Ransomware continues to be a top threat for tech users. ZDNET estimates the cost to IT at $1B this year alone. This pressure has put IT departments on the front line of defense--but how can you prepare for this type of attack? And which solutions are possible given your current budget and IT staff?
These are the slides matching this recorded webinar, led by Rubrik’s Andrew Miller.
http://pages.rubrik.com/20170309-Webinar-VMUG-Ransomwarejailisthereanywayout_.html
Learn about these topics and more:
1) Threat: Concerns that IT departments are facing. We’ll stay away from FUD, but life is sometimes scary.
2) Theory: Nowadays, everyone has backups. So why are people still paying ransoms? (Clue: Complexity)
3) Solutions: Yes, you can do more than just have a current resume if hit by ransomware. We’ll explore what you can do in this event, along with other unexpected benefits.
Finally, hear the real-world story of how Langs Building Supply thwarted a major attack using Rubrik Cloud Data Management.
2. The Threat!
Exploring the Threat – New Developments
The Theory!
The Theory vs. The Reality
New Hope!
Practical Solution + Real World Examples
*A bit about me first - Andrew Miller - @andriven
2
1
2
3
Agenda
4. ran · som · ware
/`ransəm , we(ə)r/
noun
a type of malicious software designed to block access to a computer system
until a sum of money is paid.
5. 5
Base Definition
We’ll make it fast.
• Malware that typically infects endpoints (laptops, etc.)
• Spread via browser vulnerabilities (malicious pages), e-mail attachments
• Encrypts local filesystems and attached network mounts
• Targeted attacks on individual storage vendors plausible – immutability will come
into play over time.
• (Previous) Best known name = Cryptolocker
9. 9
What’s New…
• ZDNet – 2016 = $1B Cost
• 2015 = $24M
• Confusion – FBI Recommendation & About Face
• High Profile Targets – SF Muni, Education, Healthcare, many more.
• Challenges are not just 1) Data Accessibility but 2) Speed of Restore.
• Not If but When – Why?
10. 10
What’s New…
Maturing Market
• RaaS Kits – Ransomware as a Service Kits
• Market Segmentation
• Customer Service Improvements
• Reliable Payment Model – Bitcoin Impact
11. 11
This is a maturing business
that competes with YOU.
15. 15
“Conducting frequent backups and ensuring the ability to
recover data from backups is crucial to recovering from a
ransomware attack and ensuring the integrity of PHI
affected by ransomware.”
http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
21. 21
It Starts Easy Enough …
Win VM
Hypervisor
Production Servers
SAN
Backup Proxy
Backup Server
Tape Archive Offsite Tape Archive
22. 22
… But Quickly Becomes Complex
Hypervisor
Production Servers
SANDisk-based
Backup
Backup Proxy
Backup Server
Database Server
Tape Archive Offsite Tape Archive
Search Server
VM DB VMLin Win VM
23. 23
Multiple Scale and Touch Points
Win DB
Lin DB
VM
VM
Hypervisor
Production Servers
SANDisk-based
Backup
Backup Proxies
Backup Server
Tape Archive Offsite Tape Archive
VM VM
VM VM
Win
Lin
Database Server
Search Server
24. 24
Availability Bandages for SPOFs
Hypervisor
Production Servers
SANDisk-based
Backup
Backup Proxies
Backup Server
Tape Archive Offsite Tape Archive
Database Server
Search Server
Win DB
Lin DB
VM
VM
VM VM
VM VM
Win
Lin
25. 25
Master Server – Control & Manage SPOF
Hypervisor
Production Servers
SANDisk-based
Backup
Backup Proxies
Backup Server
Tape Archive Offsite Tape Archive
Database Server
Search Server
Win DB
Lin DB
VM
VM
VM VM
VM VM
Win
Lin
26. 26
Database – Catalog / Metadata SPOF
Hypervisor
Production Servers
SANDisk-based
Backup
Backup Proxies
Backup Server
Tape Archive Offsite Tape Archive
Database Server
Search Server
Win DB
Lin DB
VM
VM
VM VM
VM VM
Win
Lin
29. 29
Risk, Threats, and Vulnerabilities
Risk is a function of the likelihood of a given threat acting upon
a particular potential vulnerability, and the resulting impact of
that adverse event on the organization.
32. 32
Complexity is the enemy of reliability.
Whatever you do,
Whatever you buy,
Simplify your Backup Architecture.
