Rick Vanover, Director of Technical Product Marketing & Evangelist at Veeam Software
DSA recently had a quick interview with Rick Vanover, the Director of Technical Product Marketing & Evangelist at Veeam Software and also one of the experts in system administration and IT management.
Veeam Software, the pioneer in a new market of Availability for the Always-On Enterprise™ by helping organizations meet recovery time and point objectives (RTPO™) of less than 15 minutes for all applications and data.
Data&StorageAsean: We see a lot of companies with backup or data protection products jumping on the ransomware bandwagon at the moment. Does Veeam really have anything unique to offer here?
Rick Vanover: The unique position Veeam provides is that if ransomware gets into an organisation, there are effectively only two possible outcomes: restoring from backup or a conscious loss of data. We want to see organisations make the better choice – to keep their data available.
The difference is we are taking the “ransomware bandwagon” in a broad-reaching advisory role. Specifically, for myself, I’ve committed this year to writing a chapter per quarter this year on how organisations can be more resilient against ransomware with Veeam. This is a library of content that myself and others have contributed to that can help organisations be more prepared from a design perspective to keep data available should ransomware enter. The content is online at: http://vee.am/ransomwareseriespapers
There are also two additional unique offerings by Veeam regarding ransomware. The first is an alarm that will detect possible ransomware activity. Our virtualisation management tool, Veeam ONE, has a pre-defined alarm that detects high write activity on disk coupled with high CPU activity. This visibility technique is very powerful to detect if ransomware is underway encrypting data. The second ransomware-specific capability we have added is for backing up Windows systems with Veeam Agent for Microsoft Windows. This backup product can eject removable media after a backup. This is a strong capability to keep the backup storage offline should ransomware be introduced to a Windows system.
Data&StorageAsean: When it comes to ransomware and cybersecurity in general, how does Veeam co-exist with the specialist security vendors?
Rick Vanover: Veeam has many partners in the ICT space, however we have yet to go into the specialist security vendor segment. Regarding ransomware, many of our storage and cloud partners are critical to a great Availability experience. Leveraging storage snapshots for out-of-band is a very powerful quick recovery technique. Additionally, storing backup in the cloud or with a service provider is a great way to have off-site and out-of-band storage resources for backup.
The general approach is that Veeam does not prevent ransomware, but if it gets in we have many ways to restore the Availability of the organisation and its data.
Data&StorageAsean: We recently saw a security vulnerability reported in the Acronis product itself. Does it worry you that by being vocal about malware defense "the bad guys" might target Veeam and look for gaps in your product?
Rick Vanover: We have seen a ransomware (or generic malware) target Veeam backup data on disk. This is why we are taking the resiliency approach seriously. There are a number of specific recommendations that can be used for more resiliency, but I’ll share two that are very powerful (and can be used with effectively any backup product):
Have offline storage. There is an absolute need for an air-gap today in the ransomware era. This air-gap will prevent propagation of ransomware or malware to the backup resources. The best example of offline storage is tape media. Removable or rotating drive systems also are an option.
Use different credentials. There is an incredible risk to a master service account being the conduit for ransomware. The worst possible situation would be to have the source data and backups encrypted by a powerful administrative account.
Data&StorageAsean: Do you find that the high-profile Ransomware attacks are making people in Southeast Asia think more carefully about their blended data security and protection strategies?
Rick Vanover: Yes. Nobody wants to be the next headline outage. Much less due to something like a ransomware impact. This will immediately discredit the business reputation and impact customer confidence.
We consistently see organisations ready to answer this question regarding ransomware: Do you want to pay now or pay later?
Pay now means invest in ransomware resiliency, and never stop. This includes user training on how to handle email attachments or web sites, detection technologies and an Availability strategy for resilience to infection.
Paying later means seeking funds to repair a potentially brand damaging event with no guarantee that the ransom will decrypt the data.
Data&StorageAsean: Do you have any examples you can share where Veeam has helped a customer recover from a successful malware attack?
Rick Vanover: Veeam technical support team receives calls nearly every day from clients dealing with ransomware. This tells us first of all that ransomware is not just a PC problem as these calls are in the data centre regarding virtual machines.
Luckily, we have good advice on how to navigate our clients through this process. Additionally, Veeam has worked diligently to advise clients on how to be more resilient against ransomware. We have long been advocating the 3-2-1 rule, which states to have 3 different copies of critical data, on 2 different media; with 1 being off-site. You can throw in a twist to make one of them off-line as well. This rule works great A) as it doesn’t require any specific hardware and B) it can address nearly any failure scenario.
We do have one story to share from Bedford School in the UK where Veeam navigated them through the ransomware threat: https://www.veeam.com/success-stories/veeam-bedford-school-success-story.html
Data&StorageAsean: Do you have any specific product development plans that will take you more into the cyber security space?
Rick Vanover: We have not announced any specific product development plans that will take us into the cyber security space. However, I do believe you will see the Veeam Availability Platform and vision expand to more storage integration, expand to more capabilities in the cloud and expand to more products.
Everyone wants Availability of their data in this digitally transformed world, and Veeam wants to provide that experience for organisations today and into the future.