1 of 56

Recovery in the Bunker

Ransomware/hacker recovery

Daniel.Olkowski@dell.com

The most fresh ppt version of this document, you will find at:�http://backuprecoveryguy.blogspot.com/2022/07/backup-and-recovery-materials.html

Video covering Cyber Recovery:�https://youtu.be/jtgm2WHpFPk

Article about Cyber Recovery:

http://backuprecoveryguy.blogspot.com/2020/01/ransomware-attack-how-can-we-recover.html

1

of 20

Internal Use - Confidential

2 of 56

Recovery in the Bunker

Ransomware/hacker recovery

Daniel.Olkowski@dell.com

2

of 20

Internal Use - Confidential

3 of 56

Agenda

Introduction
Why Cyber Bunker?
What is Cyber Bunker?

Components

What can we do in Cyber Bunker?
Recovery architecture
Costs

3

of 20

Internal Use - Confidential

4 of 56

Introduction

4

of 20

Internal Use - Confidential

5 of 56

Cyber Bunker – why is important?

Castle strategy

5

Internal Use - Confidential

6 of 56

Cyber Bunker – why is important?

Castle strategy

Real time

protection

6

Internal Use - Confidential

7 of 56

Cyber Bunker – why is important?

Ambulance strategy

7

Internal Use - Confidential

8 of 56

Cyber Bunker – why is important?

Ambulance strategy

Cyber Bunker

8

Internal Use - Confidential

9 of 56

Why Cyber Bunker?

9

of 20

Internal Use - Confidential

10 of 56

Cyber Bunker answers for the following questions:

What if I am encrypted?
Am I being encrypted?
Who encrypts me?
How to stop being encrypted?
Which copy to use to recover?
How to recover?

10

Internal Use - Confidential

11 of 56

Cyber Bunker answers for the following questions:

What if I am encrypted?
Am I being encrypted?
Who encrypts me?
How to stop being encrypted?
Which copy to use to recover?
How to recover?

11

Internal Use - Confidential

12 of 56

Cyber Bunker answers for the following questions:

What if I am encrypted?
Am I being encrypted?
Who encrypts me?
How to stop being encrypted?
Which copy to use to recover?
How to recover?

Do you have a plan in case your data was encrypted �by ransomware / hacker attack?

12

Internal Use - Confidential

13 of 56

What does Cyber Bunker offer?

Guaranted recovery after ransomware/hacker attack
Detection of attack
Procedure for recovery
Tests

13

Internal Use - Confidential

14 of 56

Gartner about �Cyber Bunker

14

of 20

Internal Use - Confidential

15 of 56

What does Cyber Bunker offer?

Isolated recovery environments (IREs) with immutable data vaults (IDVs) provide the highest level of security

https://www.gartner.com/doc/reprints?id=1-26MS5FD1&ct=210623&st=sb

15

Internal Use - Confidential

16 of 56

What is Cyber Bunker?�Componentes

16

of 20

Internal Use - Confidential

17 of 56

Cyber Recovery Requirements

Isolation

Physical & logical �separation of data

Immutability

Preserve original �integrity of data

Modern threats require modern solutions

Intelligence

ML & analytics �identify threats

17

of Y

Speaker Notes:

Over the past 6 years of helping our customers protect their critical data and recover their businesses following a successful cyber attack or ransomware incident, we have found that there are 3 main components and common characteristics of a Cyber Recovery solution:

Isolation – Physical (via a locked room on-prem, in an off-prem or cloud-based vault) and Logical (data and management path, command and control access) separation of the cyber recovery vault from the attack surface of production and backup infrastructure.�
Immutability – Although the market disagrees on a standard definition, Dell defines immutability as hardware and/or software, in addition to additional controls that ensure the original integrity, confidentiality and availability of the vault data is preserved. �
Intelligence – Applying innovative and comprehensive tools and analytics, machine learning and AI within the security of the vault to identify potential cyber threats or corruption and to help to ensure vaulted data is recoverable.

The significance is the 3 of these components working independently and collectively within an integrated solution to provide the maximum levels of security and protection for vaulted data and to give you the best possible chance to recover vaulted data with integrity and confidence should an attack penetrate the data center.

Solutions that offer 1 or 2 of these components as features of backup or DR products and services, while useful, should not be expected to provide the same levels of protection of critical data when faced with a sophisticated attack that impacts production, backup and perhaps DR.

While such features as storing backups in some immutable form provide an incremental amount of protection over non-immutable backups, this feature alone will not withstand insider credentialed attacks or NTP attacks which fool many software-defined storage systems into releasing the retention period believing it had expired due to the cyber criminals tampering with the NTP setting.

NEXT SLIDE

18 of 56

Cyber Bunker

A complete solution that allows recovery �after hacker/ransomware attack.

