How to Protect Yourself Against Cyber Threats and Ransomware with RUBRIK Shield?

Prepared by: Ramazan Öğütcen – Sekom – Data Center Solutions Unit Manager

Recently, we’ve been hearing a lot about cyberattacks on companies involving ransomware. Today, we will explain how your organization can recover from such attacks in a short time, without needing to pay any ransom.

As an enterprise, you should know that it is no longer a matter of “Will such attacks happen to my company?” (since avoiding them has become nearly impossible). Instead, you must think and plan thoroughly about what actions you can take to prevent these attacks and, in the worst-case scenario, what your last resort actions should be. Of course, your efforts to prevent cyberattacks should be at the highest level, carried out through security and network layers, along with hardware and software products. However, even with all these precautions in place, if a vulnerability in your IT infrastructure is exploited and “all firewalls are breached” and “all fortresses are captured,” leaving your data completely unprotected, you will need a secure refuge to recover it.

Rubrik provides you with such a refuge.

Rubrik is an innovative and pioneering company established 10 years ago, with its first product launched 9 years ago. What makes Rubrik innovative is its ability to combine the traditionally separate backup software and backup hardware into the same environment. This “converged” infrastructure has transformed backup environments, which previously required working with a complex and complicated set of components, into simpler, more user-friendly, and most importantly, much more secure systems.

Having different backup software and hardware from various vendors within a backup environment (or even different components from the same vendor) increases the attack surface, potentially harming your security posture. As a fully integrated backup unit, Rubrik stands out as a leader in security matters for these reasons.

Looking at the Rubrik product from a hardware perspective, we can see a 2U appliance with four nodes and 150 TB of usable disk space. This appliance can be provided by Rubrik both as a software and hardware solution, but it can also be offered in collaboration with Rubrik’s partner manufacturers (DELL, Cisco, HPE) with servers containing specific configurations agreed upon with Rubrik.

Those experienced in the backup world have, over the years, encountered the ongoing complexity in this area. The need for different software or licenses for each workload, the requirement of proxy servers for some workload types, the use of different servers for media and catalog servers, the use of network-based or disk-based units as backup environments, and the need for tape, cartridges, tape units, and tape libraries — all these components working together are necessary to make a backup environment truly functional at the desired level. This complexity creates an environment that is not only unreliable due to its multiple components but also difficult to manage and operate due to potential compatibility issues. Therefore, simplicity, ease of use, and the ability to meet all backup needs with minimal components result in a much more secure backup environment and eliminate problems such as component incompatibility.

Can you imagine that all the critical data of your company, regardless of the hypervisor, OS, database, application, or workload underneath, can be backed up with just a 2U device containing four backup servers and 150 TB of usable capacity (which, through deduplication and compression, can easily reach the petabyte level)? And, on top of all this, the data is protected under ransomware guarantees and is easily restorable — this is what truly sets Rubrik apart from its competitors.

As mentioned earlier, Rubrik, in addition to all the features available in other backup software and hardware manufacturers, such as deduplication and compression, also has a “scale-out” architecture that others lack. With Rubrik, you can start your backup journey with 4 nodes and later scale up to 8, 12, or 16 nodes. Thanks to its unique cluster architecture and the parallel and distributed operation capabilities of its nodes, backup performance can significantly outperform competitors. (Moreover, you are not limited to growing in increments of 4 nodes — after 4 nodes, you can add 1, 2, or 3 nodes during each growth phase.) This way, workloads such as high-capacity databases, which are typically backed up in short windows during the night, can be backed up seamlessly.

There is a saying often heard in the backup world: “Backing up is not important, what matters is being able to restore it quickly when needed.” If you remember the experiences with tape cartridges and tape libraries while managing backup environments 20 years ago, you can imagine how difficult and cumbersome restoring from a backup was due to the use of tape at that time. Later, with the discovery of the “deduplication” magic in backup processes, backups began to be stored on disk, and restore times and operational processes became much shorter. More recently, with fast SSD disks in systems where backups are stored on disk and technologies that allow quick access to data on the system without restoring it to its original location, restore operations have gained a whole new dimension. In Rubrik, which is equipped with the latest technologies in the backup world, there is a feature called “Live Mount,” which is particularly recommended for Oracle and SQL databases. This feature allows users to quickly access backups, and we can even point out that some customers use this feature for Dev/Test systems, saving on capacity as well.

Now, why is Rubrik different from others when it comes to ransomware protection? Let’s explain this in detail:

• It is built on a strengthened Linux OS with an immutable filesystem (Google Atlas). The filesystem it is built on cannot be deleted, modified, or encrypted; only additions can be made (append-only).
• All backup and other network operations are encrypted and FIPS 140-2 validated.
• It has an air-gapped OS, Shell, and Storage layer that cannot be accessed through NFS/SMB protocols.
• MFA is required for access, and there is a time-based TOTP (One-Time Password) feature for local users.
• It has a monotonic clock barrier feature to protect against NTP poisoning attacks.
• A retention lock feature is available, which can be used in conjunction with the support team.
• No third-party software can run on the Rubrik appliance.

With all these features, Rubrik stands out as a “sanctuary” where ransomware attackers cannot take control, allowing customers to securely store their most critical data.

It should be noted that some backup software solutions in the market may manage to recover from cyberattacks in some way. However, the most important criteria here will be how quickly you can recover from the attack and minimize downtime. For example, if we assume that ransomware attackers have also taken over the hypervisor layer in your environment (which happens in 60% of these attacks), if your backup software has a component running on the hypervisor to enable recovery from a ransomware attack, you will need to reinstall and reactivate it, which naturally takes time. But with Rubrik, which operates in an isolated environment and cannot be accessed by malicious actors, you won’t experience such delays in recovery. In other words, it’s not enough for just the backup copies to be immutable; the entire backup environment (both software and hardware) must be immutable. The shorter the RTO (Recovery Time Objective), the lower the costs incurred from the ransomware attack. Therefore, it’s crucial to consider this criterion when choosing backup software.

Moreover, Rubrik, with another feature, can quickly save customers from unnecessary ransom payments. Using its analysis tools, Rubrik can scan all the data from the first backup and classify it. In the event of a cyberattack, Rubrik can also provide information on which files were encrypted. This allows customers to bypass the attack without paying ransom if the encrypted data is not critical to the company.

Additionally, Rubrik can perform high-performance operations such as scanning backup data for malware and detecting anomalies directly on the primary copy. This avoids the need for an extra copy to be moved to a secondary data vault, eliminating additional costs for performance-intensive tasks.

If you want to learn more about Rubrik, which uniquely protects against ransomware as a “converged” solution, offering both backup software and hardware together, ask questions related to your environment, or explore demos/workshops or POCs, feel free to contact us.