Protecting Against Ransomware with Cohesity

Protecting Against Ransomware with Cohesity:

As most of you are aware, 2020 has been especially riddled with Ransomware attacks against large corporations. However, large corporations are not the only ones under attack. These attacks are against all types of businesses from the largest corporations all the way down to the small mom and pop businesses. Government agencies to include federal, state, and local are under constant attack as well.

The most notable ransomware attacks that most have heard about include Garmin, Travelex, University of California San Francisco, Honda, and Canon USA. Click on the appropriate company name to go to an article specific to that companies attack.

NOTE: For 2021 statistics on Ransomware attacks, see the first link at the bottom of this blog called “Ransomware Statistics“.

Most of the data protection solutions on the market (especially the legacy solutions) today have fallen pray to the above list of recent Ransomware attacks as well as many others.

To this day, not one Cohesity customer has had a successful ransomware attack to where they gained access to their Cohesity backups to delete or encrypt them and where they have followed our security hardening guidelines. That means that our customers have been able to detect, prevent, and/or recover and not have to pay any ransom whatsoever.

Here is an example of what can happen in your typical ransomware attack of today:

  • Employee clicks on link in an email and hackers gain access to your network.
  • Hacker then installs a key logger and gets an administrators credentials to systems (including your data protection system) on the network.
    • Hackers delete your backups of systems to ensure you can’t recover from backups and have to pay them the ransom.
  • If they don’t get administrator credentials to backup solution, they encrypt the backs first to again make sure you can’t recover any systems from backups and force you to pay the ransom.
  • If the company has any CCPA, GDPR, or other compliance related requirements and associated data, they collect that data.
  • They then encrypt the systems on the network.
  • Hackers notify the company that they have encrypted their systems and tell them they must pay a ransom to get the encryption keys to decrypt their systems. If they obtained any compliance related data, they also tell the company that they will publicly post the private data. If they do that, the company by law then has to publicly announce that they had a data breach. They then can be fined a very large amount of money for breaking compliance itself. This is a separate cost from the ransom.
  • Hackers typically give the company a certain time frame to pay the ransom or lose everything after that date as well as post any compliance related information on the internet.
  • If the company pays the ransom, it typically requires payment in Bitcoin because it is private and untraceable. Most companies don’t have a Bitcoin account, so they will need to pay a 3rd party company to convert the payment to Bitcoin in which the hackers will accept.
  • Once the ransom is paid, the hackers will provide all the decryption keys for every system that was encrypted.
  • The customer then has to randomly associate each decryption key to each server which can take days to do. The hackers don’t tell them which key goes to what specific server. If you have thousands of servers, that is a painfully long process all while your IT systems are still down.
  • Each virtual machine has to have twice the size of space on it in order to decrypt the system. Otherwise if there is not enough room on drive, decryption will fail until additional drive space is added. The time to go through this process can be painfully long based on how many systems need to be configured with additional storage.
  • At this point, this entire process from start to finish could be from days to weeks or more for a company to fully recover IF they pay the ransom.

For the company that has been attacked, if they have to pay the ransom due to being unable to restore from backups, this could mean a huge revenue loss for the company long term.

There are numerous costs associated to the attack:

  • The ransom itself.
  • The cost for 3rd party company to convert payment to Bitcoin.
  • Potential fines for breaking compliance due to leaked data if ransom not paid.
  • The associated cost of lost revenue due to systems being down for days, weeks, or more due to attack and recovery time frame of IT internal and externally facing services.
  • The associated cost of lost revenue due to bad reputation after personal data leaked.
  • The associated cost of massive increased hours worked by IT staff and any other employees to recover systems until they are back to normal operations.
  • Cost of new hardware/software implementation and associated man hours to implement new security measure to keep from being attacked again.
  • Legal actions against company for personal data leaked and other various reasons.
  • NEW (10/5/20) – US Department of the Treasury’s Office fines!