33. 33
Key Solution Concepts
What we’ve seen that makes a difference…
• Reliability of Data Recovery
• Simplicity of Setup + Day to Day Operation
34. 34
“We have already gone through two deployments with Rubrik,
and have been really pleased with the ease of set-up. It takes
about twenty minutes to rack the appliance, and four minutes to
setup. We input our configuration details, the Rubrik system
maps our VM environment, and we’re ready to start protecting
our data”
Nathan Bach, Senior Systems Engineer @ Driscoll’s
35. 35
“We were using two leading Gartner Magic Quadrant vendors for
backup software and backup storage. Just deploying backup
software took a week, but with Rubrik’s turnkey appliance, the
system was running and protecting our virtual environment
within 30 minutes.
Unboxing and racking the appliance was the hardest part”
Jake Warren, Systems Administrator @ Red Hawk Casino
39. The hardware is simple.
39
The Smartest Dense Machine
• 2U Supermicro appliance – “Brik”
• 4 nodes per appliance
• Unlimited scale-out fabric
• Distributed file system
• Shared-nothing architecture
• Global deduplication
• Inherent data protection
• Cloud Providers for archive
• Can run in AWS & Azure
40. SLA
ENGINE
40
Simple is hard.
CLOUD DATA MANAGEMENT PLATFORM
DISTRIBUTED
METADATA
DISTRIBUTED
TASK
FRAMEWORK
CLUSTER
MANAGEMENT
SECURITYFILE SYSTEM
Backup
Recovery
Search
Replication
Archival
49. 49
“The system is simple to implement, allowing us to think about
the things you really care about, such as the SLA policies to
apply for protection.”
Nathan Bach, Senior Systems Engineer @ Driscoll’s
50. 50
There’s More! It’s not just VMware.
Physical Linux Physical SQL
Simplify protection of
Linux servers with policy-
driven automation and
granular protection.
Erasure Coding
Deliver forever
incremental, point-in-time
recovery, intelligent log
management with single
SLA policy engine.
Rubrik Edge
Increase storage
utilization and efficiency
while delivering industry
leading fault tolerance
and performance.
Extend data management
to all business locations
with full-featured software
appliance.
RBAC
Secure management
plane with granular
control of user access to
data across hybrid cloud.
d0 d1 d2 d3
c0 c1
Physical Windows Encryption Custom Reporting
51. Your Data Center Today
51
Backup Proxy
SAN
Production Servers
Backup Server
Search Server
Disk-Based
Backup
Tape Archive Offsite
Tape Vault
52. Scale Out
Scale Out
52
Simplification via Rubrik
VM VM
VM VM
VM
VM
Hypervisor
Production Servers
SAN
Rubrik
Replication + Long Term
Retention + Search
Private
53. 53
Key Solution Concepts
What we’ve seen that makes a difference…
• Reliability of Data Recovery
• Simplicity of Setup + Day to Day Operation
• Immutability of Snapshots
54. 54
Key Solution Concepts
What we’ve seen that makes a difference…
• Reliability of Data Recovery
• Simplicity of Setup + Day to Day Operation
• Immutability of Snapshots
• Speed of Data Recovery
• Speed of restore via live mount
55. 55
Live Mount
Quick Start: Rack and go. Auto-
discovery.
Rapid Ingest: Flash-optimized,
parallel ingest accelerates snapshots.
Scale-out dedupe and compress.
Automate: SLA policy engine for
hands-free management.
Recover: Instant and point-in-time
recovery. Search and restore files.
Recover from Ransomware.
Customer Example #1
Secure: End-to-end encryption.
Cloud: Secure “CloudOut” instantly
accessible with global search.
Primary Environment
SLA Policy Engine
Log Management
NAS
Private Public
56. 56
Key Solution Concepts
What we’ve seen that makes a difference…
• Reliability of Data Recovery
• Simplicity of Setup + Day to Day Operation
• Immutability of Snapshots
• Speed of Data Recovery
• Speed of restore via live mount
• Automation/API to enhance Restore Capabilities
60. 60
Rubrik Manages All Your Data - Anywhere
NAS
Production Rubrik Cloud Data Management Platform
Backup &
Recovery
Disaster
Recovery
Archival &
Compliance
Search
Copy Data
Management
Analytics
Automated,
secured data
management
anywhere.
