HPE leads the industry with innovative ransomware solutions. Derived through organic invention and collaboration with partners like Cohesity, layers of defense offer optimum protection from ransomware.
– By Steve Flynn, Go-To-Market Manager, Cloud and Data Infrastructure, HPE
If you’re responsible for your company’s data in any way, you are aware of – and likely weary of hearing about – ransomware. The bad guys keep getting smarter, and attacks are becoming more frequent and severe. When your business is affected by an attack, the consequences can be devastating. Losses to business
What you might not know is that HPE is a leader in ransomware prevention, detection, and recovery solutions. HPE is one of a very small number of vendors with the necessary combination of advanced technologies – derived through invention, acquisition, and partnerships – that can help you survive or prevent ransomware attacks. What’s more, HPE offers the HPE GreenLake edge-to-cloud platform to simplify the day-to-day burden of managing your cybersecurity infrastructure, while minimizing risk exposure.
Zero trust provides the foundation
HPE believes in zero trust as the basis for minimizing ransomware risk and impact. Zero trust is an approach to protecting your data that focuses on identity and access management. Compared to old school, perimeter security approaches (the old castle-and-moat approach), Zero tust assumes everything is (or could be) compromised by default. Unlike other vendors, HPE understands that to deliver a solid zero trust solution, trust and verification must be built into everything. As such, HPE delivers secure, zero-trust-enabled building blocks, with verification built-in, beginning in the secure supply chain – and secured by the HPE silicon root of trust and HPE iLO. This extends throughout the entire manufacturing and delivery process.
Combining detection and recovery
With zero trust as a guiding architectural principle, HPE has developed unique technology supporting the ideal approach to ransomware – which is to combine detection with recovery. This is consistent with, and expands upon, the NIST framework for cybersecurity. What’s most critical is that the detection of threats is accurate and happens more-or-less in real time, and that recovery is super-granular – with near-zero RPO when needed.
When it comes to detection, HPE and Zerto, a Hewlett Packard Enterprise company, have developed a proprietary anomaly detection engine that can massively enhance detection accuracy, detect malicious encryption in real time, and help pinpoint infection sources to speed recovery. It does not rely on risky agent-based approaches, post-processing scans hours after the fact, or malware signature-based approaches. No other vendor in the data protection industry has implemented these advanced detection capabilities. For the gory details on how it’s done, check out this article.
The recovery part of the equation is where Zerto technology comes into play. Zerto specializes in ransomware resilience and cyber recovery in order to dramatically limit data loss and downtime after an attack. Zerto lets you dial down RPO to just 5 to 15 seconds before ransomware encryption began. This means that you can recover your data with the least amount of risk and disruption.
HPE now offers the Zerto Cyber Resilience Vault. This extends Zerto’s usual cyber recovery features into a robust solution designed to mitigate the worst attacks. The Cyber Resilience Vault is a separate, air-gapped, clean-room recovery environment that is complete with HPE servers, networking, and storage. Based on a decentralized zero trust architecture, it has three main elements – Replicate and Detect, Isolate and Lock, and Test and Recover. Replicate and Detect is all about Zerto’s streaming near-synchronous replication of production writes, and scanning everything for suspicious anomalies. Isolate and Lock is about storing immutable copies of data on air-gapped HPE Alletra hardware. Test and Recover is the critical element of being able to locate clean restore points and recovering quickly with cross-VM consistency.
Taken together, HPE’s unique and innovative detection engine technology with Zerto’s model for cyber resilience, CDP, and assured recovery, allows organizations a secure and highly customizable solution for rapid DR and protection from ransomware.
Partnerships – specialized features and capabilities complete the solution
In addition to its own multi-layered approach to ransomware protection, HPE also offers the choice of solutions from an ecosystem of industry-leading, data protection partners including Cohesity, Commvault, and Veeam.
Most recently, HPE has added Cohesity Cloud Services to the HPE Solutions with Cohesity portfolio. Cohesity Cloud Services give you a fully managed, data protection environment hosted on Amazon Web Services (AWS) and Microsoft Azure. This means backup and recovery, cyber vaulting and data isolation, disaster recovery, and cyberthreat defense are all offered as-a-service, on a single platform. This can be a great way to keep costs down, simplify operations, and add another line of defense against ransomware.
More broadly, HPE Solutions with Cohesity combine HPE ProLiant DL and HPE Apollo 4000 data storage servers with Cohesity software, to deliver a cyber-resilient, secure, multi-cloud data platform - built on zero trust security principles.
The effectiveness of HPE Solutions with Cohesity against ransomware begins with immutable backup snapshots – which assure that your backups are not corrupted or deleted, leaving you without a good recovery copy. This has become a ‘hacker 101’ tactic in any serious ransomware scheme. In addition, HPE Solutions with Cohesity orchestrate a combination of WORM for backup capabilities, role-based access controls, multi-factor authentication and quorum safety controls (which require at least two management keys to make critical system changes). These measures help to prevent your backup data from becoming a ransomware target.
