Dell EMC Isolated Recovery

Similar documents
Data Protection Everywhere

Rapid Recovery from Logical Corruption

Copyright 2016 EMC Corporation. All rights reserved.

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Cyber Resilience. Think18. Felicity March IBM Corporation

RSA NetWitness Suite Respond in Minutes, Not Months

Dell EMC Cyber Recovery

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

You ve Been Hacked Now What? Incident Response Tabletop Exercise

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

2017 Annual Meeting of Members and Board of Directors Meeting

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Ransomware A case study of the impact, recovery and remediation events

Cybersecurity Session IIA Conference 2018

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Comment protéger le Data Center du futur?

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Cyber Security on Commercial Airplanes

the SWIFT Customer Security

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

MITIGATE CYBER ATTACK RISK

How to Prepare a Response to Cyber Attack for a Multinational Company.

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

What It Takes to be a CISO in 2017

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Information Governance, the Next Evolution of Privacy and Security

Security Fundamentals for your Privileged Account Security Deployment

RSA INCIDENT RESPONSE SERVICES

Secure Access & SWIFT Customer Security Controls Framework

locuz.com SOC Services

Cybersecurity Roadmap: Global Healthcare Security Architecture

Evolved Backup and Recovery for the Enterprise

Are we breached? Deloitte's Cyber Threat Hunting

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Endpoint Protection : Last line of defense?

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

LAYERED DATA PROTECTION STRATEGY PRESERVES CONTINUITY OF VITAL PATIENT SERVICES

Changing face of endpoint security

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

TOP REASONS TO CHOOSE DELL EMC OVER VEEAM

Cyber Security Incident Response Fighting Fire with Fire

Industrial Defender ASM. for Automation Systems Management

with Advanced Protection

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Transforming Security Part 2: From the Device to the Data Center

RSA INCIDENT RESPONSE SERVICES

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Cybersecurity for Health Care Providers

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Cybersecurity The Evolving Landscape

Sage Data Security Services Directory

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Symantec Reference Architecture for Business Critical Virtualization

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Backup and Restore Strategies

FOR FINANCIAL SERVICES ORGANIZATIONS

Top Five Ways to Protect Your Organization from Data Loss & Cyber Hackers

Automating the Top 20 CIS Critical Security Controls

Data Protection Everywhere. For the modern data center

CYBERSECURITY RISK LOWERING CHECKLIST

CYBERSECURITY MATURITY ASSESSMENT

Why you should adopt the NIST Cybersecurity Framework

EMC NetWorker Backup Solution for SAP HANA. Data Protection for Big Data

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Gujarat Forensic Sciences University

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Countering ransomware with HPE data protection solutions

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Emerging Issues: Cybersecurity. Directors College 2015

The Evolution of : Continuous Advanced Threat Protection

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Securing the SMB Cloud Generation

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cyber Resilience: Developing a Shared Culture. Sponsor Guide

Transcription:

Dell EMC Isolated Recovery Andreas El Maghraby Advisory Systems Engineer DPS @andyem_si GLOBAL SPONSORS

Incident Response: Categories of Cybercrime Activity April to June 2016 37% 27% 12% 9% 7% 7% 5% 2 Ransomware Banking Trojan Business Email Compromise * DoS, unknown, digital currency mining and credential harvesting Web Script Adware Spam Other *

The Evolution of Ransomware Cybercrime has matured into a business sector The latest paradigm is Cybercrime-as-a- Service (CaaS) The Ransomware market, within this paradigm, is rapidly maturing Ransomware strains are being upgraded, rebranded, and sold cheaply on the Dark Web All potential targets, regardless of size, present equal opportunities 3

True Costs of Ransomware Ransom: $30,000 Lost Revenue 2,500,000 Incident Response 75,000 Legal Advice 70,000 Lost Productivity 250,000 Forensics 75,000 Recovery & Re-Imaging 60,000 Data Validation 25,000 Brand Damage 500,000 Litigation 200,000 Total Costs of Attack $3,785,000 4

NIST Cybersecurity Framework Focus Identify Protect Detect Respond Recover Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Information Protection Processes and Procedures Maintenance Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications Validation Dell EMC IR Services for Risk Management, Governance Model, & Operating Model Isolated Recovery Solution Protective Technology, Processes & Procedures Isolated Recovery Solution Validation Servers. RSA Security Behavior Analytics Dell EMC IR Services for Response Framework for Cyber Incident Management Isolated Recovery Solution with Recovery Servers

