On Ransomware. Q&A with Michael Fal

Q1. Who is at risk of Ransomware?

Everyone. The unfortunate reality is that every organization, regardless of their industry or size, is a target. Ransomware can hit local drives and spread to attached devices or take out entire networks and backup data all at once. Cybersecurity Ventures predicts that within the next 10 years, ransomware attacks will strike every 2 seconds. Data from Rubrik Zero Labs shows that on average, leaders dealt with attacks 52 times in 2022. That breaks down to one attack a week. Ransomware is a common and growing problem that costs victims millions every year. There are things you can do to try and prevent it, but in truth, the problem isn’t going anywhere. As cybercriminals become more sophisticated, there’s no doubt that the attacks will too. That means you need to achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. 

Q2. How complex is to protect large-scale database environments?

Databases are the crown jewels of many IT environments. However these mission critical systems can also be some of the most complex to manage and it is only getting more challenging. Historically database teams were responsible for managing a handful of database types in a handful of locations. But now, they are faced with more data than ever before, in more places than ever before, across more types of databases than ever before. And the challenge only promises to grow. 82% of respondents to a 2020 survey from an open source database consulting company Percona reported that their organization’s database footprint had grown by at least 5 percent during the last year. And 12 percent of respondents said it had grown by more than 50 percent. As the volume and complexity of applications and data increase, so do the number of databases that need to be protected across the enterprise and in the cloud.  This forces database teams to spend valuable time juggling protection policies and schedules, increasing the risk that critical data is left unprotected.

Q3. How should organizations secure data?

Ensuring that your database data is always readily available comes down to security. And that starts with leveraging a single, hyper-converged software platform that delivers air-gapped, immutable, access-controlled backups that can be easily replicated and archived to multiple locations. Ransomware attacks target backups in order to delete or encrypt data, limiting your ability to recover. Immutable backups ensure your data cannot be altered so it is always available for recovery. Attackers will routinely discover backup systems that are accessible via standard protocols, and attempt to eliminate your last line of defense. Using proprietary protocols prevents backups from being discoverable or accessible to bad actors. Compromised credentials are often used by attackers to gain unauthorized access to your backup system. Multi-factor authentication helps prevent intrusion when credentials are compromised. Using backups to recover from ransomware means finding the last known clean copy. Without the ability to detect ransomware threats in backup data, there is an increased risk of re-infecting the environment after initial recovery. The ability to rapidly recover your data after an attack can be the difference between a catastrophe or an iconvenience. The faster you can recover the data you need, the more downtime costs and data loss you can prevent.

Q4. Can Rubrik protect a database at creation? 

Yes. With Rubrik Security Cloud, customers can automatically discover all of their databases as they’re created and can keep them protected with inherited SLA policies that they define. Our SLA policy engine streamlines protection by defining everything from how often data should be backed up, how long the data should be retained, and where it should be replicated or archived. Our ability to automatically discover and protect databases reduces the risk and complexity of protecting large-scale database environments across on-premises and the cloud. Customers will nevery have to worry about leaving a database unprotected again.

Q5. What is the difference between the legacy and modern approach for successful data protection?

Cybercriminals have evolved their attack strategies to include backups. This means backup strategies and methods also need to evolve. The legacy protection solutions that organizations generally use today consist of loosely coupled backup hardware, software, and secondary storage systems–offering a large attack surface for cybercriminals to exploit. Over the years, cybercriminals have gotten more sophisticated in their ability to find weaknesses, making it even more important for organizations to limit their attack surfaces. The volume and diversity of the databases these systems protect have also mushroomed, creating a corresponding increase in the amount of work teams need to put in to keep databases secure.

A modern, hyper-converged approach provides a significantly smaller attack surface and makes managing protection far less time consuming by leveraging automation. With a modern solution, instead of manually building out, configuring, and managing backups, replication, and archives, a user can simply determine the service level agreement for a database or a set of databases and assign it. These platforms also provide increased protection to database data through creating air-gapped, immutable, access-controlled backups, so it’s extremely difficult—if not impossible—for a cyberattack to affect database backups. By using Zero Trust Data Security principles to back up their databases, organizations will have a clean backup of their data readily available in case of emergency. 

Q6. One of your clients, Aaron’s Furniture,  deployed Rubrik Security Cloud to meet their backup and recovery requirements. Can you tell us a bit about this use case?

Absolutely. Headquartered in Atlanta, Georgia, Aaron’s is a leading omnichannel provider of furniture, consumer electronics, home appliances, and accessories. Its products are available for purchase and lease through 1,300 stores in the US, Canada, and online. With nearly 2 billion dollars in revenues and a customer base representing approximately 30 percent of the U.S. population.

They were manually protecting their SQL environment on a per host level. And if they had to do any upgrades, they had to go host by host. They also did not have a good way to archive older backups resulting in excessive storage utilization and poor backup and restore performance. The admin team was struggling to provide visibility to their stakeholders on how long the backups would take in order to support database patching.

Rubrik provided Aaron’s with a single management layer allowing them to update all of their systems at once. The automated discovery and protection with the Rubrik SLAs eliminated the need for mundane jobs, allowing them to get their time back for higher impact tasks. They also leveraged cloud for long term archivals.

During an unfortunate event a couple of years ago, their distribution warehouses went down and required them to restore all data. With Rubrik, they were able to determine a desired point in time, retrieve databases from archival, and recover by clicking a few buttons. Their warehouses were back online in less than 90 minutes.

Qx Anything else you wish to add?

Databases are some of the most important assets in any IT environment and should be protected as such. However, cybercriminals are penetrating traditional security defenses and even targeting organizations’ best and last line of defense: backup data.

Zero Trust Data Security backup and recovery capabilities protect an organization’s
 entire database operation—potentially including thousands of database instances—from cyberattacks, while simplifying data management and compliance and giving precious time back to DBAs and backup administrators. 

For those interested in learning more, I would recommend getting hands on with Rubrik Explore which provides guided product tours of Rubrik for Microsoft SQL Server and Oracle Database. You’ll have the opportunity to create and assign SLA domains, create a Live Mount for rapid access to data, and test drive our granular recovery.


Michael Fal, Director, Database Solution Architect, Rubrik

Michael is a thought leader in database architecture and data management, leveraging his 15+ years of database administration, technology experience, and community activity to help companies develop first class data solutions. Over his career Michael has worked in several different industries, supporting SQL Server, Oracle, Netezza, and MySQL. Michael has worked on failover clustering, performance tuning, and security auditing, along with the typical gamut of database development.

Sponsored by Rubrik.            

You may also like...