• This topic has 4 replies, 2 voices, and was last updated April 6, 2022 by Chris R.

Ransomware

  • Hello All,

     

    I needed your expert opinion on the below:

    As I am new to Zerto, please excuse my inane questions.

    So Zerto’s platform protects our systems with minimal data loss and downtime after a ransomware attack but doesn’t offer any capabilities to detect a ransomware threat. Following a ransomware attack, how can we reduce the risk on Zerto being exploited?

    Also going through the release notes for 9.x , the Zerto update adds ransomware defence where its rolled out immutability for Amazon S3 and rapid VM recovery as anti-ransomware measures, so i am keen to know if there are any such features available to protect our on-prem VMware environment?

     

    Second enquiry, I wanted to know the recommended frequency of DR tests;
    While I am aware that disaster recovery testing should be a component of a business’s business continuity planning, I’m curious about your recommendations.

    Thank You

     

    Hi Nik

    for recommendations on securing your Zerto environment please use this guide :

    https://help.zerto.com/bundle/Security.Hardening.HTML.90/page/Content/Security_Hardening/Security_and_Hardening_With_Zerto.htm

    The features you mention are available for your VMware environment! – Zerto can use an offsite long term retention repository in this case Amazon S3 an utilize immutability to store your on-prem VMware VM’s in S3 away from production and out of harms way in an immutable format – this is also available for S3 compatible devices that you may have on-premises already – please check out interoperability matrix for more details :

    https://help.zerto.com/bundle/Zerto_Interoperability_Matrix/resource/Zerto_Interoperability_Matrix.pdf

    For DR Testing there are no recommendations as it will be bespoke to your organizational needs – the advantage of having Zerto is that failover testing/DR testing is non intrusive to production workloads and fully automated and orchestrated so can be done any time of the day with minimal effort, this allows testing to be carried out on a far more regular basis. At Zerto we have customers who test on a daily basis whereas other may test weekly or monthly. this is down to organizational needs and their stance on being ready for recovery.

    Kind Regards

    Chris

     

    Hi Chris,

    Thank you for the detailed information. It’s extremely useful.

    If you dont mind I have a few more questions:

    We typically keep journaling for 24 hours, so if the attack occurred over the weekend and went unnoticed, we would have lost all of the journaling, rendering Zerto useless, so what is the best recommendation here on retention? Of course, in such cases, the customer must rely on the backup strategy and restore from it, but would Zerto emphasise the importance of having LTR enabled? What sort of data growth are we expecting if, for example, we increase the journaling from 1 to 5 days?

    Would you advise using VRA-to-VRA encryption to protect against ransomware and other malware? What’s the overhead on the VRA if we enable encryption?

     

    Thanks

    Just following up on my query above…any additional inputs are appreciated!

    Hi Nik,

    I would keep Journal history for as long as you can, this will not only help with ransomware but for lots of other use cases like file deletions or data corruptions.

    I would suggest looking at LTR from an immutability point of view as well as longer retentions this will act as a double layer of protection not only for longer periods of time but stop attackers deleting anything they shouldn’t.

    In Regards to VRA encryption this would be down to your companies policies and where the VRA traffic is traversing. this wont stop any ransomware from propagating but may help with other types of attack.

    I’m unsure of the exact overhead, and this will definitely vary by environment

    Kind Regards

    Chris

     

You must be logged in to create new topics. Click here to login