Nov 07, 2019
What is Comprehensive Ransomware Protection?
Ransomware protection begins with end-user education, perimeter protection, and antivirus software. However, if a victim falls prey to a social engineering attack, they’re essentially opening the door for ransomware to enter a network.
Ransomware easily finds its way onto PCs, mobile devices, servers, and SaaS accounts. That’s why businesses need a BCDR strategy that enables them to recover quickly. When evaluating ransomware protection, MSPs should look for solutions that protect data across all devices and services their clients rely on. A comprehensive ransomware solution should include all of the following elements.
Rapid Recovery of Business Operations
Many modern server backup solutions offer a capability known as “instant recovery.” Here’s how it works: The backup server takes snapshots of physical or virtual servers, which are stored locally and replicated to the cloud. If a ransomware attack takes down a primary server, a clean backup “image” is mounted as a virtual machine on the backup device or in the cloud. This allows normal business operations to continue while the primary server is being restored, reducing costly downtime to minutes rather than hours or even days. Datto’s Instant Virtualization enables this type of recovery.
Point-In-Time Rollback for Servers, Endpoints, and Cloud-Based Apps
Point-in-time rollback or restore gives MSPs the ability to “turn back the clock” to a time before the ransomware attack occurred. In other words, you can restore systems to the state they were in immediately before the attack, ensuring minimal data loss. Modern BCDR solutions offer this capability by keeping a series of time-stamped snapshots. In the event of a ransomware attack, the user simply selects a snapshot taken immediately before the ransomware attack. Point-in-time rollback is common among server backup solutions, but less so in the endpoint and SaaS backup space. This is unfortunate because point-in-time recoveries are fast and straightforward when compared with traditional file-based restores, which require considerable manual effort. All Datto Unified Continuity solutions offer point-in-time rollback.
Some backup solutions offer native ransomware detection capabilities. Since backup is an ongoing, scheduled process, adding ransomware detection makes a lot of sense. Ransomware detection is important because early identification can mitigate the impact of an attack. Ransomware detection works by identifying patterns of change in the file types that are most likely to be encrypted by ransomware. For example, it’s unlikely that a user or legitimate program would rapidly and simultaneously perform an in-place file content overwrite with random data. So, if this (or another identifying pattern) occurs, the backup administrator is alerted. Datto SIRIS, Datto ALTO, and NAS devices feature ransomware detection by default.
Choosing the Right Solution
Business data lives in many places—servers, desktops, laptops, and cloud-based applications. So, a solution that can protect your data wherever it resides is essential. Additionally, ransomware attacks can incur significant business downtime if you aren’t prepared. That’s why it is important to deploy technologies that can get your clients back up and running quickly, as well. A comprehensive ransomware protection strategy requires a number of technologies and services. Partnering with a vendor that can deliver a unified ransomware protection solution can ease implementation and management.
To learn more about comprehensive ransomware protection, check out our eBook. In this eBook, you'll learn how ransomware attacks occur and spread across the cloud, what a comprehensive approach to ransomware protection entails, tips on choosing the right solutions to mitigate the risk of attacks, and more!