Educause Security Discussion mailing list archives
Re: Offline Backups for Ransomware Protection
From: Shane Kroening <skroening () QUALYS COM>
Date: Thu, 26 Aug 2021 15:23:06 +0000
Jeremy, I would echo John in using VEEAM and making sure your backups are digitally air-gapped from your network so in the event of a compromise or data loss it will not impact your backups. I’ve seen a lot of success using VEEAM alongside Azure for storage and I’m sure AWS or GCP could be viable options as well. Please feel free to reach out if you’d like more details. Best, Shane Kroening [signature_796095325] <https://www.linkedin.com/company/qualys> Technical Account Manager, Pre-Sales, Central (SLED) skroening () qualys com<mailto:skroening () qualys com> 414.791.5674 Qualys, Inc. – Blog<https://qualys.com/blog> | Community<https://community.qualys.com/> | Twitter<https://twitter.com/qualys> Schedule a Call<https://outlook.office365.com/owa/calendar/ShaneKroening () qualys onmicrosoft com/bookings/> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of John Ramsey <jramsey () STUDENTCLEARINGHOUSE ORG> Date: Thursday, August 26, 2021 at 9:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Offline Backups for Ransomware Protection We’re using a combination of AWS and VEEAM. Attached is a really good two pager on back up strategies as a best practice, it’s worth a quick read if you have a second. I think the interesting stat that is out there from Net Diligence states “ Keep offline copies. Keep offline backups of your vital data to avoid the accidental spread of malware from publicly connected infected computers. Make sure your external storage drives or cloud backups are properly disconnected from your main corporate network to prevent backups from being accessed/infected by the spread of ransomware. Cybersecurity experts have posited that in up to 80 percent of incidents, certain types of ransomware impacted both regular network/devices and the backups. Timely recovery following a successful ransomware attack is significantly impacted by the efficacy of backup and backup segregation practices. John John Ramsey, Chief Information Security Officer National Student Clearinghouse Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT 2300 Dulles Station Blvd., Suite 220 Herndon, VA 20171 703.742.4428 | studentclearinghouse.org<http://www.studentclearinghouse.org> LinkedIn<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590166954&sdata=MdT45I1n7Hwbp8Zlkxlm0wEd0LdLnq5Cpr91ybCEjHw%3D&reserved=0> | Twitter<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590171933&sdata=idMHM8D4VdMRpIa2H1YUTmwMgC4ZU0L2jqL3VjVNs4s%3D&reserved=0> | Facebook<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590176915&sdata=ILW%2BPdv1fgHooOkbQlkP9ei%2BJOsk7YlCMzYNU572flU%3D&reserved=0> | Blog<https://www.studentclearinghouse.org/nscblog/> | Instagram<https://www.instagram.com/NSClearinghouse/> Serving Education Since 1993 This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain confidential or privileged information. If you receive this message in error, please contact the sender and delete all copies. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pelegrin, Jeremy J Sent: Thursday, August 26, 2021 10:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Offline Backups for Ransomware Protection EXTERNAL MESSAGE All, As we work to improve our ransomware posture, what are others doing for offline backups for recovery? Is it a subset of systems/data only? What technologies are being used? Happy to discuss offline if preferred. All the best, Jeremy Jeremy Pelegrin, MBA (He/him/his) Interim CISO | Information Technology Tulane University | 504-988-8548 (o) | 504-444-3536 (c) Collaborate | Innovate | Deliver<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fts.tulane.edu%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C24d26feda87743b0dadf08d9689fb4a9%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637655857400073452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C7000&sdata=y3%2BqZVigaxCzUJoRNKWsKz%2BHALpfP3GXXK%2BzsiELUCU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C24d26feda87743b0dadf08d9689fb4a9%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637655857400083411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C7000&sdata=0UDdUG5Xa%2F9d2YMXdwiWoVEKBBxgbjgkWY4lYRdXGB8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community [https://d1dejaj6dcqv24.cloudfront.net/asset/image/email-banner-384-2x.png]<https://www.qualys.com/email-banner> This message may contain confidential and privileged information. If it has been sent to you in error, please reply to advise the sender of the error and then immediately delete it. If you are not the intended recipient, do not read, copy, disclose or otherwise use this message. The sender disclaims any liability for such unauthorized use. NOTE that all incoming emails sent to Qualys email accounts will be archived and may be scanned by us and/or by external service providers to detect and prevent threats to our systems, investigate illegal or inappropriate behavior, and/or eliminate unsolicited promotional emails (“spam”). If you have any concerns about this process, please contact us. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Offline Backups for Ransomware Protection Pelegrin, Jeremy J (Aug 26)
- Re: Offline Backups for Ransomware Protection John Ramsey (Aug 26)
- Re: Offline Backups for Ransomware Protection Shane Kroening (Aug 26)
- Re: Offline Backups for Ransomware Protection Blake Brown (Aug 26)
- Re: Offline Backups for Ransomware Protection Frank Barton (Aug 26)
- Re: [EXTERNAL] Re: [SECURITY] Offline Backups for Ransomware Protection Kevin Cleary (Aug 26)
- Re: [EXTERNAL] Re: [SECURITY] Offline Backups for Ransomware Protection Blake Brown (Aug 26)
- Re: Offline Backups for Ransomware Protection Shane Kroening (Aug 26)
- Re: Offline Backups for Ransomware Protection John Ramsey (Aug 26)
- Re: [EXTERNAL]Re: [SECURITY] Offline Backups for Ransomware Protection Holley, Brian (Aug 26)
- Re: [EXTERNAL]Re: [SECURITY] Offline Backups for Ransomware Protection McCain, Alan (Sep 20)