You can also isolate your data backups in the Cohesity-managed, cloud vault Cohesity FortKnox, and then replicate the data to another immutable cluster (on-prem or in the cloud on AWS S3 or Glacier). Or you can write to tape and move it physically to offsite storage. This gives you the needed air-gap and guarantees that you have a recovery copy at hand, should you need it.
For threat detection, HPE Solutions with Cohesity include Cohesity DataHawk, which automatically analyzes the backup data to look for any suspicious changes made to the production environment. It then provides visibility into affected objects and the source of the changes. It includes AI-based, early threat detection and user behavior logging, which can catch things that human beings might miss (especially things like out-of-the-ordinary changes to data ingest, dedupe ratios and data change rates).
If ransomware does manage to infect your data, HPE Solutions with Cohesity include rapid recovery capabilities with Cohesity instant restore and instant mass-restore. This helps you to quickly find a recoverable clean copy of your data from across your global footprint. Instant mass restore, lets you recover hundreds of VMs instantly, with minimal RPO. Your virtual machines can actually be running and operating, while the restore operation completes.
Lastly, to ensure a clean restore and to avoid re-infecting your production environment, HPE Solutions with Cohesity include Cohesity’s CyberScan which checks the health and recoverability status of snapshots, to make certain that you can cleanly and predictably recover from a ransomware attack.
As part of HPE Solutions with Cohesity, the Cohesity software is factory-installed on HPE ProLiant DL and HPE Apollo 4000 data storage servers. This means that the solutions take full advantage of the HPE Silicon Root of Trust– which makes it impossible to tamper with the servers during manufacturing – and the HPE Trusted Supply Chain, which assures that servers are built to heightened security standards in secured facilities. Taken together, this means that HPE Solutions with Cohesity have the utmost reliable safeguards built in, to protect your data from ransomware (see figure 1).
HPE Solutions with Cohesity – data security from firmware to cloud
More about HPE GreenLake
Assessing and building an effective ransomware prevention model can be daunting. HPE simplifies the challenge with HPE GreenLake cloud services for data protection, including HPE GreenLake for Backup and Recovery and HPE GreenLake for Disaster Recovery. Between them, you have excellent ransomware protection, spanning critical RTO and RPO SLAs.
HPE GreenLake for Backup and Recovery is a backup-as-a-service built for protecting on-premises virtual machines and cloud-native workloads. With it, you can recover almost instantly with immutable snapshots, or you can use the cloud for low-cost, long-term retention. HPE GreenLake for Disaster Recovery is based on Zerto technology to deliver SaaS-based disaster recovery. This service takes full advantage of Zerto’s journaling, orchestrated recovery, automated failover, and non-disruptive testing capabilities. It offers management through a single, globally available console, which lowers administrative overhead and simplifies deployment.
In addition, HPE GreenLake Flex Solutions offer a data protection option that allows you to build a solution for the unique needs of your business, using standardized, centrally managed IT modules. Options are available to include HPE Solutions with Cohesity, as well as other HPE data protection partners’ solutions.
Lastly HPE GreenLake Managed Services can help you to understand and address the gaps in your security and risk management efforts and take advantage of HPE expertise, delivered as a managed service, to protect your infrastructure, apps, and data. HPE experts can help you identify and eliminate security gaps with the right mix of integrated security design. This means you don’t have to go it alone.
What it means to you
Having a solid ransomware prevention and recovery scheme is an unfortunate requirement in today’s IT world. While many vendors focus on cybersecurity, they rarely bring a whole solution. HPE has deep expertise in all areas of hybrid cloud, including the people-and-process aspects, as well as technology and partner ecosystem components. That’s a huge advantage when wrestling with the complexities of ransomware protection. HPE has the products, processes, software, services, and partnerships to help you design a robust and affordable ransomware strategy.
Learn more here
- HPE Ransomware Detection and Recovery in Zerto 10: Sophistication that Works
- How to fight ransomware with intelligent data storage technology
- Ransomware data recovery architectures
- Webinar – HPE and Cohesity – Safeguard Your Data, Fight Ransomware
- Zerto-Cyber-Resilience-Vault_SB.pdf
- Real-time-Ransomware-Detection_DS.pdf (zerto.com)
Meet Storage Experts blogger Steve Flynn, Go-To-Market Manager, Cloud and Data Infrastructure, HPE
Storage Experts
Hewlett Packard Enterprise
twitter.com/HPE_Storage
linkedin.com/showcase/hpestorage/
hpe.com/storage
.
StorageExperts
Our team of Hewlett Packard Enterprise storage experts helps you dive deep into relevant data storage and data protection topics.