Traditional Strategies Are Not Enough Data Encryption Tape Backups Cyber Insurance Not preventative against attacks Hacktivists can encrypt your encrypted data For data protection, not recovery Potential negative impacts on cost to store, replicate and protect Too long to recover Difficult to validate data Requires backup infrastructure to recover May not protect: Backup Catalog PBBA [Data Domain] Tape Library Meta Data DB All breaches may not be covered Policies have baseline security requirements Monetary limits may not cover all damages Does not protect: Patient needs Brand Lost trust 6

Current State: Risk Profile Summary Technical All data is currently susceptible to a cyber attack Primary storage replication can replicate corruption Backup catalog not replicated Recovery of backup catalog from tape is slow and failure prone Backup copies not isolated from network People & Process IT Engineering and Ops have access to most if not all Backup Assets Security teams not assigned to assets. Bad actors inside the firewall can create havoc. Franchise critical and non-critical data are not segregated Backup images can be expired without authorization These risks are consistent with traditional Prod/DR models. This is a different challenge and requires a different architecture. 7

Current State: What is a Business Impact Analysis? A process to understand: What is the monetary impact of a disaster of failure? What are the most time-critical and information-critical business processes? How does the business REALLY rely upon IT Service and Application availability? What availability and recoverability capabilities are justifiable based on these requirements, potential impact and costs? Composed to two components Technical Discovery Data Gathering Human Conversation Talk to People! 8

BIA Output: The Most Critical Data First Compute Protect the heartbeat of the business first Applications Validate & Store Highest Priority Data Prioritize top applications or data sets to protect Usually less than 10% of data Start with a core set and build from there 9

Layered Cyber-Security for Data Protection Level of Protection Good Better Best Traditional Data Protection Best Practices Deploy a layered data protection approach ( the continuum ) for more business critical systems but always include a point in time off array independent backup with DR Replication (N+1) Protect Born in the Cloud and endpoint Data Additional Hardening and Protection Features Product specific hardening guides Encryption in flight and/or at rest Retention lock with separate security officer credentials Advanced Protection Services Isolated recovery solution EMC/EY service offerings: assess, plan, implement, and validate Use of evolving security analytics: RSA & Secureworks 10

Isolated recovery solution how it works Critical data resides off the network and is isolated Production Apps RISK-BASED REPLICATION PROCESS Business Data (Crown Jewels) Isolated Recovery Tech Config Data (Mission-critical Data) Dedicated Connection Air Gap Corporate Network DR/BU 11

Isolated Recovery Dell EMC VMAX Primary Storage SRDF Air Gap ISOLATED RECOVERY VAULT Isolated Recovery System Restore Hosts Validation Hosts Management Host No management connectivity to IR Vault Enable data link and replicate to isolated system Complete replication and disable data link Maintain WORM locked restore points Optional security analytics on data at rest Professional Services 12

Isolated Recovery Dell EMC Data Domain DD Replication ISOLATED RECOVERY VAULT Restore Hosts Validation Hosts Create backup of data No management connectivity to IR Vault Enable data link and replicate to isolated system Primary Storage Backup Appliance Air Gap Isolated Recovery System Management Host Complete replication and disable data link Maintain WORM locked restore points Optional security analytics on data at rest Professional Services 13

Separate Copy Streams For Better Recovery Distribution Mgmt. Isolated Recovery Vault Vendor Distros Material For IR Vault OS Clean Room Change Control Process Change Control Copy OS DD MTree Replication ) ( OS Backup Process Daily Backup DD MTree Replication ) ( Malware path Production Hosts Data Domain Data Domain 14

Proactive Analytics in the IR Vault Why Analytics in the Vault? Increase effectiveness of Prevent/Detect cybersecurity when performed in protected environment. Diagnosis of attack vectors can take place within an isolated workbench. App restart activities can detect attacks that only occur when application is initially brought up. ISOLATED RECOVERY VAULT Restore Hosts Validation Hosts Categories of Data Transactional Data dynamic/large (log variances, sentinel records, etc.) Intellectual Property static/large (checkums, file entropy) Executables / Config. Files static/small (checksums, malware scans) Isolated Recovery System Management Host 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback