification for new that retention employees right so so it would need to.
110
00:11:21.030 --> 00:11:33.150
Andy Whiteside: Well i'm talking about if it's not immutable, in other words it's the network share all the backups go and Tommy that men surf the Internet or does whatever he needs with his admin credentials and next thing you know he's you know wiping out the system.
111
00:11:35.310 --> 00:11:47.820
Jirah Cox: Totally yeah then you're just hope you're relying on the fact that, hopefully, like, I guess, I would hope that on privileged users can't do a delete but yeah nothing's enforcing that like a privilege admin right or compromised accounts or.
112
00:11:48.930 --> 00:11:56.190
Jirah Cox: You know malware on his workstation yeah totally with his permission could do bad things to the data because he's got he has permissions to do things to the data right.
113
00:11:56.310 --> 00:12:00.210
Harvey Green: And, and that goes back to you know, one of the things that we.
114
00:12:01.290 --> 00:12:14.310
Harvey Green: We talked about all time has been a topic for a long time, is making sure that your your end users only have access to the things that you need them to have access to I can't tell you how many times i've looked.
115
00:12:15.840 --> 00:12:24.450
Harvey Green: As a you know, a quote unquote normal user right and then have access to shares that I shouldn't have access to because.
116
00:12:25.800 --> 00:12:40.980
Harvey Green: Security by obscurity doesn't work you can't just hide access to the files or to the server shares and things like that, if your users have permission to it, you know that that's how things get through yeah.
117
00:12:41.610 --> 00:12:42.120
Jirah Cox: I would say.
118
00:12:42.240 --> 00:12:45.450
Jirah Cox: Harvey and we're now we're seeing right the sort of the.
119
00:12:45.930 --> 00:12:56.490
Jirah Cox: Best practices, the leading leading edge of it administers practices we see admins right saying how little access Do I need to do my job right like if I don't need this on a day to day basis.
120
00:12:57.330 --> 00:13:09.390
Jirah Cox: i'm not gonna have this version of myself either right because that's that's a liability right philosophy, if I have what I need you to do my job because, beyond just end users into anybody right it's touching the technology.
121
00:13:11.190 --> 00:13:11.520
yeah.
122
00:13:14.400 --> 00:13:20.190
Andy Whiteside: So okay so gyro what is the key technology behind immutable data storage.
123
00:13:21.630 --> 00:13:29.880
Jirah Cox: um so yeah I mean the way this article would get to is where nutrients can act as an immediate backup provider right.
124
00:13:31.680 --> 00:13:37.080
Jirah Cox: The through as a platform right and then and then, specifically through object storage.
125
00:13:38.580 --> 00:13:39.420
Jirah Cox: As a backup target.
126
00:13:44.130 --> 00:13:55.140
Andy Whiteside: So what does that mean there there's like I want to say Amazon invented this or maybe they didn't somebody else did it but they made a big deal out of it in their aws platform for very cost effective storage what's.
127
00:13:55.590 --> 00:14:00.180
Andy Whiteside: amazon's is called s3 what's the actual encryption what's the concept tenement call.
128
00:14:01.260 --> 00:14:01.560
Andy Whiteside: You know.
129
00:14:01.650 --> 00:14:07.830
Jirah Cox: um yeah s3 yeah right as the product that about evolved into becoming the protocol.
130
00:14:09.480 --> 00:14:19.620
Jirah Cox: Generic would refer to as like just object storage right so that's that's the the capability to you know place data retrieve data reads and writes.
131
00:14:20.730 --> 00:14:26.880
Jirah Cox: And it's you can you can think of it as not being you know kind of the oldest older school SMB or nfl space storage.
132
00:14:28.260 --> 00:14:34.020
Jirah Cox: That, in the past has been what we've presented to backup systems right like a vm server semantic server.
133
00:14:36.330 --> 00:14:46.890
Jirah Cox: You know backup, whatever your whatever you're using you'd give it some kind of some kind of bulk storage that would only be SMB and fs s3 is the newer variant of that and because it comes with some.
134
00:14:48.030 --> 00:14:58.800
Jirah Cox: benefits in the Protocol one of them being that ability to say the Protocol itself the platform itself is enforcing the immutability right sometimes called worm right so right once read many.
135
00:14:59.880 --> 00:15:08.790
Jirah Cox: But that ability to say once i've written this it it, it should not be deleted by any human until it it hits a retention policy that i've set as an organization.
136
00:15:10.140 --> 00:15:10.470
Jirah Cox: yeah.