There are numerous precautions that can be taken to minimize the risk of your organization being attacked as well as recover easily and quickly to get your IT services up and running again. With that, securing your data protection (backup) solution becomes critical to protecting yourself against ransomware attacks.

How Cohesity Protects You Against Ransomware:

Cohesity takes security very serious and has extensive integrated cybersecurity in our solution. Listed below are the ways in which we protect your backups in our platform with the below principles and capabilities.

  • Reduce Attack Surface –
    • Zero trust architecture.
    • Bank-grade encryption (FIPS 140-2, NIST certified).
    • Single global platform.
    • No Windows or Linux front-end server.
  • Assess Security Posture & Vulnerabilities –
    • Vulnerability Management:
      • CyberScan App – Uncover cyber exposures and blind spots within your production environment by running on-demand and automated scans on backup snapshots against known vulnerabilities.
    • Advanced Threat Detection:
      • SentinalOne App – AI-powered prevention engine to Cohesity storage clusters, delivering the highest efficacy, lowest false positives, and most performant prevention technology. 100% signature-free and relies on machine learning models to deliver next-generation prevention. 
    • ClamAV App – Scan the files stored in the Cohesity DataPlatform directly, without sending the files to an external scanner.
    • Configuration analysis.
  • Access Management & Auditing –
    • Web UI, CLI, REST API’s all use SSL with TLS 1.2 and above.
    • Self-signed X509 certificates or company CA/certificates can be used.
    • Microsoft Active Directory integration and (RBAC) Role-Based Access Control.
    • (2FA) Two Factor Authentication (CAC / SAML).
    • (SSO) Single Sign-On Integration with SAML-based standards:
      • Active Directory
      • LDAP
      • Azure Active Directory
      • Okta
      • Ping
      • Duo
      • Shibboleth
    • Operational & file level accounting.
    • System & product level auditing.
    • Exportable granular audit logs.
    • Send logs to external syslog server.
    • Global whitelists network segments, individual IP’s, etc.
  • Data Governance / Compliance –
    • SEC 17a-f (f)
      • (WORM) Write Once Read Many & Data Security
    • FIPS 140-2 level 1
    • PCI DSS
    • Common Criteria EAL2+
    • Secure Government Clouds
      • AWS Govcloud
      • Azure Govcloud
      • C2S
    • (TAA) Trade Agreements Act
    • (ATO) Authority to Operate
    • GDPR / CCPA Governance –
      • Global actionable search.
      • We reduced copies of data on average from 8-10 copies to potentially 1-2 copies.
  • Defend –
    • Immutable file system –
      • Inaccessible from outside Cohesity cluster
      • Back ups stored in Read-Only state
    • DataLock / (WORM) Write-Once-Read-Many –
      • Unable to delete/modify snapshots until the set retention time has passed
    • LegalHold –
      • Unable to delete snapshots until LegalHold removed only by Data Security role
    • Provides a virtual “air gap”
  • Detect –
    • Helios machine learning driven anomaly detection.
      • Daily change rate on Logical data.
      • Daily change rate on stored data.
      • Pattern based on historical data ingest.
  • Respond –
    • Google-like global actionable search.
    • Instant mass restore – Recover hundreds or more virtual machines and have services up and running in the matter of minutes.
    • Salable file system to store years worth of backup copies.

Additional Resources – Cohesity & Ransomware Protection:

Attending VMworld And Interested In vSphere 6.5 Security? Try My “vSphere 6.5 Security – Getting Started” Lab!

Attending VMworld And Interested In vSphere 6.5 Security?

Try My “vSphere 6.5 Security – Getting Started” Lab!

If you are attending VMworld US 2017 from August 27-31st in Las Vegas, NV and you are interested in the new vSphere 6.5 Security feature sets, then I have a lab for you! I am a lab captain for the Hands On Labs and have two labs that I created for this years VMworld sessions.

These new labs as well as the many other will only be available at the VMworld US and Europe conferences initially. After both conferences are over, we slowly release most of the new labs to the public-facing Hands On Labs environment that anyone can get to with an internet connection. You will see some labs to start showing up on the public side right after VMworld and then the rest typically will be released within or month or so. No guarantee on what labs will make it to the public site and when they will show up though, that is just what I’ve typically seen over the past few years.

