Re: Offline Backups for Ransomware Protection

[Frank Barton <bartonf () HUSSON EDU>]

We looked at the ongoing cost of cloud storage, and ended up going much
more old-school... LTO tapes... Once they're out of the tape robot, they
are truely Air-Gapped

Frank

On Thu, Aug 26, 2021 at 11:40 AM Blake Brown <Blake.Brown () mhcc edu> wrote:

> Concur as well with using Veeam/AWS and/or Azure for offline storage. We
> are re-designing our entire backup infrastructure and will be deploying
> this model using Pure Storage Safemode and Veeam's immutable technologies
> to AWS. Just cannot happen quickly enough for me with all the risk out
> there!
>
>
>
> https://community.veeam.com/blogs-and-podcasts-57/3-2-1-1-0-golden-backup-rule-569
> https://www.veeam.com/blog/v11-immutable-backup-storage.html
>
> https://blog.purestorage.com/products/protect-your-data-from-ransomware-with-safemode-snapshots/
>
>
> Blake Brown
> Infrastructure Manager
>
> ------------------------------
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Shane Kroening <
> skroening () QUALYS COM>
> *Sent:* Thursday, August 26, 2021 8:23 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject:* Re: [SECURITY] Offline Backups for Ransomware Protection
>
> *External Email*
>
> Jeremy,
>
>
>
> I would echo John in using VEEAM and making sure your backups are
> digitally air-gapped from your network so in the event of a compromise or
> data loss it will not impact your backups.
>
>
>
> I’ve seen a lot of success using VEEAM alongside Azure for storage and I’m
> sure AWS or GCP could be viable options as well. Please feel free to reach
> out if you’d like more details.
>
>
>
> Best,
>
>
>
> Shane Kroening  [image: signature_796095325]
> <https://www.linkedin.com/company/qualys>
>
> *Technical Account Manager, Pre-Sales, Central (SLED)*
>
>
>
> *skroening () qualys com <skroening () qualys com>*
>
> 414.791.5674
>
>
>
> Qualys, Inc. – Blog <https://qualys.com/blog> | Community
> <https://community.qualys.com/> | Twitter <https://twitter.com/qualys>
>
>
>
> Schedule a Call
> <https://outlook.office365.com/owa/calendar/ShaneKroening () qualys onmicrosoft com/bookings/>
>
>
>
>
>
>
>
> *From: *The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of John Ramsey <
> jramsey () STUDENTCLEARINGHOUSE ORG>
> *Date: *Thursday, August 26, 2021 at 9:49 AM
> *To: *SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject: *Re: [SECURITY] Offline Backups for Ransomware Protection
>
> We’re using a combination of AWS and VEEAM.  Attached is a really good two
> pager on back up strategies as a best practice, it’s worth a quick read if
> you have a second.  I think the interesting stat that is out there from Net
> Diligence states “
>
>
>
> *Keep offline copies*. Keep offline backups of your vital data to avoid
> the accidental spread of malware from publicly connected infected
> computers. Make sure your external storage drives or cloud backups are
> properly disconnected from your main corporate network to prevent backups
> from being accessed/infected by the spread of ransomware. Cybersecurity
> experts have posited that in up to 80 percent of incidents, certain types
> of ransomware impacted both regular network/devices and the backups.
> Timely recovery following a successful ransomware attack is significantly
> impacted by the efficacy of backup and backup segregation practices.
>
>
>
> John
>
>
>
> *John Ramsey*, Chief Information Security Officer
>
> *National Student Clearinghouse *Certified: CISSP, CISM, PMP, CSSLP,
> CRISC, CGEIT
>
> 2300 Dulles Station Blvd., Suite 220
> Herndon, VA 20171
> 703.742.4428 | studentclearinghouse.org
> <http://www.studentclearinghouse.org>
> LinkedIn
> <https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590166954&sdata=MdT45I1n7Hwbp8Zlkxlm0wEd0LdLnq5Cpr91ybCEjHw%3D&reserved=0>
>  | Twitter
> <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590171933&sdata=idMHM8D4VdMRpIa2H1YUTmwMgC4ZU0L2jqL3VjVNs4s%3D&reserved=0>
>  | Facebook
> <https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590176915&sdata=ILW%2BPdv1fgHooOkbQlkP9ei%2BJOsk7YlCMzYNU572flU%3D&reserved=0>
>  | Blog <https://www.studentclearinghouse.org/nscblog/> | Instagram
> <https://www.instagram.com/NSClearinghouse/>
>
> *Serving Education Since 1993*
>
>
>
> This message is proprietary to the National Student Clearinghouse, is
> intended only for the addressee and may contain confidential or privileged
> information. If you receive this message in error, please contact the
> sender and delete all copies.
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Pelegrin, Jeremy J
> *Sent:* Thursday, August 26, 2021 10:42 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Offline Backups for Ransomware Protection
>
>
>
> *EXTERNAL MESSAGE*
>
> All,
>
>
>
> As we work to improve our ransomware posture, what are others doing for
> offline backups for recovery? Is it a subset of systems/data only? What
> technologies are being used?
>
>
>
> Happy to discuss offline if preferred.
>
>
>
> All the best,
> Jeremy
>
>
>
>
>
> *Jeremy Pelegrin, MBA *(He/him/his)
>
> *Interim CISO *| Information Technology
>
> Tulane University | 504-988-8548 (o) | 504-444-3536 (c)
>
>
>
> *Collaborate | Innovate | Deliver*
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fts.tulane.edu%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C24d26feda87743b0dadf08d9689fb4a9%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637655857400073452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C7000&sdata=y3%2BqZVigaxCzUJoRNKWsKz%2BHALpfP3GXXK%2BzsiELUCU%3D&reserved=0>
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C24d26feda87743b0dadf08d9689fb4a9%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637655857400083411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C7000&sdata=0UDdUG5Xa%2F9d2YMXdwiWoVEKBBxgbjgkWY4lYRdXGB8%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
>
> <https://www.qualys.com/email-banner>
>
>
>
> This message may contain confidential and privileged information. If it
> has been sent to you in error, please reply to advise the sender of the
> error and then immediately delete it. If you are not the intended
> recipient, do not read, copy, disclose or otherwise use this message. The
> sender disclaims any liability for such unauthorized use. NOTE that all
> incoming emails sent to Qualys email accounts will be archived and may be
> scanned by us and/or by external service providers to detect and prevent
> threats to our systems, investigate illegal or inappropriate behavior,
> and/or eliminate unsolicited promotional emails (“spam”). If you have any
> concerns about this process, please contact us.
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems & InfoSec Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437
(He/Him/His)

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community