OpenText Data Protector as part of your Cyber Security Strategy
You may wonder why data protection (Backup & Recovery) is considered part of a security strategy.
First of all, you want your backup data to be safe and invulnerable. Malware should not have a chance sneaking into your backup solution and all data should be moveable or stored in an encrypted way. Depending on the strategy in use (3-2-1-1-0 etc.) you want backup copies in different locations and on different media types. All that should be driven from a central console making sure reporting, auditing and monitoring is automatic and easy.
Secondly, Data Protector it is your last line of defence if information already got lost or corrupted. Getting your important data back with a press of a button makes sure infected data is replaced or missing data is restored. This could have been a security system like a firewall server or a network proxy or a digital rights management solution.
This blog article will introduce you to the individual concepts and features Data Protector uses as part of a larger security strategy.
Why backup?
Just making sure the reasons for an enterprise-grade backup and recovery strategy are clear:
While hardware failures are seldom and sometimes taken care of using clustering and replication technology there is no protection against general data corruption introduced by wrong or bad usage of data management tools, wrong statements in a script or Malware intercepting I/O. Some studies have shown human error accounts for 75% of data loss. Data corruption for instance is replicated to other places in split-seconds. Therefore, restoring a backup getting your data back to a last-known-good state is critical and that needs intelligent agents sensing that state of the application and underlying system for best recovery success.
Can’t I just dump application data to disk and call that a backup? Technically yes, but certainly not from a strategy and compliance point of view! The issue is that there’s no central control in form of scheduling, reporting and monitoring. Also, individual dump scripts need local or remote storage to write to. This storage capacity is limited and keeps you from storing enough backup versions for a compliant restore chain operation. Data dumps are sometimes just crash-consistent and there is a chance a restore may not bring up all your services and data as needed.
RansomWare mainly attacks the system as a whole, not necessarily an application by hacking the app admin account. It seems to be a misunderstanding thinking that as long as an application admin account cannot be hacked or app data is encrypted there no way for Ransomware being successful. It just needs to enter the O/S level and damage from here. Data Protector can restore both applications and operating systems, even if it is completely damaged and you must set up the system from scratch.
The value of data in your company should drive the recovery strategy. Download also this Osterman white paper that explores eight key areas where many organizations remain susceptible to ransomware attacks.
Security Model
Security is the baseline for everything!
The way we handle backup data must be secure from the beginning. If attackers can sneak into commands or data stored in the backend or on the move the whole concept is questionable. This is why we have introduced various security features supporting the overall procedures.
A very simple first step to improved security may be using a hardened Linux platform with main DP components since Linux seems less vulnerable to Malware attacks. The fact that DP uses an internal Database makes it even harder to intrude.
These security features are corner stones for getting certified for Common Criteria.
Main topics for the following paragraphs here are encryption, networking, architecture and storage.
Common Criteria Certification
The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5.
Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs). Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
Enterprise Class Scalability and Security
Data Protector Security Model
- Centralized command and control
No DP tool/agent or command is executed without the backup server’s permission - Secure client and data communication using OpenSSL and TLS
- Configurable Data encryption for in-flight transport
- AES/TLS data encryption per client
- MFA user authentication, local users and LDAP integration
- Network Port Consolidation - only one major port for DP operations
Anomaly Detection
It is highly important being notified when anomalies happen in data protection. A backup job can run and finish without any issues reported and wouldn’t raise concerns, but the amount of data suddenly increased or decreased beyond expectation and that may mean an anomaly an administrator should at least look at.
DP Anomaly Detection is a permanent process checking all incoming data and compare with trained models from a machine-learning based approach.
Multi-Factor Authentication
Running an enterprise-level data protection solution in the cloud and distributed over countries or continents requires secure login over public connections. Let’s start at the very beginning and make sure logins can be protected by a one-time password (TOTP). DP allows for assigning this approach system-wide or per user where users can be local (no external provider used) or (s)LDAP.
RansomWare Recovery Strategy
A successful RansomWare recovery strategy must support several steps:
- Retention time that goes beyond what RansomWare expects (at least 6 months)
Snapshots are not providing long-term retention since they fill up your storage systems too fast, slow down overall storage performance and they are not independent from the source volume.
A snapshot is not an independent 1:1 copy of your data! And a snapshot is not acceptable for the 3-2-1-1-0 (and comparable) strategy. - Being able restoring to another (non-infected) system like a sandbox area
- Test your backup sets with a verification process, test restore procedures
- Being independent of platforms and backup devices used with multiple copies
- Support 3-2-1, 3-2-1-1-0 or 4-3-2 backup strategies
- Have clear RTO/RPO set up and verify regularly with reports
- Scanning/detection taking place on Workstations and Servers since they are the main entry-point
MalWare Protection Building Blocks
This particular section is showing the recovery strategy and the combined solutions OpenText has on offer.