137
00:15:11.580 --> 00:15:16.020
Andy Whiteside: Well then, the article goes on to talk about other reasons other than ransomware.
138
00:15:17.700 --> 00:15:24.990
Andy Whiteside: assured data integrity simplified compliance and elimination of accidental data changes.
139
00:15:26.190 --> 00:15:27.090
Andy Whiteside: i've probably.
140
00:15:28.320 --> 00:15:32.460
Andy Whiteside: been been the culprit for multiple of those things along the way.
141
00:15:33.960 --> 00:15:40.440
Jirah Cox: we're going to have right like this, this is sort of building the argument around like Why would you use the sort of a target for your backups right, and of course yeah like.
142
00:15:41.130 --> 00:15:46.980
Jirah Cox: Data integrity is a huge one right if you're gonna write it and it's that important to you, there should be really no question about is it going to be there when you go to do a read.
143
00:15:47.520 --> 00:15:56.160
Jirah Cox: operation on it or use it for store compliance yeah if your backups are subject to compliance requirements, then for sure that'd be a no brainer to say.
144
00:15:56.550 --> 00:16:03.480
Jirah Cox: let's let the technology implement that versus automation scripting human compliance all all things that could have variance or drift on them.
145
00:16:04.350 --> 00:16:17.370
Jirah Cox: Right and then yeah like the entire reason you would adopt this right is to have that avoidance of accidental data changes and let's let's be honest accidental or even a malicious right like no changes means no changes, no matter what the goal is.
146
00:16:19.290 --> 00:16:27.000
Andy Whiteside: Right, you know, we had a situation not too long ago where somebody went in and deleted a bunch of data tried to we saw that it was happening, how to turn them off in the cloud.
147
00:16:29.070 --> 00:16:40.110
Andy Whiteside: How does ransomware impact cloud based storage is it fair to say that it doesn't or does it, am I just in my way often thinking that it's that storage is immutable.
148
00:16:41.580 --> 00:16:41.910
Jirah Cox: Okay.
149
00:16:42.720 --> 00:16:45.600
Jirah Cox: Jason picture I could picture ransomware you know.
150
00:16:47.400 --> 00:17:00.990
Jirah Cox: we've seen we've seen more and more sophisticated ransomware in the wild right to where have ransomware now speak supervisors ransomware can speak saying right, so if we haven't already I think it's only a matter of time that we see cloud cloud aware of ransomware.
151
00:17:02.190 --> 00:17:03.570
Jirah Cox: Which is also terrifying to think about.
152
00:17:04.200 --> 00:17:04.650
It is.
153
00:17:06.720 --> 00:17:11.640
Jirah Cox: yeah i've got to think if it's if it's something that a human can do right and it's something that ransomware can probably do to do as well.
154
00:17:12.060 --> 00:17:12.330
yeah.
155
00:17:13.350 --> 00:17:16.470
Andy Whiteside: Okay, so i'm not wrong in the thinking that's a whole different conversation but.
156
00:17:17.640 --> 00:17:19.560
Andy Whiteside: It is going to happen someday.
157
00:17:20.400 --> 00:17:35.940
Jirah Cox: I mean what a terrifying thought like what if ransomware read your browser cookies and scraped out you're going to be as credentials, I mean i'm sure I didn't just give anybody an idea but that's truly terrifying stuff you know you're you're in an authenticated browser session.
158
00:17:39.570 --> 00:17:46.560
Andy Whiteside: You think at that point they're just attacking one person versus a whole team of people and a whole company's worth of data and less valuable.
159
00:17:48.360 --> 00:17:51.090
Harvey Green: It depends on whether one person has access to.
160
00:17:51.120 --> 00:17:52.800
Jirah Cox: I mean it does this person work in an MSP.
161
00:17:53.190 --> 00:17:59.790
Harvey Green: Unfortunately right, this is kind of describing the same business model just in a different place yeah.
162
00:18:01.140 --> 00:18:01.380
Right.
163
00:18:03.480 --> 00:18:11.250
Andy Whiteside: Ah, OK, so how to implement a minimal backup is this specifically as it relates to new tactics or is it just industry wide.
164
00:18:12.270 --> 00:18:14.040
Jirah Cox: This is pretty sure what actually right, this is a pretty.
165
00:18:15.180 --> 00:18:17.340
Jirah Cox: Broadly, educating article.
166
00:18:18.510 --> 00:18:23.220
Jirah Cox: But yeah some things things to keep in mind key requirements to strive for right so.
