alphaspirit - Fotolia

Retrospect locks down backup data against ransomware

Retrospect Backup 18 focuses on anti-ransomware with the ability to make backups stored in public clouds immutable and an updated management console with security features.

Retrospect is locking down backup copies to guard them against unauthorized encryption.

Retrospect Backup 18 became generally available this week, featuring integration with object locking capabilities supported by major cloud providers. Through Retrospect's web-based console, customers will be able to make objects in Amazon S3, Wasabi, Backblaze B2, Google Cloud Storage and Microsoft Azure immutable for set periods of time.

Ransomware attacks may attempt to encrypt or delete backup data so victims have nothing to recover with should they lose their primary copies. Making the backup copies unalterable thwarts this method of attack.

Public cloud providers commonly support immutable storage, but the setup process requires multiple steps. Through APIs, Retrospect distills the process of creating immutable cloud storage for backups to a few clicks.

However, every cloud is different, so Retrospect's lockdown capability is only as granular as what each cloud provides. For Amazon S3, Retrospect can object lock down to the file level, but for Google Cloud and Azure, it can support only bucket-level object lock.

Retrospect Backup's management console also got a facelift in version 18. It now provides a global map displaying where customers' endpoints and servers are, alongside information on backup jobs at those sites. New reporting features let customers know when sites are outside their backup policy, or when change rates suddenly spike -- indicators that a ransomware attack may be occurring.

The global map currently only provides information, but customers will be able to initiate backup and restore jobs through it in a future release.

Screenshot of Retrospect Backup
Retrospect Backup can now make backups immutable.

Ransomware continues to be an ever-looming threat, but there are still SMB customers that ignore it, said JG Heithcock, general manager of Retrospect, a StorCentric company. They either believe their data is safe in the cloud or that it's the cloud providers' responsibility to protect data. Some think they'll never be attacked because they're not a large enough business to make headlines, Heithcock added.

"Ransomware is still a big deal, but I think people have been kind of ignoring it when it hasn't been happening to them," he said.

But SMBs are precisely what cybercriminals go after, said Liz Miller, vice president and principal analyst at Constellation Research. It's easier for a thief to hit multiple, undefended small businesses for $100,000 apiece than to try to hold up a Fortune 500 company for millions.

Smaller companies tend to rely on their cloud providers' security tools and protocols, as they don't normally have the resources to build their own, Miller added. They simply don't have the experience or expertise to defend themselves against ransomware attacks.

The reality is the midmarket is a ripe target for ransomware.
Liz MillerVice president and principal analyst, Constellation Research

"The reality is the midmarket is a ripe target for ransomware," Miller said.

Native IT tools with robust security features, such as what Retrospect Backup introduced in version 18, is a step in the right direction, Miller said. Many companies separate IT operations from security operations, and when security doesn't have visibility into IT systems, that introduces vulnerability, she added.

Immutability alone will not defeat ransomware, Miller said. Cybercriminals can circumvent it by stealing backup admins' credentials, then changing who has access to the backups or setting the retention policy to zero days. This highlights the importance for security teams to be able to see into IT operations, as it allows them to implement measures for tracking access and limiting the blast radius of an attack.

No system is fully bulletproof, but the chances an organization can prevent or recover from ransomware greatly improve if IT and security are working together, Miller said.

"The opportunity here is you now have a common plane for IT and security to really come together," Miller said.

Other backup vendors have similarly tried to bridge this gap by introducing security features to their products, such as Druva with its FireEye partnership and Arcserve with its Sophos partnership. Acronis's product combines data protection and security features out of the box.

Next Steps

ExaGrid revealed as latest Conti ransomware casualty

Dig Deeper on Data backup security