How Commvault, Backup Vendors Prevent Cyberattacks, Not Just Recover
From IT Pro Today
Penn State Health has to be doubly careful about its data. Not only is it an educational and research institution, but it’s also a healthcare services organization, with hospitals and outpatient practice sites across central Pennsylvania.
Each part of Penn State Health requires protecting critical data. On the clinical side, that includes personal, health and financial data, while the College of Medicine side consists of petabytes of proprietary research data, along with student records.
About three years ago, the sheer amount of data became so large that backups were not able to complete in a timely fashion. In fact, things were so bogged down that it was impacting productivity. Team members decided to switch to Commvault’s backup and recovery solution to ease the strain.
As they became familiar with what Commvault could do, team members discovered that it could also be very useful for data protection — something the university was keenly focused on since it had hired its first chief security officer a few years before.
“Once we got into it, we started to see how it could help with cybersecurity as well,” said Cory Heikel, a senior systems engineer at Penn State Health. “We especially liked the anomaly detection, which flags anything that seems out of the ordinary and sends us an alert.”
Heikel pointed to one recent incident where the system reported that logs were being deleted as they were being backed up during Microsoft Exchange backup. The system saw this as an anomaly and alerted Heikel’s team, which immediately investigated the incident.
That’s just the kind of thinking that more and more organizations are adopting when it comes to cybersecurity and cyber-resilience — the idea that backup and recovery technology can and should help their organizations find vulnerabilities and recover from cyberattacks.
Detect, Warn and Recover
When it comes to cyberattacks, there are two states: before and after. Backup and recovery technology can be helpful in both cases, depending on the features of the solution.
The concept of the before state is catching attacks and vulnerabilities before they happen. More and more (but not all) backup and recovery solutions now use machine learning or artificial intelligence to identify anomalies and notify administrators of those anomalies.
“The idea is that if it knows what standard behavior looks like, it will flag spikes in file or server activity and send out an alert that something is going on,” said Commvault director Lance Shaw. “It may detect, for example, that a set of folders and files have suddenly disappeared. It might be due to human error or it might be nothing, but it’s something that warrants further investigation.”
If your organization has experienced a ransomware attack — and current research shows that many organizations will—the goal is to get back to a state before the destruction occurred as quickly as possible.
But it’s not that simple, says Christophe Bertrand, a senior analyst at the Enterprise Strategy Group who covers data protection.
“In many cases it’s not enough to just …