167
00:18:24.450 --> 00:18:31.530
Jirah Cox: Of course, we talked about pick a platform that makes it easy by as a platform and as a protocol enforcing that.
168
00:18:32.910 --> 00:18:38.040
Jirah Cox: The immutability the worm functionality right that it can't change or drift over time.
169
00:18:40.500 --> 00:18:42.420
Jirah Cox: The zero trust right so.
170
00:18:43.530 --> 00:18:46.500
Jirah Cox: Enforcing in authentication to the environment.
171
00:18:47.610 --> 00:18:50.760
Jirah Cox: You know the Council uses stuff like MFA to factor, you know.
172
00:18:51.960 --> 00:19:05.910
Jirah Cox: Things are harder for ransomware to steal right like more than just a username password you know if ransomware hopefully can't steal your one time code or you know push notification to group, yes, as me logging in as the admin.
173
00:19:08.250 --> 00:19:14.250
Jirah Cox: Understanding, of course, the backups are not silver bullet right like advanced monitoring data protection.
174
00:19:15.600 --> 00:19:22.890
Jirah Cox: are also key there right like I always tell customers like let's also talk about the edge, because now we're has to get in and then memoirs to call out.
175
00:19:23.280 --> 00:19:29.280
Jirah Cox: to really be effective right ransomware has to be able to phone home in order to get instructions and to do the data encryption.
176
00:19:30.150 --> 00:19:42.030
Jirah Cox: So we want resilient backups, but we also want to start stop it earlier than needing to restore from backup as well, so understanding that of course is just one tool in the toolbox around having strong backups.
177
00:19:43.050 --> 00:19:48.510
Jirah Cox: yeah detect early right that gets into workstation level and point monitoring.
178
00:19:50.040 --> 00:19:50.790
Jirah Cox: and enforcement.
179
00:19:52.170 --> 00:20:06.450
Jirah Cox: alerts mitigation responses right so as as we're trying to spot stuff earlier recover from infections faster, especially off hours right now almost anything off hours is possibly even more important, of an alert than that during work hours.
180
00:20:08.280 --> 00:20:10.440
Jirah Cox: type of alert in your event monitoring.
181
00:20:16.380 --> 00:20:27.600
Jirah Cox: there's a great call out here that i'll even expand into say you know remediation policies and so forth responses to what do we do when we believe we've found a ransomware event or a malware event occurring on the network.
182
00:20:28.650 --> 00:20:31.470
Jirah Cox: And I would say, actually, like the in sort of the way that.
183
00:20:32.670 --> 00:20:40.680
Jirah Cox: The way that most Dr failures are like failures like imagination right Oh, we didn't think this could happen, or that it would take this kind of path of failure.
184
00:20:42.600 --> 00:20:53.370
Jirah Cox: I think that you can make a fair case that most ransomware escalations are sort of a failure to empower people to respond faster right like i'm going to authorize my.
185
00:20:54.030 --> 00:21:10.170
Jirah Cox: Service desk just to you know disable anyone any ad account that gets this kind of behavioral learning I don't care if they're a C level executive right if that if this if this is the alert disable first apologize, and ask questions later right versus versus you know don't.
186
00:21:10.320 --> 00:21:21.210
Jirah Cox: don't respond to like VIP alerts so so have have policies that have teeth that say if we see this kind of behavior from workstation we're gonna cut you off for the good of the company and then help you get it cleaned up and read and respond.
187
00:21:22.080 --> 00:21:25.380
Andy Whiteside: yeah so funny you talk about like the executive conversation I.
188
00:21:26.010 --> 00:21:32.280
Andy Whiteside: I got several stories I could tell but one is I was doing patches on a weekend in my corporate gig way back when and.
189
00:21:32.700 --> 00:21:44.460
Andy Whiteside: got a help desk call I was like why somebody called me now and they called and it was executive, because his daughter was in to do her book report or something, and he needed me to reset his password so she could get in.
190
00:21:45.210 --> 00:21:51.780
Andy Whiteside: wow yeah that's 15 years ago, plus maybe 20 i'm getting old but still.
191
00:21:52.860 --> 00:21:54.030
Andy Whiteside: I bet it still happens.
192
00:21:55.140 --> 00:21:57.000
Harvey Green: i'm sure it is.
193
00:21:58.740 --> 00:21:58.980
Harvey Green: alright.
194
00:22:00.600 --> 00:22:04.770
Andy Whiteside: So Jared did we cover all these, and then we walk through some are most of them that.