EDGE
61. 61
Last but not least…
Join the Rubrik Alliance,
get your Backup Wars kit.
bit.ly/VMUG-Swag
What’s the story here? There’s a real and growing threat, there’s a way out and it may not be the one you think.
am presuming if you’re attending this webinar are already concerned, know some things but want to do a bit of education
Theory = doesn’t equal day to day reality….we’ll talk about how that applies here and why from a very real world perspective
Solution – no, not a silver bullet but something that can appreciably move the dial & increase your chances of not paying a ransom. Yes, it involves Rubrik…but we’ll spell it out as more than “buy Rubrik!”
Harp on operational background - Barracuda spam filter, firewalls, permissions, etc.
"That’s 60 seconds too much about me."
Let’s be upfront – I’m here to scare you a bit….but it’s not our fault….and if you’re not aware of this you’ll be even worse b/c you’ll find out the worst way - when it’s too late
Has been true for 3 years – wouldn’t be here if this was all.
Immutable file systems -
Has been true for 3 years – wouldn’t be here if this was all.
Immutable file systems -
Deutsche Bahn timetable from last Friday – May 12
We’re not here to scare you – a Google search alone will do that. But this i
$209M through 1st quarter - $1B this year, why the surge? Will explore that next…
http://www.zdnet.com/article/the-cost-of-ransomware-attacks-1-billion-this-year/
Joseph Bonavolonta, the Assistant Special Agent who oversees the FBI’s CYBER and Counterintelligence Program in Boston, spoke at the 2015 Cyber Security Summit and advised that companies infected with ransomware may want to give in to the criminal’s demands.
“The ransomware is that good,” Bonavolonta explained to an audience of business and technology leaders during the Q&A. “To be honest, we often advise people just to pay the ransom.”
https://insidesmallbusiness.com.au/planning-management/ransomware-the-next-battlefield-for-smes
SF Muni – had to let people ride free for a day. “San Francisco’s public transit riders were greeted with an unusual message at ticket kiosks over the weekend: “You hacked.”
https://techcrunch.com/2016/11/28/san-francisco-transit-system-hit-with-ransomware/
http://www.theregister.co.uk/2016/11/27/san_francisco_muni_ransomware/
Hollywood Presbyterian Medical Center – paid $17k (1 full week of ambulances were diverted, electronic medical records disappeared, email was unavailable, and there was no access to X-ray or CT scan information.) and then hit for second demand - https://nakedsecurity.sophos.com/2016/05/25/ransomware-hit-hospital-faces-second-demand-despite-paying-up/
Horry County – paid ransom – CNN story – had a friend in a meeting about security where had to cut meeting short due to the outbreak.
The Pearland Independent School District near Houston refused to fork over about $1,600 in ransom demanded in two attacks this year, losing about three days of work from teachers and students. Instead, the district invested tens of thousands of dollars on security software, said Jonathan Block, the district's desktop support services manager.
Not If but When - Multiple surveys out there – some say 50%, some say 72% - some companies have been hit multiple time even. Bitcoin has also made the business model feasible.
Can buy kits to build your own ransomware – come with instructions. This broadens out who can try this – classic model is 80% you take, kit author takes 20%. It’s a franchise model frankly that only requires medium computer skills
Market segmentation - Different price ranges – different amounts of configurability.
https://www.engadget.com/2016/09/09/customer-service-matters-when-it-comes-to-ransomware/
We’re used to competition in some ways – SaaS, rogue or phantom IT, vendors that package separate products into a simple solution. But we’re not used to someone who competes with the core inefficiency of most IT today…keeping track of everything, keeping everything up to date, keeping everyone intelligent about how they use their computers.
This is the reality…and this is why slowing the growth of ransomware in the near term will be almost impossible.
Defense in depth - security is about having multiple layers and protections. Need layers that are low operational maintenance or can’t have very many layers.
Before the fact human focused – user
Before the fact tech focused
Before the fact financially focused
After the fact tech focused
What’s the story here? There’s a real and growing threat, there’s a way out and it may not be the one you think.
We’re not here to scare you – a Google search alone will do that. But this i
We’re not here to scare you – a Google search alone will do that. But this i
Let me take you back in time
Not much has really changed since 1990
We have large levels of complexity
Backup software components (servers & proxies) that reside on servers
Backup media agents
Replication components
Catalog database
Tape and offsite storage
Any one of the components can fail at any one point in time over a 3-5 year period.
Let me take you back in time
Not much has really changed since 1990
We have large levels of complexity
Backup software components (servers & proxies) that reside on servers
Backup media agents
Replication components
Catalog database
Tape and offsite storage
Any one of the components can fail at any one point in time over a 3-5 year period.
Add disk based backup & more robust backup solution with dedicated database and search capabilities.
Have to scale out various points as environment grows.
