Immutability

The article discusses how immutability can help protect against ransomware attacks. Immutability refers to the ability to make data unchangeable, which can be achieved through technologies like write-once-read-many (WORM) storage or blockchain. By using immutable storage, organizations can ensure that their data remains safe and intact even if their systems are compromised by ransomware. The article also discusses some of the challenges and considerations that come with implementing immutability in an organization's data storage strategy.

“Immutability means that data, once written, cannot be deleted or altered for a pre-determined length of time. In the last few years, developments in encryption and security technology have made it possible to create immutable storage from ordinary computer disk drives.”

"Immutable backup of storage implies that your data is fixed, unchangeable and cannot be deleted for a period of time or sometimes, forever. Having an immutable backup is important for industries so that their data is secured from undesired accidents or circumstances."

Air-gapped backups with object storage immutability
What Are Immutable Backups? Technical | July 20, 2023 7 min to read
Protecting the Repositories and Immutability Everywhere - June 19, 2023 - 3 min to read
- "While 80% of surveyed respondents pay the ransom after a ransomware attack, only one out of five were able to recover their data. Even fewer organizations (only 16%) recovered without paying ransom, declining from 19% in the previous study. Moreover, the 2023 Ransomware Trends Report published in May 2023 revealed that 93% of cyberattacks directly targeted backup repositories. This report contains insights on protecting the repositories and use of immutability."
Linux Hardened Repositories: Achievable Immutability for All - Technical - April 6, 2023 - 3 min to read - Matt Crape
- "Businesses want to be confident that their data can be securely restored when the time comes. With its advanced security features, ease of use, backup and recovery options, scalability and flexible deployment options, Veeam’s Linux Hardened Repository has become a popular choice for businesses of all sizes. Additionally, all of this is backed by Veeam’s industry-leading support and customer service. Whether you are a growing startup or a large enterprise, Veeam’s Linux Hardened Repository can provide you with the peace of mind you need to ensure that your data is always protected and reliably recoverable when disaster strikes."

"Immutable backups have gained traction with the rise in ransomware attacks. However, there are different approaches to immutability and external factors that come in to play." - Use immutable backups to prevent data loss, boost compliance - TechTarget

"Immutable backups are an important component of cybersecurity and compliance, and they ensure backups are secure, accessible and recoverable. However, they are not the only piece of the equation. Authentication and access control tools and policies are important additional safeguards, as are isolating or air gapping immutable backups and encryption."

Examples...

On-prem example: Veeam offers a native hardened Linux repository compliant with SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) regulations. The hardened repository prevents encryption by ransomware, accidental or malicious deletions; based on general-purpose servers, without any hardware lock-in.
Public cloud example: Public cloud providers often offer Immutable data protection mechanisms such as “Amazon S3 Object Lock" and "Wasabi Hot Cloud Storage".
On-prem Example: “ExaGrid’s Retention Time-Lock for Ransomware recovery is in addition to the long term-retention of backup data and utilizes 3 distinct functions: Immutable data deduplication objects, non-network-facing tier (tiered air gap), delayed delete requests.”
On-prem example: “Cloudian HyperStore and Veeam Availability Suite v10 includes S3 Object Lock, a feature that protects data at the storage system level. With Object Lock, data cannot be deleted or changed for a set period of time.” - Veeam + Cloudian = Ransomware Lockout
BaaS example: Service Providers such as Backblaze often offer Immutability: "Enhanced Ransomware Protection: Announcing Data Immutability With Backblaze B2 and Veeam"

Hardware-integrated Veeam Immutability...

- Cisco - Protect FlashStack from Ransomware with Cisco and Veeam
- HPE - HPE 3PAR Virtual Lock Software - Overview - "HPE Virtual Lock is a 3PAR/Primera/Alletra 9000 primary storage feature. Once locked by the Virtual Lock Software, specified storage volumes and copies cannot be deleted, even by an HPE Storage system administrator with the highest user privilege level."
- NetApp - "NetApp Object Lock"
- Pure - Recover Fast, Thwart Ransomware, and Power DataLabs with Capacity Optimized FlashArray//C and Veeam

*CHECK IMMUTABILITY HERE* (look for "Veeam Ready Object Immutability")

"Protection against malicious intent or accidental deletion of backup data has become critical in anyone’s data protection strategy– and with immutable backup functionality for Amazon S3 and S3-compatible object storage repositories, data that is shifted or copied into the Capacity Tier is further protected. This feature relies on the S3 API to set a period of time on each block of data uploaded to Object Storage where it cannot be modified or deleted by anybody. Yes, we mean anybody: intruders, malicious actors, accidental deletion by admins and more." - Veeam

Store business-critical blob data with immutable storage

Forrester analysts write:
“Implementing an immutable file system with underlying WORM storage will make the system watertight from a ransomware protection perspective.”

V11: Immutable primary backup storage with a hardware-agnostic touch - "Veeam Backup & Replication v11 enables you to store your short-term retention backups locally onsite for fast recovery with the protection of immutability. In addition, you can now tier those backups into an immutable object storage offering offsite, giving you additional protection against unforeseen malicious activity or accidental deletion."

Configuring Veeam Backup & Replication SOBR for Non-immutable Object Storage

Double-Play Immutability Made Easy to Beat Ransomware with Veeam - "Double-play or even triple-play Immutability is where the implementation has two backup copies that are ultra-resilient."

Veeam ONE 11a Immutability Metrics...

Be immediately aware of any changes to a backup’s immutability status
Generate documentation to report end-to-end on immutability status for your backup repositories and backups themselves
Awareness throughout the immutability lifecycle further mitigates the threat from ransomware and other cyberthreats to your backup data
Maintain and generate documentation for internal or regulatory compliance purposes

Veeam: Improved visibility of our immutability policies in Veeam ONE v11a

Monitor Hardened Repository with Veeam ONE v11a

Immutability is a key component of a layered Ransomware strategy

Hardened Backup Repo

WHAT IS: "Offline", "Immutable", and "Air-Gapped"?

Tape Media - Completely offline when not being written to or read from and WORM
Replicated VMs - Powered off and, in most situations, can be a different authentication framework
Primary Storage Snapshots - Can be used as recovery techniques and usually have a different authentication framework.
Veeam Cloud Connect Backups + Insider Protection - Not connected directly to the backup infrastructure and use a different authentication mechanism along with different API.
Rotating Hard Drives / Media - Offline when not being written to or read from.
Immutable Backups - SEE ABOVE
Hardened Linux Repository - Linux immutable flag on Veeam backups.

Block Generation

"To reduce I/O operations and associated costs, Veeam Backup & Replication will automatically add from 1 to 10 days to the immutability expiration date. This period is called Block Generation. You do not have to configure it, the Block Generation setting is applied automatically.

For example, if you set your immutability period to 30 days, Veeam Backup & Replication will add from 1 to 10 days to specific objects to reduce I/O operations with the storage over time. This will not change the retention and their effective immutability. It is a background optimization. Thus, if you need 30 days immutability period, set the period to 30 days.."

Ransomware

Hardened Backup Repo

Page updated

Google Sites

Report abuse