195
00:22:05.040 --> 00:22:14.250
Jirah Cox: The last to be the article gives guidance to say you know avoid reinfection by scanning your backups for signs of tampering and malware before you restore it that's that's pretty smart right.
196
00:22:15.150 --> 00:22:20.280
Jirah Cox: same thing goes to the endpoints right like I would say, most people don't even scan endpoints anymore if it if it has.
197
00:22:22.020 --> 00:22:25.350
Jirah Cox: Evidence of compromise on there that things getting formatted and reinstalled.
198
00:22:25.470 --> 00:22:26.850
Harvey Green: You know, was absolutely.
199
00:22:27.000 --> 00:22:27.390
Totally.
200
00:22:30.810 --> 00:22:43.560
Jirah Cox: And then, this is, I think, pretty important right impact analysis that that that we generate it helps with both recovery efforts right like this happened it caused X amount of team time to be spent on doing recoveries and restores.
201
00:22:44.850 --> 00:22:59.670
Jirah Cox: and verifying things were clean because that's that I think is an important stats roll up to the business around you know this this link that took five seconds to click an email generated 50 hours of lost productivity right for for a certain other teams time.
202
00:23:01.530 --> 00:23:07.500
Jirah Cox: But that that kind of data when you roll it up right can help any multiply it times number of attacks that people recover from all the time.
203
00:23:09.390 --> 00:23:12.450
Jirah Cox: Help gives teeth to more stronger policies right around like.
204
00:23:13.650 --> 00:23:26.310
Jirah Cox: You know, do we need to only whitelist email from known business partners do we need to do, stronger scanning or URL URL rewriting or like not allowed downloads or you know block block pdfs or block attachments you know that kind of stuff.
205
00:23:27.390 --> 00:23:35.340
Jirah Cox: When you know what your users are vulnerable to you can write better policies to help spend the company's time and money more wisely right.
206
00:23:39.150 --> 00:23:42.330
Andy Whiteside: And overall all that adds up and it becomes.
207
00:23:43.530 --> 00:23:45.690
Andy Whiteside: Almost a profit Center but it saves you bacon.
208
00:23:47.310 --> 00:24:03.540
Jirah Cox: It really does right like I think I think back to the earlier parts of my career where it seemed like like malware or ransomware is sort of like rampant and I, you know, in the business, I was in I kind of kept getting called by customers to say hey help help fix this help fix that.
209
00:24:04.800 --> 00:24:10.530
Jirah Cox: And let's say 10 years ago it was kind of more assumed like well we can't just not do our jobs without email.
210
00:24:11.160 --> 00:24:19.380
Jirah Cox: But actually can think of like actually a number of roles, nowadays, where you might not even need to be able to receive an email externally right like you can still be pretty functional pretty effective.
211
00:24:21.000 --> 00:24:29.880
Jirah Cox: As an employee, I wonder if we'll see more rationalization around hey do you actually need external email accessibility right for your job role job function.
212
00:24:30.390 --> 00:24:40.020
Jirah Cox: Because there's real time and money behind these kind of attacks and if that's an easy nope don't need that well great now i'm just you know, limiting my my attack surface area.
213
00:24:40.800 --> 00:24:42.930
Andy Whiteside: yeah I could check an email weeks ago.
214
00:24:43.950 --> 00:24:46.050
Jirah Cox: But you go so you're you're already more security.
215
00:24:49.530 --> 00:24:58.980
Andy Whiteside: So i'm intentionally showing you guys my screen, this is my virtual desktop, which is a non persistent virtual desktops let's not have me immutable because it does change while i'm using it.
216
00:24:59.310 --> 00:25:04.500
Andy Whiteside: But when I rebooted it reboots back to gold image everything, but my user profile that's a whole nother conversation.
217
00:25:06.720 --> 00:25:20.790
Andy Whiteside: But you know, in theory, that's one evidence or immutability that we've had in our virtual desktop worlds for long time and virtual APP world and then you take your your data, make it as secure as possible, but the backups of it, make it unchangeable.
218
00:25:22.380 --> 00:25:34.560
Andy Whiteside: And then you throw in what i'm doing on this screen where it's a you know the eye gel read only Linux thin client now the lower my attack vector I mean it takes all of this, plus antivirus plus.
219
00:25:35.370 --> 00:25:42.810
Andy Whiteside: Detection in DR solutions, plus intelligence to make to have a fighting chance and today's it.
