Entries by Gregory Tellone

If your backups aren’t immutable, you don’t really have backups

The most important reason that Continuity Centers started using Veeam:

Companies across the globe were having their backups encrypted by ransomware on a regular basis.

Companies were contacting us almost weekly, asking if we could help resurrect their backups, which had been encrypted by ransomware. But once this happens, it’s too late.

When you store your backups on a Windows server, regardless of what backup product you use (including Veeam) and especially if the backup server is joined to your Active Directory domain, the backups will not be available for you to recover from after a ransomware attack. 

Why? Because the bad actors know what product you use to backup. They know which servers your backups are stored on. They know how to encrypt your backups just like they know how to encrypt your production data.

But we also have offsite backups, so we're all good, right?

Are you storing your secondary backups on a Windows repository? Is it connected via IP to the primary location? If so, they’ll encrypt that as well. We’ve seen it happen.

So how do I protect against this?

The answer is easy. You need to store your backups on a Veeam Security Hardened Linux Repository with Immutability enabled.

Not as easy as it sounds? You might be correct.

Deploying, maintaining and security hardening a Linux server requires a very different level of expertise, which most companies do not have. That’s where Continuity Centers can help. Since before Veeam even announced the Security Hardened Linux Repository, Continuity Centers was deploying their own version of it. 

We’ve never used Windows as a Veeam Repository. Ever. Why? Because as great as a product as Veeam is, we waited for them to announce support for Linux Repositories, for us to jump in headfirst, as it’s quite a bit of work to convert decades of customers from one product to another. Years later, they continue to release security improvements on a regular basis, such as immutability for backups, launched in February of 2021. This was the game changer for backups.

With the initial launch of Linux Repository support, and before they even added the immutability feature, we were able to secure the Linux Repository in a way that eclipsed the security capabilities of Windows. Feel free to contact us to discuss our methods, but for obfuscation reasons, we won’t be discussing them here. On top of our already secure Linux Repositories, immutability added the ability to prevent accidental or intentional deletion of backups through the Veeam console, a common course of action by bad actors.

How do I get started?

If you have Linux expertise on staff and you already use Veeam, make it a priority, immediately.

Whether you already run Veeam or not, but don’t have the Linux expertise in-house, contact us and we’ll help you get started. At a minimum, you can create Backup Copy jobs that send your data offsite to our Linux Repositories with immutability. Additionally, we store a minimum of two geographically disparate offsite backups for you. These offsite backups will ensure you don’t lose all your data when ransomware hits, but if you want to ensure the fastest recovery possible using Veeam’s Instant Recovery feature, we will also deploy a Linux Repository at your office/data center/cloud.

What’s the Diff: 3-2-1 vs. 3-2-1-1-0 vs. 4-3-2

Backblaze recently released a great article discussing the differences between different data protection strategies that our CEO, Gregory R. Tellone, recently discussed with Backblaze’s VP of Sales, Nilay Patel, in this VeeamON 2021 video. The traditional 3-2-1 rule for protecting your backup data has been the industry standard for decades, and proved sufficient for protecting […]

Instant Recovery from Kaseya VSA Ransomware Attack

While we do not use the Kaseya VSA product, many of our clients and partners use it and were significantly impacted by the Independence Day ransomware attack. Because our Veeam backups are immutable and stored on Security Hardened Linux Repositories, all backups were protected from the attack and our team quickly launched our incident response […]

The ABCs of Network Security

Network security is a broad topic – really broad. To read through an entire book of various “security” this and “malware” that might be helpful to some people, but it’s pretty boring to just about everyone else. Instead, we decided to compile a useful guide consisting of the most important network security terms you should […]