Ransomware attacks are increasing in frequency and sophistication. Before data is encrypted or destroyed, attackers go after the infrastructures that store and protect your company’s information—this a real problem affecting many organizations. As a result, many storage platforms have features that focus on Ransomware detection, prevention, and recovery. Over the following weeks, I will look at many of these products to sift through the datasheets, highlight relevant information, and help you build cyber recovery capabilities into your data protection strategy.
I’ll start with the PowerMax from DellEMC as it was the first platform I helped a customer implement in a storage-based Cyber Recovery solution.
PowerMax – TimeFinder SnapVX provides the ability to create immutable snapshots with Secure snaps. Many vendors define immutable data as data that is impossible to alter, but not all solutions protect the data’s retention. When invoked, secure snapshots have a retention period that can be an absolute value or relative from the time of creation. Customers are, by design, unable to alter the retention settings of SnapVX Secure snaps. Even if an attacker gains administrative access to a customer’s PowerMax solution, data saved with Secure snapshots is 100% immutable.
I do have a couple of warnings to admins out there looking to use SnapVX Secure snapshots. The feature works brilliantly. Therefore, my advice is to measure twice, cut/snap once, be sure to verify syntax in any commands or scripts, gain a thorough understanding of change rates, and carefully plan for the required storage and factor in peak change rates for the duration of Secure snaps. PowerMax prioritizes the durability of Secure snapshots above even the availability of the production data, which makes sense. How immutable is something if you can delete it?
I should note there is one exception to the immutability of SnapVX Secure snapshots on PowerMax. In the case of emergencies, Dell EMC can terminate SnapVX Secure snapshots, but not without customer validation, which requires a signed data loss waiver which, from my understanding, requires signatures and validation from board members or officers.
Only use SnapVX Secure snapshots when necessary, do your homework when it comes to capacity management, and work closely with DellEMC or a partner like Converge Technology Solutions to keep your data secure.