220
00:25:43.230 --> 00:25:44.610
Jirah Cox: Totally totally and.
221
00:25:46.140 --> 00:25:54.720
Jirah Cox: And I can picture you know the the parts that do present right like your profile data you're you're like redirect file share data, you know.
222
00:25:55.860 --> 00:26:03.990
Jirah Cox: needs to think kind of like burgeoning easy roll back like if you if you call to help us and said hey my profile, you know needs to get rolled back to 72 hours ago that needs to be.
223
00:26:05.160 --> 00:26:15.330
Jirah Cox: A well exercised script or code path or unknown procedure right you don't want them fumbling around like oh whoops I don't roll back to that point in time, you know, like you want that to be a boring operation.
224
00:26:16.470 --> 00:26:26.010
Andy Whiteside: And I don't know how to do it, but in our one drive and other solutions we have real time SAS SAS backups and I could restore my files.
225
00:26:26.250 --> 00:26:26.520
Jirah Cox: Oh yeah.
226
00:26:26.970 --> 00:26:39.510
Andy Whiteside: Nobody showed me how to do it, yet, but I know it exists, I know I paid for it every month and somebody said it up, but it goes back it's a very much a layered approach with some common sense thinking on the front end.
227
00:26:39.810 --> 00:26:46.770
Jirah Cox: Oh yeah absolutely required right like assuming that a SAS services need a backup is sort of mistake number one right now.
228
00:26:47.460 --> 00:26:52.380
Andy Whiteside: That well I did that for like five years I assumed, it was backed up by my friends at Microsoft.
229
00:26:55.380 --> 00:26:57.840
Harvey Green: Only for a very short period of time.
230
00:26:59.430 --> 00:27:05.940
Jirah Cox: Right it really gets into like what do you define a backup and like who's allowed to do the restore who's it a backup for right, you know yeah.
231
00:27:06.930 --> 00:27:10.890
Andy Whiteside: Well guys, I appreciate it always good to talk immutable backups.
232
00:27:12.390 --> 00:27:16.200
Andy Whiteside: Now really it's one of those things you can't you can't stress it enough.
233
00:27:17.640 --> 00:27:26.010
Andy Whiteside: That know having that in your Oh, I did want to Oh, we didn't get to the in the article i'm new tannic, this is a feature of mine correct.
234
00:27:27.210 --> 00:27:30.150
Jirah Cox: A camera yeah feature of objects right which powers mine yeah.
235
00:27:31.050 --> 00:27:40.530
Andy Whiteside: So it's a feature of objects so help me understand this of objects powers mine mine is a which one do you pay for which which one do you pay for.
236
00:27:42.060 --> 00:28:01.290
Jirah Cox: All of it mine is the mind is the combination of the backup tech, along with the backup the backup storage, along with the backup solution right so like a like a haiku like a beam like a calm vault running on the cluster That then is both the backup appliance as well as the storage.
237
00:28:01.920 --> 00:28:05.220
Andy Whiteside: Okay, so mine enables that object level backup.
238
00:28:06.660 --> 00:28:15.600
Jirah Cox: right, the right yeah my mind includes the storage and the application right, whereas where you also just run objects and not even bring your own application right something else spoke s3.
239
00:28:15.660 --> 00:28:17.160
Andy Whiteside: And then, a haiku would be the.
240
00:28:17.700 --> 00:28:20.910
Andy Whiteside: Management of that system leveraging those.
241
00:28:21.120 --> 00:28:25.950
Andy Whiteside: capable yeah you could just run mine, if you want it or you need something like a third party haiku or being.
242
00:28:26.820 --> 00:28:32.850
Harvey Green: So that that third party comes with mine as a part of the solution so.
243
00:28:32.940 --> 00:28:38.730
Harvey Green: That you can think of mine as objects and a solution like you're speaking.
244
00:28:39.570 --> 00:28:44.490
Andy Whiteside: Okay, so when I buy haiku I got in my mind, so that can leverage the haiku they come together.
245
00:28:44.670 --> 00:28:47.310
Harvey Green: know if you bought objects only.
246
00:28:47.730 --> 00:28:53.040
Harvey Green: And then bought haiku you could do it that way, or you could buy mine that would have haiku.
247
00:28:53.160 --> 00:28:54.420
Harvey Green: Already in it.
248
00:28:54.570 --> 00:28:55.320
Andy Whiteside: Oh, I gotta.
249
00:28:55.380 --> 00:28:56.430
Harvey Green: Have a full solution.
