Isolated Recovery & Ransomware: Cost vs. Value
Has a vendor been talking to you about Isolated Recovery recently? Or have you been thinking about duplicating and air gapping your backup systems with scheduled updates to protect against ransomware? Could there be a less expensive, less complex way to achieve similar benefits?
Let’s dive into these ideas to explore the concept and limitations of Isolated Recovery–and where Rubrik can help.
What is Isolated Recovery?
From a network perspective, the concept of air gapping isn’t new. Simply put, there’s physical isolation between two networks – most commonly a secured and an unsecured network.
While Isolated Recovery shares this “physical isolation” characteristic, it is built on the concept of having a separate data center infrastructure that is disconnected from the primary infrastructure via an air gap. In the case of Isolated Recovery, the air gap is closed on a regular schedule for replication updates. Think of this as being similar to the operational overhead of a DR infrastructure.
In theory, if your files are encrypted by ransomware, there is complete surety that your air-gapped data isn’t affected and is available for restore.
Is there a real benefit?
You might already be thinking about update schedules. What if the ransomware isn’t detected before the scheduled update occurs? At that point, your separate infrastructure hasn’t bought you anything despite its cost and complexity.
Even worse, what if the scheduled update happens after a ransomware infection (or other attack) but before detection? The ransomware may be dormant, specifically to get past regular update windows schedules, and now you have ransomware-encrypted files both places. In all honesty, we have yet to meet a customer who has experienced real-world benefits with this approach.
What’s the real challenge?
Based on customer conversations, undetected ransomware file encryption is the main challenge people are trying to protect against when considering Isolated Recovery.
We recently covered how Rubrik can help here in depth in the webinar: “Ransomware Jail–Is There Any Way Out.” One key aspect we discussed was immutability of snapshots.
Why does immutability matter?
Unlike some other backup systems, Rubrik backups (aka snapshots) are immutable once created. In the words of David Ramos, Security Lead at Rubrik, “No amount of compromise to the machines we back up will cause us to do bad things to existing backups.” Regardless of subsequent backups (which may include encrypted versions of previously backed-up files), the previous backups are never affected – more details in this post on hospitals and ransomware.
Additionally, the previous backups are never available in a Read/Write state to the client. Even during a restore of a VM, the underlying backups remain Read Only. This prevents ransomware from being able to access and encrypt backup data.
Immutability is critical – it’s what allows Rubrik to meet and exceed the benefits of an air-gapped environment for your backup infrastructure without the operational complexity and higher cost. Even if someone compromises your production infrastructure and deletes items (VMs, file systems, databases, etc.), we do not delete the related backups. Instead, they are turned into “relics” inside of Rubrik and aged out over time based on the pre-assigned policy.
But there’s more!
This is definitely a large topic. If you’re thinking we’ve left out some pieces, you’re right! For more information, read the in-depth brief.
In the meantime, please don’t hesitate to reach out to me or your local Rubrik team to learn more about how Rubrik’s approach can provide much of the benefit of Isolated Recovery at a fraction of the cost.