The disruptive potential of ransomware has made it many organisations’ top security priority. With even well-resourced firms like SHI International and AMD joining the list of compromised companies, businesses are calling on managed service providers (MSPs) to help them better plan against their own, inexorable attack.
Backups naturally form a major part of this preparation since they allow businesses to roll back ransomware’s file encryption and deletion and enable rapid recovery. Yet ransomware attackers also know this, which is why many strains of ransomware specifically hunt down and disable (or destroy) backup servers and delete the backup storage – forcing victims to pay up or risk losing their data forever.
In turn, modern ransomware defences have responded to this challenge with purpose-built backup platforms that use non-network-facing storage tiers to protect data backups from compromise.
ExaGrid, for instance, has built Tiered Backup Storage appliances that incorporate both a front-end disk cache Landing Zone (which stores the most recent backups) and a second-tier repository (that deduplicates and stores the most recent backups as well as all the weekly, monthly, and other backups) for use during legal discovery, financial audits, and regulatory audits, that is non-network-facing to provide a virtual air gap.
By storing all backups as deduplicated immutable data objects and logically separating the layers from the primary backup environment, the appliance ensures that a recent backup is always available to restore from a ransomware hit.
Automatic sensors raise alarms when large-scale file changes, encryptions or deletions occur over a short time period. The same systems also ensure that files can be automatically recovered within moments if they are compromised by ransomware.
“By keeping the most-recent backups in that front-end Landing Zone, you can quickly restore files when somebody accidentally deletes, overwrites or encrypts them” ExaGrid President and CEO, Bill Andrews, told CRN Australia. “The backups stored in the repository tier are not connected to the network and only our code can talk to them, preventing malicious encryption or deletion commands by threat actors,” he added.
Although the platform scales to 2.69PB of backed-up storage in a single ExaGrid system, the Retention Time-Lock feature delays delete commands for a set number of days. It also automatically retains ‘last-best backup’ images should it become necessary to restore (or recover) data after a potential ransomware hit.
Watching the channel’s back(up)
Ransomware-aware backup platforms have been well-received by businesses that want to operate with the confidence of a ransomware-recovery strategy. ExaGrid’s results confirm this, with revenues growing at over 20 per cent annually and the company recently reporting 168 new customers in the second quarter of this year.
This success included a 75 per cent win-rate for new deals. Andrews says that this is due to a “Highly differentiated product” plus a focus on channel partners that includes guaranteed deal registration, a commitment to never take a direct deal plus an agreement to never bring in another reseller: “We’ve never had a reseller that brought us on and we’ve taken a deal direct” he explained. “You brought us in and we want to reward you for that – not punish you for it later. Registration allows you to make sure you get the deal.”
The scalable architecture of the solution also helps channel partners be more competitive during tenders, since they don’t need to over-specify the appliances (selling customers more than what they actually need) just to ensure performance. Customers can simply buy additional scale-out appliances as their data grows.
ExaGrid’s technology scales both storage and performance incrementally, allowing resellers to win a customer with a competitive quotation and then work with them to expand it as subsequent requirements dictate.
This approach also prevented customers worrying that they could be pushed into forced obsolescence by unscrupulous vendors selling them systems with too little capacity – which then needs to be replaced in the short-term because they don’t scale well.
MSPs and other channel partners are supported by in-house ExaGrid specialists both locally and globally, ensuring time zones are never an issue: “Every time a customer reaches out – by email, chat, or phone – they’re dealing with the same person,” Andrews said. “That person knows their environment and they can build a rapport.”
As it actively recruits new channel partners, Andrews said that the company’s growth in Australia reflects the dynamics of an overall global story which is being fuelled by surging awareness of the immediate threat posed by ransomware.
With ASIC clamping down on company directors to ensure they invest in cyber resilience – and an increasing climate of ransomware confirming the threat isn’t going anywhere – having a clear ransomware recovery story to sell has become critical for any channel provider.
“We’re not going to play cheap sales tactics” Andrews said. “We’re going to make sure the customer is happy because the product solves their problem. It’s not undersized, it’s well-supported and it just works.”
