ransomware veeam

Ransomware tips from VeeamON

I attended the Veeam Ransomware session at VeeanON.  I picked up some useful tips so thought I would share my notes from the session. Credit for all the information to Rick Vanover,Dave Kawula, Brett Hulin.

ransomware veeam

Background

  • Data is key to all businesses
  • Must protect data and therefore the business from threats including ransomware

Prevention

Three pronged approach, not just technical considerations:

  • Education of users and administrators
  • Backup and recovery implementation
  • Remediation plan

Attack methods

Ransomware attacks occur in three most common ways:

  • RDP compromise, number one method of ransomware attack
  • Email phishing, second most common attack method. Surprising I would have thought this was the most frequent
  • Software vulnerabilities

Veeam Data Labs

Allows testing patches and quick recovery

  • ON demand sand box – restore not directly into production for safety
  • Sure backup and sure replica – boot VM in virtual lab and test before re-introducing to production
  • Secure restore – Mount backup for AV scan before restore

Ultra-Resilient Backup

Safest option is to have an ultra-resilient backup.  This could be air gapped, immutable or offline. For example:

  • Tape
  • Immutable backups e.g. S3 – Backup onsite to performance tier then have policy tier to cloud storage which can be S3. Policy can be set for an immediate copy of data or an archive of the oldest data. Based on Scale Out Repositories
  • Veeam Cloud Connect + Insider protection. Insider Protection provides an additional data copy that can only be access with a call to support to make it visible

Brett Hulin General Tips

  • Establish a DR site. Cloud or physical
  • If possible run Veeam replication to this secondary site
  • Have your DR plan documented
  • Understand your recovery order
  • Involve multiple people
  • Consider licencing implications of being at fail-over site
  • Establish chain of command before an incident

Brett Recovery Tips

  • Shut down servers to prevent further infection
  • Consider when attack occurred and which backups and replicas are therefore clean
  • Recover servers without network and check with AV before re-enabling network
  • Recover infrastructure servers, e.g. AD first
  • Force password resets
  • Have multiple restore copies at recovery site. So can recover from different times
  • Have an air gapped backup e.g. tape

Other tips I picked up from the Veeam Ransomware guide at the Veeam resource library:

  • Veeam server ensure it has no internet access
  • Accounts as much separation as possible
  • Tight file permission on datastore shares
  • Veeam servers require 2FA for RDP access
  • Prepare early
VeeamOn2020

VeeamOn 2020

VeeamON starts this week, which is Veeam’s annual conference and will be a mix of news and technical learning opportunities. I was lucky enough to attend VeeamON last year and got a lot out of it.

VeeamOn2020

This year due to the Covid situation they have decided to make it an online event making it more accessible since you can view all the sessions from your home plus even better news it completely free to register.

Similar to a traditional conference it will be a mixture of a main agenda sessions plus breakouts to dive deeper into areas of interest for you.

Some of the sessions I will be tuning into

  • AWS and Azure Backup Best Practices
  • Veeam Backup Ransomware Resiliency Tips: Preparation & Recovery From Experience
  • Version 10: Unleash the Power of NAS Backup
  • 10 Easy Steps To Harden Your Veeam Availability Infrastructure
  • Plus of course the keynote

You can check out the full agenda and breakout session list yourself. VeeamON On starts 17th and 18th of June.

HPE Primera

HPE Discover Virtual – Storage News

IT Conference season is almost upon us but this time with a difference in that they have gone online.  HPE Discover Virtual is about to kick off in a couple off weeks and an advantage over the physical show is that its free.  HPE have shared their storage news before the show, the news focuses on the SAN systems Nimble and Primera.

Primera

HPE Primera

Peer Persistence and Replication

Peer Persistence was always a popular feature with 3PAR and one of most read posts on my blog.  With good reason, it gave you a Metro cluster for increased availability and flexibility across data centres.  HPE are now announcing Peer Persistence is coming to Primera.  I am waiting to see a demo but HPE advise it is is easy to setup and will be included free with Primera. Replication capabilities are also enhanced with near-instant asynchronous replication over extended distances, this allows an RPO down to one minute.

Hardware

In terms of hardware Primera is now capable of supporting all NVMe drives.

AI

To ensure optimum performance Primera uses machine learning gathered both locally and from the entire install base to make resource allocation decisions .

Nimble

Nimble has been able to look inside your VMware environment for some time and make performance recommendations with it’s cross-stack analytics.  That feature is now also available to those using Hyper-V. You can take a look at how this looked for VMware uses to get a feel for how  this will function.

Nimble data management features also get an upgrade with the addition of replication to a 3rd site.  The third site could for example be another Nimble array in a DR site or potentially a cloud location by utilising HPE Cloud Volumes.  We previously covered Cloud Volumes in detail if you want a refresher.

Nimble also gets a hardware boost by adding support for storage class memory.  Storage class memory sits in between SSD and memory offering a blend of enhanced performance at a median cost point. This SCM can be used as it is in the Nimble systems to expand the capacity of cache, benefiting the performance by getting more cache hits and reducing the load on SSD’s

I will hopefully be able to bring you more details after the HPE Virtual event.

Further Info

Video summarising the announcements

Podcast of the announcements

Blocks and Files blog post