This is my first time as a lab captain and creating labs, so I would love to see some HUGE numbers of people taking my labs! It would make me feel good knowing that people learned something by taking my labs. If you end up taking either lab at VMworld or even after they have been released to the public-facing HOL site, let me know what you think! You can reach out to me on my social media outlets, the links to them are on the right side of the page.

Public Facing – Hands On Labs Site:  labs.hol.vmware.com

Below are the labs that I have built and a summary of each of them:

  • (HOL-1811-01-SDC) vSphere 6.5 – What’s New:
    • Description:  Explore some of the new features of vSphere 6.5 including VM Encryption, vCenter High Availability, and the new HTML5 vSphere Client. You will also learn about the improved vCenter Server Appliance and how to migrate from a Windows-based vCenter Server installation.
  • (HOL-1811-04-SDC) vSphere 6.5 Security – Getting Started:
    • Description:  Experience new security features of vSphere 6.5, including VM Encryption, Audit Quality Logging, Encrypted vMotion, Key. We also use our vRealize Log Insight solution to look at the enhanced logging of the vCenter server logs. Add Key Management Servers (KMS) to the vCenter server and create a trust between them. Then we use PowerCLI commands to encrypt/decrypt virtual machines as well as other encryption related tasks.

Don’t forget to stop into the Hands On Labs at VMworld and take some labs…see you there!

 

 

 

Missed The Latest VMware Announcements In The Past Month? Check Out This Summary!

Missed The Latest VMware Announcements In The Past Month?

Check Out This Summary!

 

 

Have you been busy lately and haven’t keep up to date with the latest VMware announcements over the last month or two? If so, you have missed quite a bit! So I thought I would make it easy on you and pull together all the recent announcements related to product updates, acquisitions, promotions, partnerships, VMworld, Wanna Cry Ransomeware, etc. This summary has a lot of great information that you want to be aware. I highly recommend that you read through the full list of announcements to be sure you are aware of them.

One link I would like to draw your attention to specifically is under “Security” which takes you to a VMware blog about the “WannaCry Ransomeware” attack that swept the world on May 12th, 2017 in over 150+ countries worldwide. The article discusses how VMware’s NSX solution and its “Zero Trust” model could have helped those that were attacked mitigate this attack. This just proves how important it is that businesses consider using VMware’s NSX solution to help protect their environments from attacks in ways that other solutions can’t.

 

Product Announcements:

 

Acquisitions:

 

Latest Promotions/Discounts:   http://www.vmware.com/promotions.html

  • New Promotion – User Environment Manager (UEM) 9.2
  • Updated Promotion- vRealize 25% Upgrade Promotions Extended to July 29, 2017

 

Security:

  • WannaCry Ransomware attack that attacks Microsoft operating systems swept the world on May 12th in over 150+ countries. Below is VMware’s response on how the NSX Zero-Trust model could have helped mitigate this attack using NSX. This is a great opportunity for you to drive how critical it is to use NSX and where other solutions couldn’t provide the same protection that we can from these types of attacks.

 

VMware Partnerships:  

 

VMware Partner Accreditation’s:

 

VMworld 2017:

 

7 Simple Ways to Secure Your Smartphone

7 Simple Ways to Secure Your Smartphone [blogs.air-watch.com]

7 Simple Ways to Secure Your Smartphone

As we move more of our work and personal lives digital and carry all of it in our pockets, securing our smartphones often feels daunting and confusing. If you follow a few simple steps, you can protect yourself from the vast majority of threats that exist—both physical and digital.


VMware Social Media Advocacy

Introducing the NSX-T Platform – Technical Whitepaper

Introducing the NSX-T Platform – Technical Whitepaper

Introducing the NSX-T Platform – Technical…

You may have seen the recent release announcement for VMware NSX for vSphere 6.3 and NSX-T 1.1. This technical white paper is focused on the VMware NSX-T architecture, components, and capabilities. We also explain the technical advantages and benefits of the NSX-T architecture.


