Re: Offline Backups for Ransomware Protection

[Blake Brown <Blake.Brown () MHCC EDU>]

Concur as well with using Veeam/AWS and/or Azure for offline storage. We are re-designing our entire backup 
infrastructure and will be deploying this model using Pure Storage Safemode and Veeam's immutable technologies to AWS. 
Just cannot happen quickly enough for me with all the risk out there!


https://community.veeam.com/blogs-and-podcasts-57/3-2-1-1-0-golden-backup-rule-569
https://www.veeam.com/blog/v11-immutable-backup-storage.html
https://blog.purestorage.com/products/protect-your-data-from-ransomware-with-safemode-snapshots/


Blake Brown
Infrastructure Manager

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Shane Kroening 
<skroening () QUALYS COM>
Sent: Thursday, August 26, 2021 8:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Offline Backups for Ransomware Protection

External Email

Jeremy,



I would echo John in using VEEAM and making sure your backups are digitally air-gapped from your network so in the 
event of a compromise or data loss it will not impact your backups.



I’ve seen a lot of success using VEEAM alongside Azure for storage and I’m sure AWS or GCP could be viable options as 
well. Please feel free to reach out if you’d like more details.



Best,



Shane Kroening  [signature_796095325] <https://www.linkedin.com/company/qualys>

Technical Account Manager, Pre-Sales, Central (SLED)



skroening () qualys com<mailto:skroening () qualys com>

414.791.5674



Qualys, Inc. – Blog<https://qualys.com/blog> | Community<https://community.qualys.com/> | 
Twitter<https://twitter.com/qualys>



Schedule a Call<https://outlook.office365.com/owa/calendar/ShaneKroening () qualys onmicrosoft com/bookings/>







From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of John Ramsey 
<jramsey () STUDENTCLEARINGHOUSE ORG>
Date: Thursday, August 26, 2021 at 9:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Offline Backups for Ransomware Protection

We’re using a combination of AWS and VEEAM.  Attached is a really good two pager on back up strategies as a best 
practice, it’s worth a quick read if you have a second.  I think the interesting stat that is out there from Net 
Diligence states “



Keep offline copies. Keep offline backups of your vital data to avoid the accidental spread of malware from publicly 
connected infected computers. Make sure your external storage drives or cloud backups are properly disconnected from 
your main corporate network to prevent backups from being accessed/infected by the spread of ransomware. Cybersecurity 
experts have posited that in up to 80 percent of incidents, certain types of ransomware impacted both regular 
network/devices and the backups. Timely recovery following a successful ransomware attack is significantly impacted by 
the efficacy of backup and backup segregation practices.



John



John Ramsey, Chief Information Security Officer
National Student Clearinghouse
Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT

2300 Dulles Station Blvd., Suite 220
Herndon, VA 20171
703.742.4428 | studentclearinghouse.org<http://www.studentclearinghouse.org>
LinkedIn<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590166954&sdata=MdT45I1n7Hwbp8Zlkxlm0wEd0LdLnq5Cpr91ybCEjHw%3D&reserved=0>
 | 
Twitter<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590171933&sdata=idMHM8D4VdMRpIa2H1YUTmwMgC4ZU0L2jqL3VjVNs4s%3D&reserved=0>
 | 
Facebook<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590176915&sdata=ILW%2BPdv1fgHooOkbQlkP9ei%2BJOsk7YlCMzYNU572flU%3D&reserved=0>
 | Blog<https://www.studentclearinghouse.org/nscblog/> | Instagram<https://www.instagram.com/NSClearinghouse/>

Serving Education Since 1993



This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain 
confidential or privileged information. If you receive this message in error, please contact the sender and delete all 
copies.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pelegrin, Jeremy J
Sent: Thursday, August 26, 2021 10:42 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Offline Backups for Ransomware Protection



EXTERNAL MESSAGE

All,



As we work to improve our ransomware posture, what are others doing for offline backups for recovery? Is it a subset of 
systems/data only? What technologies are being used?



Happy to discuss offline if preferred.



All the best,
Jeremy





Jeremy Pelegrin, MBA (He/him/his)

Interim CISO | Information Technology

Tulane University | 504-988-8548 (o) | 504-444-3536 (c)



Collaborate | Innovate | 
Deliver<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fts.tulane.edu%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C24d26feda87743b0dadf08d9689fb4a9%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637655857400073452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C7000&sdata=y3%2BqZVigaxCzUJoRNKWsKz%2BHALpfP3GXXK%2BzsiELUCU%3D&reserved=0>



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C24d26feda87743b0dadf08d9689fb4a9%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637655857400083411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C7000&sdata=0UDdUG5Xa%2F9d2YMXdwiWoVEKBBxgbjgkWY4lYRdXGB8%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



[https://d1dejaj6dcqv24.cloudfront.net/asset/image/email-banner-384-2x.png]<https://www.qualys.com/email-banner>



This message may contain confidential and privileged information. If it has been sent to you in error, please reply to 
advise the sender of the error and then immediately delete it. If you are not the intended recipient, do not read, 
copy, disclose or otherwise use this message. The sender disclaims any liability for such unauthorized use. NOTE that 
all incoming emails sent to Qualys email accounts will be archived and may be scanned by us and/or by external service 
providers to detect and prevent threats to our systems, investigate illegal or inappropriate behavior, and/or eliminate 
unsolicited promotional emails (“spam”). If you have any concerns about this process, please contact us.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community