Ransomware Protection with NetBackup and FlashBlade

Ransomware would be the last thing that the company executives would like to see. Nowadays, ransomware is everywhere, some of the biggest ransomware attacks involved hospitals, logistics companies, and many others. Ransomware has become one of the major concerns of the top executives.  With Ransomware growing rapidly targeting backup software and other data protection methods, Your Existing Data Protection may Not Be Enough. Backing up data does safeguard against common disaster scenarios such as recovering from natural or man-made disasters or accidental deletions. However, ransomware attacks can even further impact the backed up data on the existing data-protection infrastructure that may be built on legacy architectures, and the ransom clock is always ticking.  

Backups safeguard critical data against common scenarios such as recovering from natural or man-made disasters, data corruption, or accidental deletions. However, ransomware attacks can stress existing data-protection infrastructure that may be built on legacy architectures, such as disk and tape, more than expected. First, if you’re already struggling with meeting recovery SLAs, a ransomware attack can exacerbate the situation with additional downtime. Secondly, your backup systems and data can be compromised, which could require you to reinstall and reconfigure your backup solution, before even contemplating data recovery.

With the advent of FlashBlade in the Data Protection world, one can mitigate the risks of Ransomware and can sleepover with FlashBlade implementation in the backup applications.

FlashBlade SafeMode Snapshots

What is a safe mode snapshot in FlashBlade? Safemode snapshots are designed to secure the backup data from ransomware attacks. FlashBlade Safe Mode for file systems does two things, it helps automatically create snapshots for the file systems from time to time and it also prevents the user from eradicating the snapshots from the system. If there are any problems with new data that can be caused by ransomware attacks, there is a path to recovery protecting against such malicious behavior such as ransomware attacks. This is a feature on FlashBlade that will not let anyone eradicate the snapshot, that means all the backup data, metadata, and catalog data is protected with read-only mode snapshot, and in the case of ransomware attack if the backup data is compromised one can recover the backup data and metadata from the read-only snapshot.

Advantages of SafeMode Snapshots

  • Enhanced protection: Ransomware can’t eradicate (delete), modify, or encrypt SafeMode snapshots.
  • Only an authorized designee from your organization can work directly with Pure Technical Support to configure the feature, modify a policy, or manually eradicate snapshots.
  • Backup integration: Utilize the same snapshot process regardless of the backup product or native utility used to manage data protection processes.
  • Flexibility: Snapshot cadence and eradication scheduling are customizable.
  • Rapid restore: Leverage a massively parallel architecture and elastic performance that scales with data to speed back up and moreover recovery.
  • Investment protection: FlashBlade includes SafeMode snapshots at no extra charge. Your Pure subscription or maintenance support contract cover enhancements

Ransomware Protection with NetBackup?

Provisioning the storage for Data, MSDP metadata, NBU catalog Configuration of FlashBlade as an NFS target for NetBackup involves creating data volume(s), and NetBackup catalog volume and exporting these volume(s) as an NFS share to the host acting as a media server.  These shares are then mounted on the media server and configured as a storage unit or Storage unit group for data backup and a storage unit for NetBackup catalog backup.

Enabling the SafeMode on FlashBlade. Before proceeding to take a snapshot it is important to know that the FlashBlade needs to be configured to take Safemode snapshots, to have Safemode enabled.

Perform NetBackup Catalog Policy Backup, The NetBackup catalog is the internal database that contains information about NetBackup backups and configuration. Backup information includes records of the files that have been backed up and the media on which the files are stored. The catalogs also contain information about the media and the storage devices associated with its associated clients and the general infrastructure of the environment. It is important to perform a Manual backup of the catalog policy before taking the Safemode snapshot.

Executing the SafeMode Snapshot.The manual Safemode snapshot should be performed when there is no activity on the backup or the NetBackup components are quiesced it is the right time to perform the point in time data consistent SafeMode snapshots, this can be achieved from the FlashBlade user interface by selecting the corresponding NetBackup NFS shared filesystems and creating the snapshot. To maintain the data consistency across the data and catalog, it is imperative to take the snapshot on all the NFS shares i.e. backup data and NetBackup catalog. For example, if there are 4 NFS shares created for data storage (in form of storage unit) and one for catalog backup the snapshots have to be created on all the 4 NFS file systems as shown in the below figure. At the same time create a snapshot on the catalog filesystem.

When faced with a ransomware event or other data loss event, SafeMode Snapshots make restoring service simple.  When an attack is identified it is critical for the authorized administrator to reach out to Pure for assistance.

NetBackup Catalog Recovery, During the catalog recovery process, NetBackup services need to be shut down and restarted. One can generate the disaster recovery file from the recovered catalog backup image, and later can be used for disaster recovery purposes. The NetBackup master server can use this DR file to import all the images and devices information, and hence you can recover the catalog information.

Please check my demo on Ransomware protection with NetBackup and FlashBlade in the following links: https://mandeeparora.com/demo-fb-ransomwareprotection-nbu/ , Youtube:https://youtu.be/8f1B-JuX-NA