VMware Social Media Advocacy

VMware NSX 6.2 Beginners Guide – From Zero to Full Deployment for Labs

VMware NSX 6.2 Beginners Guide – From Zero to Full Deployment for Labs – via Virten.net

VMware NSX 6.2 Beginners Guide – From Zero to…

This beginners guide explains how to deploy NSX in your homelab even with limited physical ressources by downsizing NSX Manager and NSX Controller VMs.


VMware Social Media Advocacy

VMware NSX for vSphere Essentials: A practical guide to implementing Network Virtualization

Available for pre order – VMware NSX for vSphere Essentials: A practical guide to implementing Network Virtualization

Available for pre order – VMware NSX for…

This is the first definitive reference for all network and data center virtualization professionals planning, implementing, or operating VMware NSX 6.2 for vSphere.


VMware Social Media Advocacy

VMware vCloud Air Network Free Trial

[Video] VMware vCloud Air Network Free Trial

VMware vCloud Air Network Free Trial

Find your ideal partner in the cloud, Ease your journey with a vCloud Air Network free trial to ensure the services you select meet your expectations and business requirements. Go to vcloudairnetwork.com.


VMware Social Media Advocacy

Early Release eBook – Network Programmability and Automation Skills for the Next-Generation Network Engineer

Early Release eBook – Network Programmability and Automation Skills for the Next-Generation Network Engineer – via ntpro.nl

Early Release eBook – Network Programmability…

With Early Release ebooks, you get books in their earliest form—the author’s raw and unedited content as he or she writes—so you can take advantage of these technologies long before the official release of these titles. You’ll also receive updates when significant changes are made, new chapters are available, and the final ebook bundle is released.


VMware Social Media Advocacy

How-to Create a Security Banner for ESXi

How-to Create a Security Banner for ESXi – via ESX Virtualization

How-to Create a Security Banner for ESXi

This tip will allow you to add a security banner to the ESXi direct console. It can be a security message or informative message. Sometimes within an organization, there is a need to have such a message displayed prior to login. This post How-to Create a Security Banner for ESXi, was brought to you by ESX Virtualization.


VMware Social Media Advocacy

Glimmers of Hope for IoT Security – via VMware CIO Vantage

Glimmers of Hope for IoT Security – via VMware CIO Vantage

Glimmers of Hope for IoT Security

Amid reports of massive IoT hacks, the industry is ramping up initiatives to bolster the security of the IoT ecosystem.


VMware Social Media Advocacy

NSX and Micro-segmentation

NSX and Micro-segmentation

NSX and Micro-segmentation

In this video I will go over the basic concept of micro segmentation within the datacenter. micro segmentation is a key feature of NSX and a common use case for customers as it allows distinct isolation between servers and their east / west traffic. This is not easily accomplished with traditional hardware firewalls, using NSX creating segmentation rules is simplified and manageable.


VMware Social Media Advocacy

Basic VMware Security Tools and Practices

Basic VMware Security Tools and Practices

Basic VMware Security Tools and Practices

I had the pleasure of joining my first ever internal security conference called MooseCon (Making Our Organization Security Experts Conference). There were a variety of topics discussed, but one particular talk by Noah Wasmer, Senior Vice President of Mobile Products, stayed with me the most. Noah discussed recent cyber attacks in the news, and he asked, “If you were on the front page of the Wall Street Journal because of a security breach, what would that do to your business?”