250
00:28:56.580 --> 00:29:01.110
Jirah Cox: yeah you'd set mine off to the side and say this is my backup cluster it holds the backups and it takes all the backups.
251
00:29:01.410 --> 00:29:10.290
Jirah Cox: Yes, right or but, and that would be super valid use case right s3 itself is just a web protocol so you use it for anything right you use it for application data.
252
00:29:11.580 --> 00:29:24.840
Jirah Cox: You know uploads you can power power website right, so you can have a separate cluster running objects that wasn't used for backups right, what if you're using it for for backups then you'd have your backup cluster that runs the backups holds the backup stores have backups.
253
00:29:26.310 --> 00:29:31.260
Andy Whiteside: So So where do I put my tape robot library and what times the iron mountain got coming.
254
00:29:32.130 --> 00:29:32.520
Jirah Cox: You put it.
255
00:29:32.580 --> 00:29:33.450
Jirah Cox: In a museum.
256
00:29:35.010 --> 00:29:39.510
Jirah Cox: and iron mountain guy comes by for lunch when we invite him yeah.
257
00:29:41.580 --> 00:29:44.550
Andy Whiteside: 15 years ago that that thing and the tape library and the.
258
00:29:44.580 --> 00:29:46.020
Andy Whiteside: That was, like the coolest thing.
259
00:29:46.350 --> 00:29:49.500
Harvey Green: The the iron mountain guy can still come shared your paper okay.
260
00:29:51.570 --> 00:29:57.360
Jirah Cox: So I i've been watching this a computer archive History project on YouTube.
261
00:29:58.320 --> 00:30:03.060
Jirah Cox: And they just do everything like, if you want just sales marketing video for like a mainframe from like the 16th.
262
00:30:03.510 --> 00:30:12.390
Jirah Cox: They have it um it's it's really cool stuff I watched one last night about you know just like typing broadly right it's like a almost like a extended.
263
00:30:12.900 --> 00:30:22.800
Jirah Cox: magical world of Disney about typewriters from like the 60s and it talked about how you know these folks that you know run offices and so forth, would lay out like a bar chart.
264
00:30:23.400 --> 00:30:36.180
Jirah Cox: In a typewriter right with like tab stops and and here's the sales figures for this month and it's like all done with nothing but a manual typewriter like absolutely wild stuff look at the look at the computer archive History project on on YouTube.
265
00:30:37.410 --> 00:30:40.980
Andy Whiteside: yeah i'm definitely not do that your wife sits down and watches that we did.
266
00:30:43.050 --> 00:30:45.570
Jirah Cox: No, no, no, she does not.
267
00:30:47.070 --> 00:30:50.040
Andy Whiteside: i'm going to get that I gotta share with my kids my son and my.
268
00:30:51.090 --> 00:30:54.120
Andy Whiteside: My adopted son, which is chasing money partner account manager.
269
00:30:55.830 --> 00:30:56.490
Andy Whiteside: that's that'd be great.
270
00:30:58.440 --> 00:30:59.160
Andy Whiteside: I love that.
271
00:31:01.170 --> 00:31:06.330
Andy Whiteside: kind of like binge watching right, and do you find yourself binge watching and come and tell the truth.
272
00:31:07.530 --> 00:31:08.520
Jirah Cox: yeah I do I.
273
00:31:08.760 --> 00:31:09.270
Jirah Cox: don't like.
274
00:31:09.990 --> 00:31:13.230
Andy Whiteside: I will i'm gonna be like oh I can't go see what God wants one more here we go so.
275
00:31:15.510 --> 00:31:18.210
Andy Whiteside: that's pretty sad but I like can you download them.
276
00:31:18.990 --> 00:31:20.040
Jirah Cox: it's YouTube so.
277
00:31:21.840 --> 00:31:23.100
Andy Whiteside: I don't know that means he download them.
278
00:31:23.220 --> 00:31:26.280
Jirah Cox: that's a yes, if you have the right tools and know how to download from YouTube.
279
00:31:28.380 --> 00:31:29.280
Andy Whiteside: I have to ask my kids out.
280
00:31:30.240 --> 00:31:30.690
Jirah Cox: There you go.
281
00:31:31.650 --> 00:31:34.260
Jirah Cox: So that we probably shouldn't legally talk about how to do on the podcast.
282
00:31:36.150 --> 00:31:38.940
Andy Whiteside: Alright guys appreciate it good topic will hit you again next week.
283
00:31:40.080 --> 00:31:40.350
Jirah Cox: cool.