Need bandaids to protect against SPOF - think about n-1 and n-2 scenarios
Master server protection
Protect database server and most importantly your catalog.
In most extreme situation, it leads to something like this.
Chris Wahl tells a story as a customer admin new to a company where asked about restoring in the event of a major issue – everyone laughed and talked about how that was why they kept their resumes up to date.
All of what we’ve talked about boils down to 2 main challenges - related but separate
Full disclosure – over the years I’ve had a lot of conversations around Business Impact Analysis – looking at how much data can lose (RPO), how long to bring systems back online (RTO), and then all the second and third level impacts of those decisions.
<read definition>
As IT practitioners we provide a certain level of risk to our organization – might sound odd to say it that way but it’s true. In exchange for certain staffing and funding levels, we provide a certain level of risk – hopefully a mutually agreed upon level of risk.
How do you protect against low probability, high impact scenarios? <next slide>
However you protect against high impact, low probability scenarios you don’t do it with via complexity that requires daily maintenance just to keep going.
I’m not walking back comments about how common ransomware attacks are – they’re common but not common an “every day of the week”. Keeping backups going requires effort each day.
What’s the story here? There’s a real and growing threat, there’s a way out and it may not be the one you think.
You might not agree with this everywhere…but it’s just about always true in IT systems. The more complexity we have, the more pieces to check/update/upgrade/monitor – the less reliability we have.
What’s worst is when that “check/update/upgrade/monitor price” must be paid each day but we only reap the benefit at essentially random times.
So how do we do that and how do we address the reliability of data recovery and the speed of data recovery? Well, I’m glad you asked.
Immutability -
Data protection for the Modern Data Center
Converged data management
Storage and software together in a single box
Scales like Google & Facebook
Runs on commodity hardware
True tightly coupled clustering capabilities
Masterless architecture (unlike competitive offerings wherein one node is the Master)
Each node runs identical software
Global file system, incremental scale out, auto adapting, and self healing
While Data Domain supports multiple nodes, it is not a true cluster. Data on each node is in a silo and each node essentially operates independently.
Cloud for long term retention
There’s a war going on between Amazon, Microsoft, & Google for Cloud related marketshare
Prices are rapidly dropping making it very cost effective
Tell IT Director - take backup off your plate and give it someone junior to manage.
Personas that resonate with Rubrik
The guy who has backup as an ancilliary task then he becomes a champion.
Ideal person - Vmware architect. Cloud architect. IT Director. Mid level (2nd level).
Problem personas
Backup admins with a long tenure in backup (and a PhD in Commvault!) - job security issues
But the secret sauce isn’t the hardware – it’s the software.
Yes – I’m glossing over this overall – but serious underpinnings.
VADP, CBT, NBD - no backup proxies
Physical Linux – Lightweight connector installation process. Post-installation, automated connector upgrades (compare to individual agent manual upgrade process)
Physical SQL – Same agent benefits as Linux. Forever incremental results in space savings and network traffic optimization. PITR allows recovery granularity down to minute level. One snapshot coupled with log management allows for granular recovery.
Take out the legacy systems
Think about what the hyperconvergence movement is doing to the modern data center
You can’t maintain and deploy all of the legacy infrastructure when you are moving to hyperconvergence.
Take out the legacy systems
Think about what the hyperconvergence movement is doing to the modern data center
You can’t maintain and deploy all of the legacy infrastructure when you are moving to hyperconvergence.
Public & private clouds play a key role as well and are natively supported by Rubrik (not an afterthought)
Yes, can do DR as well.
Immutability -
Immutability -
Immutability -
Our UI uses own API but not going to talk about this one as much as let you hear it from a customer.
What’s the story here? There’s a real and growing threat, there’s a way out and it may not be the one you think.
Have gone a long way around – logical links are tenuous at a theoretical level - but the reason I’m comfortable with drawing these correlations is my operations and architecture background.
I hope today has helped you with seeing where theory meets reality when it comes to Reliability of Data Recovery & Speed of Data Recovery and how Rubrik can help you in times when those truly matter.
One platform that unlocks multiple use cases. Beyond backup.
Have gone a long way around – logical links are tenuous at a theoretical level - but the reason I’m comfortable with drawing these correlations is my operations and architecture background.
I hope today has helped you with seeing where theory meets reality when it comes to Reliability of Data Recovery & Speed of Data Recovery and how Rubrik can help you in times when those truly matter.
What’s the story here? There’s a real and growing threat, there’s a way out and it may not be the one you think.