VMware Social Media Advocacy

Automated Deployment and Setup of vRealize Network Insight (vRNI) – virtuallyGhetto

Automated deployment and setup of vRealize Network Insight (vRNI) – virtuallyGhetto

Automated deployment and setup of vRealize…

Earlier last week I had deployed the latest version of vRealize Network Insight (vRNI) 3.2 in my home lab to learn more about the product and its capabilities. The vRNI setup involves involves deploying two Virtual Machines, the first being the main vRNI Platform OVA. Once the vRNI Platform VM has been deployed, you will need to activate it with […]


VMware Social Media Advocacy

The Security Features in vSphere 6.5 – RJ Approves

The Security Features in vSphere 6.5 – RJ Approves

The Security Features in vSphere 6.5 – RJ Approves

Its refreshing to see VMware put efforts and focus on security features in the vSphere 6.5 release this year. VM encryption, vMotion encryption and VM Secure boot are a few to name. I will briefly …Read More


VMware Social Media Advocacy

[Webcast Series] Enabling Next Generation Data Center Security with VMware NSX

[Webcast Series] Enabling Next Generation Data Center Security with VMware NSX

[Webcast Series] Enabling Next Generation Data…

RSVP to our #NSX lightboard webcasts for an overview of how to implement micro-segmentation.


VMware Social Media Advocacy

The difference Between VM Encryption in vSphere 6.5 and vSAN Encryption (Yellow-Bricks)

The difference Between VM Encryption in vSphere 6.5

and vSAN 6.5 Encryption (Yellow-Bricks)

 

More and more people are starting to ask me what the difference is between VMCrypt aka VM Encryption and the beta feature we announced not to long ago called vSAN Encryption. (Note, we announced a beta, no promises were made around dates or actual releases or releasing of the feature.) Both sounds very much the same and essential both end up encrypting the VM but there is a big difference in terms of how it is implemented. There are advantages and disadvantages to both solutions. Lets look at VM Encryption first.

VM Encryption is implemented through VAIO (vSphere APIs for IO Filters). The VAIO framework allows a filter driver to do “things” to/with the IO that a VM sends down to a device. One of these things is encryption. Now before I continue, take a look at this picture of where the filter driver sits.

As you can see the filter driver is implemented in the User World and the action against the IO is taken at the top level. If this for instance is encryption then any data send across the wire is already encrypted. Great in terms of security of course. And all of this can be enabled through policy. Simply create the policy, select the VM or VMDK you want to encrypt and there you go. So if it is that awesome, why vSAN Encryption?

 

Continue Reading Blog… Click Here!

 

 

 

 

 

 

 

 

 

Get a holistic view of your network with vRealize Network Insight – TechTarget

Get a holistic view of your network with vRealize Network Insight – TechTarget

Get a holistic view of your network with…

VMware vRealize Network Insight promises to provide a comprehensive view of the network, as well as better NSX management. We put it to the test to see if this promise holds up.


VMware Social Media Advocacy

vSphere 6.5 – How VM’s are Secured using…

vSphere 6.5 – How VM’s are Secured using vSphere 6.5 Security Features? -via http://www.vmwarearena.com

vSphere 6.5 – How VM’s are Secured using…

vSphere 6.5 released with lot of new features that most of them were waiting for. vSphere 6.5, the latest version of its industry-leading virtualization platform. This new release of vSphere features a dramatically simplified experience, comprehensive built-in security, and a universal app platform for running any app. I agree with the feature sets, availability and […] The post vSphere 6.5 – How VM’s are Secured using vSphere 6.5 Security Features? appeared first on VMware Arena.


VMware Social Media Advocacy

What’s new in vSphere 6.5: Security

What’s new in vSphere 6.5: Security -VMware vSphere Blog

What’s new in vSphere 6.5: Security

vSphere 6.5 is a turning point in VMware infrastructure security. What was mostly an afterthought by many IT folks only a few short years ago is now one of the top drivers of innovation for vSphere. Security has become a front and center focus of this release and I think you’ll like what we’ve come up with.


VMware Social Media Advocacy

Introducing VMware Workspace ONE Essentials

Introducing VMware Workspace ONE Essentials -VMware EUC Blog

Introducing VMware Workspace ONE Essentials

As we look back over the last year, it’s been an incredible ride for VMware’s End-User Computing team. We introduced VMware Workspace ONE in February to transform the delivery of secure digital workspaces to workers on any device anywhere. The feedback has been extremely positive, with organizations like American Red Cross using Workspace ONE to […] The post Introducing VMware Workspace ONE Essentials appeared first on VMware End-User Computing Blog .