MalWare Protection as a Solution
Data Protector relies on proven and certified Malware and RansomWare protection solutions. These are permanently updated, have proven their effectivity many times and they are accepted by industry-leaders. It is important finding infections before they are part of a backup set, therefore scanning of data should take place in the backup client to not slow down backup and restore performance too much. This would force a redesign of RPO/RTO. For example, DP can be offered partnering with OpenText WebRoot.
RansomWare/Malware Recovery Option: EADR
Sometimes it might be too dangerous overwriting all or part of an infected system while it is still online. In that case you can wipe out the system and recover it using the DP Enhanced Automatic Disaster Recovery (EADR) procedure. The process is partially offline and starts with setting up partitions and file systems cleaning out any remains of previous malware. The process works for physical and virtual servers.
Bare Metal Disaster Recovery:
- Enhanced Automated Disaster Recovery (EADR)
- Manual DR
- DR to different system
- DR to Virtual Machine (P2V)
Note: For medium/large scale migrations we offer Carbonite Migrate as preferred solution.
What if the Cell Manager is lost?
Let’s assume the Cell Manager (CM) got lost in a MalWare attack, restore of the CM is not working for some reason ...
DP stores backup object information from the internal Database (IDB) on each medium at the end of each backup session. This allows for migration of backup data from one CM to another CM by „shipping“ media. On the other hand, it also allows a CM IDB being recreated by importing all needed media.
Media is always disconnected from the CM. Whatever happens to a CM cannot reach into backup media. Also, DP ships with an internal DataBase which is not exposed to the outside world like a normal Database would be.
MalWare Recovery Workflow
- Infection being identified on a system backed up by DP (done by MalWare scanner, infection
could not be cleaned by the tool) - Information sent to DP Cell Manager and schedules get paused/disabled for this client
(this part needs manual integration today) - DP shows restores from a timeframe before the infection (last known good)
- DP to offer restore/overwrite of client data or restore to a safe location first for further checks
- MalWare scanner to confirm the client is clean and can be put back into production
Tape Drive Encryption
Tape drives and media are the ultimate air-gap approach in a security solution addressing protection against Malware like RansomWare or Viruses.
- First of all tape media is never directly accessible by Malware, since they don’t provide file-system-like access. Data is usually interleaved, encrypted and only readable by the owning backup application.
- Secondly you can export tape media from a drive or library and store it in a secure place. This would also address fire, flooding, earthquakes and other disasters.
- Tape media can be shipped to another location preventing data from moving over potentially unsecure WAN connections. They can also move a huge amount of data in one go.
- DP supports vaulting of media by setting location information. You don‘t want to lose media, right?
- Last but not least data on tape media can be encrypted and used in WORM (Write-Once, Read Many) format preventing any changes from happening on a physical layer.
Tape Drive Encryption Workflow
Deduplication Software and Appliance Encryption
When working with deduplication appliances the following features are most important:
- Encryption
- Replication (FC-SAN or LAN)
- Immutability
Backup Target Immutability
Data Protector supports backup target immutability with
- DP Deduplication (software-based dedupe target)
- HPE StoreOnce (appliance-based dedupe target)
- Dell/EMC DataDomain (appliance-based dedupe target)
Immutability makes sure backup data cannot be changed or deleted from those backup targets until the defined timeframe has run out. This protects against the backup manager system being infected or otherwise unusable or against a mistake in media management by an administrator. Backup data can be re-imported into the backup manager system anytime during the immutability timeframe.
Backup Strategies
Data Protector supports many backup strategies including:
- 3-2-1 Backup Strategy
- 3-2-1-1-0 Backup Strategy
- 4-3-2 Backup Strategy
You can also cross-combine or come up with your own customized version of a strategy. It is most important that a strategy exists and regular tests are a must-have and part of your business continuity plan.
Our capabilities give you maximum protection from cyber attacks - watch also video.
3-2-1 Strategy
The 3-2-1 rule advises keeping three copies of your data (e.g., one primary copy and two backups) on two different media (e.g., the primary copy on an internal hard disk, a backup copy on tape, and an additional backup copy on an external HDD or tape) with one copy off-site (likely the tape backup).