Isolated from production, with any frequency�Cyber Bunker keeps historical snapshots of all data �with no possibility to remove, change, encrypt by ransomware/hacker.

All the operations in Cyber Bunker - grabbing data, compliance protection, checking against virus, recovery – are fully automated.

Be safe!

Dell - Internal Use - Confidential

18

of Y

Internal Use - Confidential

19 of 56

IT Infrastructure

Any backup�software

Backup

Recovery

SITE A

IT Infrastructure

Any backup�software

SITE B

Disaster Recovery

1% data transfer

100% recovery

Data Domain

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Ransomware

protection

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Cyber

Sense

Backup

software

Sandbox

Any tests

Ransomware

protection

Management

and automation

Data Domain

Dell - Internal Use - Confidential

19

of Y

Internal Use - Confidential

20 of 56

https://borncity.com/win/2021/11/08/ransomware-angriff-auf-media-markt-saturn/

https://www.retaildetail.eu/en/news/electronics/mediamarkt-victim-international-cyber-attack

Is is it real?

https://www.komputerswiat.pl/aktualnosci/bezpieczenstwo/media-markt-zhakowany-zaszyfrowano-serwery-sklepu/nvnn3hv

Dell - Internal Use - Confidential

20

of Y

Internal Use - Confidential

21 of 56

IT Infrastructure

Data Domain

Any backup�software

Backup

Recovery

SITE A

IT Infrastructure

Any backup�software

Backup

Recovery

SITE B

Disaster Recovery

1% data transfer

100% recovery

Data Domain

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Ransomware

protection

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Ransomware

protection

1. Data Domain

- not changeable data (compliance) -> production copies

Dell - Internal Use - Confidential

21

of Y

Internal Use - Confidential

22 of 56

IT Infrastructure

Data Domain

Any backup�software

Backup

Recovery

SITE A

IT Infrastructure

Any backup�software

Backup

Recovery

SITE B

Disaster Recovery

1% data transfer

100% recovery

Data Domain

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Ransomware

protection

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Ransomware

protection

1. Data Domain

- not changeable data (compliance) -> production copies

2. Air gap

- Bunker is completely hidden to the world

Dell - Internal Use - Confidential

22

of Y

Internal Use - Confidential

23 of 56

IT Infrastructure

Data Domain

Any backup�software

Backup

Recovery

SITE A

IT Infrastructure

Any backup�software

Backup

Recovery

SITE B

Disaster Recovery

1% data transfer

100% recovery

Data Domain

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Ransomware

protection

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Ransomware

protection

1. Data Domain

- not changeable data (compliance) -> production copies

2. Air gap

- Bunker is completely hidden to the world

3. Cyber Recovery

- Automation / self run of the bunker

Dell - Internal Use - Confidential

23

of Y

Internal Use - Confidential

24 of 56

What can we do �in Cyber Bunker?

24

of 20

Internal Use - Confidential

25 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

We have data

after cyber attack

Dell - Internal Use - Confidential

25

of Y

Internal Use - Confidential

26 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

We have data

after cyber attack

Check data �if compromised

Dell - Internal Use - Confidential

26

of Y

Internal Use - Confidential

27 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

We have data

after cyber attack

Check data �if compromised

Restore

Dell - Internal Use - Confidential

27

of Y

Internal Use - Confidential

28 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

We have data

after cyber attack

Check data �if compromised

Restore

Tests

Dell - Internal Use - Confidential

28

of Y

Internal Use - Confidential

29 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

We have data

after cyber attack

Check data �if compromised

Restore

Tests

…

Dell - Internal Use - Confidential

29

of Y

Internal Use - Confidential

30 of 56

Recovery architecture

30

of 20

Internal Use - Confidential

31 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Backup

Server

Dell - Internal Use - Confidential

31

of Y

Internal Use - Confidential

32 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Logical

Data Domain

(mtree)

Logical

Data Domain

(mtree)

Backup

Server

Replication

on Data Domain level

No one knows that �we have Cyber Bunker

Dell - Internal Use - Confidential

32

of Y

Internal Use - Confidential

33 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Production copy 4.02 15:00

Backup

Server

Production copy 4.02 15:00

Production copy 4.02 16:00

We have a lot of snapshots (copies) of production. We can have many snapshots of the same moment with or without compliance

Dell - Internal Use - Confidential

33

of Y

Internal Use - Confidential

34 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Production copy 4.02 15:00

Backup

Server

Production copy 4.02 15:00

Production copy 4.02 16:00

One of the copies we can connect to Backup Server in that Cyber Bunker and automatically have access to all our data

Dell - Internal Use - Confidential

34

of Y

Internal Use - Confidential

35 of 56

IT Infrastructure

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Logical

Data Domain

(mtree)

Logical

Data Domain

(mtree)