VMware Social Media Advocacy

Two vCPU NSX controller for lab environment

Two vCPU NSX controller for lab environment -VMGuru

Two vCPU NSX controller for lab environment

When installing NSX in a environment, you will at some point need to deploy NSX controllers. By default these controllers are equiped with four vCPU’s, which is fine for a production environment. Butif you want to play around withNSX in a lab environment like I wanted to, then you might not have the hardware (in my case 1 CPU, 2 cores) to support those four vCPU’s. In this article I will describe how I managed to deploy a two vCPU NSX controller for lab environment. Before we start I need to…Read More


VMware Social Media Advocacy

10 Things We Learned Today at Connect Atlanta

10 Things We Learned Today at Connect Atlanta -AirWatch Blog

10 Things We Learned Today at Connect Atlanta

Gargantuan disruption on the way, new analytics technology, working with smart glasses—here are today’s top 10 takeaways from Connect Atlanta. 1. Swift, Sweeping Change Coming We are entering into the fourth industrial revolution, said Noah Wasmer today, head of mobile products at VMware AirWatch. Drones are following us, devices are becoming slimmer and more disposable […]


VMware Social Media Advocacy

Monumental AirWatch 9.0 & Workspace ONE Updates…

Monumental AirWatch 9.0 & Workspace ONE Updates Bring the Digital Workspace to Life -AirWatch Blog

Monumental AirWatch 9.0 & Workspace ONE Updates…

Connect Atlanta always serves as the launch pad for new innovations in the world of business mobility. 2016 is no different. In fact, this might be our most memorable Connect ever. Today at Connect Atlanta 2016, we revealed so many new updates and features that I’m floored by the work our R&D teams did in […]


VMware Social Media Advocacy

Monumental AirWatch 9.0 & Workspace ONE Updates…

Monumental AirWatch 9.0 & Workspace ONE Updates Bring the Digital Workspace to Life -AirWatch Blog

Monumental AirWatch 9.0 & Workspace ONE Updates…

Connect Atlanta always serves as the launch pad for new innovations in the world of business mobility. 2016 is no different. In fact, this might be our most memorable Connect ever. Today at Connect Atlanta 2016, we revealed so many new updates and features that I’m floored by the work our R&D teams did in […]


VMware Social Media Advocacy

Learning NSX-Part-7-Distributed Logical Router…

Learning NSX-Part-7-Distributed Logical Router Tidbits -Virtual Reality

Learning NSX-Part-7-Distributed Logical Router…

In last post of this series we discussed about Logical Switching and understood when do we use logical switching. Also we deployed our first logical switch and moved a VM over to the newly created switch. In this post we … Continue reading →


VMware Social Media Advocacy

VMworld and the Future of Networking

“VMworld and the Future of Networking” via VMware CTO Blog

VMworld and the Future of Networking

A recurring theme at VMworld was of NSX as a bridge from solving the problems of today to tackling the emerging and unseen requirements of tomorrow.


VMware Social Media Advocacy

VMware vRealize Network Insight: Visibility

VMware vRealize Network Insight: Visibility

VMware vRealize Network Insight: Visibility

Get 360 degree visibility across overlay and underlay to troubleshoot and optimize network performance.


VMware Social Media Advocacy

[Webcast] Save Time Securely: Technical…

[Webcast] Save Time Securely: Technical Introduction to VMware NSX

[Webcast] Save Time Securely: Technical…

Save your spot in our NSX technical webcast on 10/5 and see how network virtualization allows you to roll out non-disruptive deployment—completely decoupled from network hardware. Sign up now.


VMware Social Media Advocacy

VMware vRealize Network Insight:…

VMware vRealize Network Insight: Micro-segmentation

VMware vRealize Network Insight:…

Plan micro-segmentation deployment and ensure compliance.


VMware Social Media Advocacy