Data Protector supports this approach with its universal approach to backup device management. Data Management is done using the DP Object Copy feature which lets you copy/migrate backup data to any other device at any time. Copies are automatically used if if the primary backup is not available for any reason.
Some customers prefer data migration directly after a backup was done. Other prefer a consolidated approach to move a larger portion of data in a dedicated time-window.
While the 3-2-1 strategy is a good start it is now considered too weak for today’s challenges, especially looking at ransomware attacks.
3-2-1-1-0 Strategy
A 3-2-1-1-0 strategy recommends that you:
- Maintain at least three copies of business data.
- Store data on at least two different types of storage media.
- Keep one copy of the backups in an off-site location.
- Keep one copy of the media offline or air gapped.
- Ensure all recoverability solutions have zero errors.
This approach uses the same feature-set as 3-2-1 but on top of that you make use of DP Object Verification to check for errors not any of the shown media levels. This gives assurance about the quality of your backups, and it’s properly reported. The 3-2-1-1-0 approach is currently the most recommended strategy. And again, it is the Data Protector Object Copy combined with the Object Verification feature driving the setup.
4-3-2 Strategy
Your backup strategy may be subscribing to the 4-3-2 rule:
- Four copies of your data.
- Data in three locations (on-prem with you, on-prem with an MSP and stored with a cloud provider).
- Two locations for your data are off-site.
Other Cyber Security “soft skills”
Next to these important points mentioned above there are some additional skills Data Protector has on offer. Let’s just take the way it can be installed … the DP main backup server (aka Cell Manager) can be installed on Windows and Linux platforms. In a very secure environment, we recommend a hardened Linux platform.
The main Database and other tools used are embedded in the installation or upgrade process, no issues with separate Database installations, installing 3rd party tools or libraries. DP offers a single straightforward workflow getting binaries installed. This reduces the margin for error and possible attacks into either of these elements.
Media Servers (well, any client with a Media Agent installed …) can be run on numerous platforms as well. For instance, customers can opt for compatibility, security and performance here. Every Media Server can run backup, restore, copy etc via LAN, FC-SAN, iSCSI or else giving customers the opportunity to avoid unsecure or low performing connections. This also allows for redundant or failover linkage. Transports into or from a Cloud are usually deduplicated and encrypted offering high levels of security.
Cyber Security has a reporting component as well. Customers are better prepared if all data protection information is gathered in one central place and administrators are notified through various channels. DP treats all backup data the same, irrespective of the platforms or agents used, which means all Cyber Security approaches work the same way throughout the enterprise. Everything is shown in one place and addressing challenges starts from here as well. Overarching Reports help customers keeping control and support compliance requirements.
Clean Room Environment
Data Protector can also support Clean Room Environments with air-gapped data management capabilities.
Depending on technical capabilities of the clean room (storage systems, security devices, on-premise or in-cloud) further steps can be organized protecting data access.
One approach can be using Tape Media (eventually WORM Media) to transport backup data into the sealed clean room. Inside the clean room, backup media can be restored for forensic investigations including malware scans. Note that DP stores backup meta data on each medium and an import into a “Clean Room DP Cell Manager” automatically possible. A connection to the source Cell Manager isn’t needed. Also note that DP supports LTO Tape Drive Encryption and manages security keys (like shown above).
Another approach can be making use of dedupe backup appliances where Data Protector organizes replication between two partner devices via FC-SAN (avoiding LAN).
The importance of Reporting in Cyber Security
Reporting seems to be an overlooked feature when talking about cyber security. Reporting helps getting current and historic trends from your backups which might indicate that unexpected changes are going on, not yet spotted by anomaly detection or other tools. For instance, Reporting shows clients last successful backups and if they are part of a schedule or policy at all. Not doing a backup would not trigger anomaly detection but that client is sitting there without any chance or getting restored in case an attack happens.
The graphical display of the Reporting Server allows for spotting anomalies in different formats, either across many systems in comparison or one particular system during its own history. Imagine you need to find out when a RansomWare attack started. Our Reporting Server also allows for storing/sending reports for future or forensic analysis. Very much a Cyber Security topic. Watch our video "Data Protector Reporting Server".
Request a free trial of OpenText Data Protector !
Learn more about cloud data backup and restore .
Read about data backup and resiliency.
Be sure to connect with OpenText on LinkedIn.
Keep up with the latest Tips & Info about Data Protector.
Do you have an idea or Product Enhancement Request about Data Protector? Submit it in the Data Protector Idea Exchange.
We’d love to hear your thoughts on this blog. Comment below.
The Online Community Team