No one knows that �we have Cyber Bunker

PostgreSQL

dumps

Replication

on Data Domain level

Dell - Internal Use - Confidential

35

of Y

Internal Use - Confidential

36 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Production copy 4.02 15:00

Production copy 4.02 16:00

We have a lot of snapshots (copies) of PostrgeSQL environment. We can have many snapshots of the same moment with or without compliance

PostgreSQL

dumps

Dell - Internal Use - Confidential

36

of Y

Internal Use - Confidential

37 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Production copy 4.02 15:00

Production copy 4.02 16:00

One of the copies we can connect to Sandbox and tes / recover / …

PostgreSQL

dumps

Dell - Internal Use - Confidential

37

of Y

Internal Use - Confidential

38 of 56

Best practices

38

of 20

Internal Use - Confidential

39 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Data in the bunker not possible to change�As stones

Range of data sent to bunker:�at least production data

Dell - Internal Use - Confidential

39

of Y

Internal Use - Confidential

40 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

The frequency of sending data to bunker�At least once per day

Retention in the bunker – 1 to 6 months�Longer than time required to detect attack

Dell - Internal Use - Confidential

40

of Y

Internal Use - Confidential

41 of 56

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

PLAN B – Secure data & Recovery

Compliance

No possibility to change data

Secure

Historical

backups

Recovery

automation

Data Domain

Separation

from production

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Ensure bunker is fully automated

Dell - Internal Use - Confidential

41

of Y

Internal Use - Confidential

42 of 56

Cost

42

of 20

Internal Use - Confidential

43 of 56

IT Infrastructure

Backup

Recovery

SITE A

Air Gap

Cyber Bunker

Cyber

Recovery

Checking

ransomware

Recovery

automation

Management

and automation

Cyber

Sense

Backup

software

Sandbox

Any tests

Logical

Data Domain

(mtree)

Logical

Data Domain

(mtree)

Backup

Server

Replication

on Data Domain level

Dell - Internal Use - Confidential

43

of Y

Internal Use - Confidential

44 of 56

Next step

44

of 20

Internal Use - Confidential

45 of 56

Try yourself!

https://democenter.dell.com/
Let me encourage you
Everything configured
Guide
Tests
Destroying
Trying…

45

of 20

Internal Use - Confidential

46 of 56

Materials

46

of 20

Internal Use - Confidential

47 of 56

Links public

Cyber Security�https://youtu.be/jtgm2WHpFPk
Article:�http://backuprecoveryguy.blogspot.com/2020/01/ransomware-attack-how-can-we-recover.html

47

of 20

Internal Use - Confidential

48 of 56

Materiały

https://backuprecoveryman.pl/cyber-recovery-materialy/

48

of 20

Internal Use - Confidential

49 of 56

Links public

Fast backup of VMware – public video:�https://youtu.be/LETxuJZXnuA
Fast backup of VMware – public article and presentation: http://backuprecoveryguy.blogspot.com/2022/07/fast-backup-of-files.html

49

of 20

Internal Use - Confidential

50 of 56

Links public

Fast backup of files – public video:�https://youtu.be/LETxuJZXnuA
Fast backup of files – public article and presentation: http://backuprecoveryguy.blogspot.com/2022/07/fast-backup-of-files.html

50

of 20

Internal Use - Confidential

51 of 56

Links public

Performance in backup – public video: https://youtu.be/05fFtGH7YCQ

51

of 20

Internal Use - Confidential

52 of 56

Links public

DD6400 detailed description – public video:�https://youtu.be/8ieVepB2kno
DD6400 detailed description – public article and presentation :�http://backuprecoveryguy.blogspot.com/2022/07/data-domain-dd6400.html

52

of 20

Internal Use - Confidential

53 of 56

DD6400

Polskie video opisujące DD6400:�https://youtu.be/4pCERr02eoo
Polski artykuł opisujący DD6400:�https://backuprecoveryman.pl/data-domain-dd6400-omowienie-dlaczego-architektura-koszty/

53

of 20

Internal Use - Confidential

54 of 56

Links public

New generation of Data Domains DD6900 / DD9400 / DD9900�Public video: https://youtu.be/xx-xZC9JtoM�Public article: http://backuprecoveryguy.blogspot.com/2019/12/why-new-data-domain-models-dd6900.html
What is new in Data Domain 7.2?�Public video: https://youtu.be/m1XNy6IXzOo�Public article: http://backuprecoveryguy.blogspot.com/2020/08/data-domain-72-what-is-new.html

54

of 20

Internal Use - Confidential

55 of 56

Links public

All backup and recovery materials:�http://backuprecoveryguy.blogspot.com/2022/07/backup-and-recovery-materials.html
BackupRecoveryGuy: Backup and Recovery materials

55

of 20

Internal Use - Confidential

56 of 56

Daniel.Olkowski@dell.com

Questions

56

of 20

Internal Use - Confidential