19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent...
Transcript of 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent...
![Page 1: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/1.jpg)
Joe MartonVeeam SoftwareSenior Systems Engineer, [email protected]
19 tips to preventransomware attacks for 2018
Troy DunavanVeeam SoftwareSenior Systems Engineer, [email protected]
![Page 2: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/2.jpg)
Who has seen ransomware?
2012 — Reveton
2014 — Cryptowall
2017 — Ransomware as a Service
![Page 3: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/3.jpg)
Who has seen ransomware?
https://www.infosecurity-magazine.com/news/bristol-airport-hit-by-ransomware
![Page 4: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/4.jpg)
What are we talking about?
Layered defense!There is no one
single magic bullet!
![Page 5: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/5.jpg)
Many tips, many strategies
Select the ones that work best for your organization.
Think of these tips as a mindset rather than a specific architecture.
![Page 6: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/6.jpg)
Bring on the tips!
![Page 7: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/7.jpg)
Use special credentialsfor backup storage/backup job
Tip #1
![Page 8: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/8.jpg)
Tip #1: Use different credentialsfor backup storage
Worst practice
using DOMAIN\Administratorfor everything
Better practice
Use DOMAIN\service-account
Best practice
Use LOCALHOST\service-account (don’t join the repo to the domain)
Worst practice
using DOMAIN\Administratorfor everything
![Page 9: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/9.jpg)
Give each backup adminindividual access
Tip #2
![Page 10: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/10.jpg)
Tip #2: Give each backup admin individual access
Important to track who is doing what!
More on visibility coming up later!
Mischievous backup admin
Compromised account
Accidents
![Page 11: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/11.jpg)
Utilize offline storage
Tip #3
![Page 12: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/12.jpg)
Tip #3: Utilize offline storage
Why offline?
Ransomware attacks connected shares
Take your media offline when possible
AIR GAP
Don’t let Elliott ruin your day!
![Page 13: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/13.jpg)
Tip #3: Utilize offline storage
Media type Characteristic
Tape Completely offline when not being written to or read from
Replicated VMsPowered off and, in most situations, can be a different authentication framework (ex: vSphere and Hyper-V hosts are on a different domain)
Primary storage snapshots
Can be used as recovery techniques and usually have a differentauthentication framework
Veeam® Cloud Connect backups
It’s not connected directly to the backup infrastructure and usesa different authentication mechanism along with different API
Rotating hard drives (rotating media)
Offline when not being written to or read from (similar to tape)
![Page 14: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/14.jpg)
Technology that permits Veeam Cloud Connect backups to keep backup data safe from a number of potentially dangerous situations:
Tip #3a: Insider protection
![Page 15: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/15.jpg)
Insider protection use case
In the unfortunate situations where:
• All backups are deleted or removed fromthe end user’s on-premises infrastructure
• All backups are deleted or removed from Veeam Cloud Connect Backup repositories
The Veeam Cloud Connect Backup service provider can make backup data available again outside of the customer’s control.
Veeam Availability Suite™
On-premises installationand backup data
Cloud repository
![Page 16: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/16.jpg)
Insider protection use case
Service provider can make data available to tenant through the insider protection capability.
Veeam Availability Suite™
On-premises installationand backup data
Cloud repository
Service provider
![Page 17: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/17.jpg)
Leverage different file systems / protocols for
backup storage
Tip #4
![Page 18: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/18.jpg)
Tip #4: Leverage different file systems/protocols for backup storage
Dell EMC DataDomainUsing DDBoost
HPE StoreOnceUsing Catalyst
ExaGridUsing native
Veeam data mover
Linux serverwith JBOD
Example: Linux repositories, Deduplication appliances
![Page 19: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/19.jpg)
Backup storage with native snapshot capabilities
Tip #5
![Page 20: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/20.jpg)
Veeam BackupServer
BackupRepository
Storage StorageVolume
Volume Snapshot
Tip #5: Take storage snapshotson backup storage if possible
![Page 21: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/21.jpg)
Tip #5a: Have a snapshot of a cloud instance in AWS or Azure
![Page 22: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/22.jpg)
Let the Backup Copy Job
do the work for you
Tip #6
![Page 23: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/23.jpg)
Tip #6: Let the Backup Copy Jobdo the work for you
The Backup Copy Job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job.
![Page 24: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/24.jpg)
Tip #6: Let the Backup Copy Jobdo the work for you
Backup server
Source backup
repository
Gateway
server
Target backup
repository
Data Mover service
Data Mover service
Gateway
server
VM restore point
![Page 25: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/25.jpg)
DR isn’t just for natural
disasters
Tip #7
![Page 26: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/26.jpg)
Tip #7: DR isn’t just for natural disasters
Replication Orchestration
Backup repository
Backup server
Target host
Sourcehost
Backupproxy
VeeamData Mover
VeeamData Mover
Backupproxy
VeeamData Mover
WAN
![Page 27: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/27.jpg)
Document your
recovery plan
Tip #8
![Page 28: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/28.jpg)
Tip #8: Document your recovery plan
![Page 29: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/29.jpg)
Tip #8a: If you have a DR plan…
But do you have a plan of response for ransomware…
![Page 30: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/30.jpg)
Restore the minimum
Tip #9
![Page 31: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/31.jpg)
Tip #9: Restore the minimum
Of the 57 ways to restore, it makes sense to take the best restore option in a ransomware situation:
• Data volume• Files only• Application items, etc.
![Page 32: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/32.jpg)
Veeam Backup for
Microsoft Office 365 data
Tip #10
![Page 33: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/33.jpg)
But it is SaaS....“Ransomcloud” strain encrypts O365 e-mail in realtime!
![Page 34: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/34.jpg)
But it is SaaS....
Right, but do you know where the data is stored and how?
• Fixed local disk systems• SMB3 shares• Proxy / repository architecture is not the same as Veeam
Backup & Replication™• Main thing to note is that workgroups are not supported
• Many of the requirements stem from having to "run" the supported Microsoft Exchange database type
![Page 35: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/35.jpg)
Agents
Tip #11
![Page 36: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/36.jpg)
Windows agents with USBs
Nice option to eject media once the backup is complete.
![Page 37: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/37.jpg)
For Windows and Linux agents, you can have backups sent to any of the following targets:
For connected agents – Options!
NAS resource
Fixed local disk
Veeam Backup & Replication repository
Veeam Cloud Connect repository
![Page 38: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/38.jpg)
vPower® & the cloud
Tip #12
![Page 39: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/39.jpg)
Data Labs and public cloud restores are a great wayto restore to see if an issue would re-propagate if restored.
Leverage these as special beds
![Page 40: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/40.jpg)
Veeam patch
management
Tip #13
![Page 41: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/41.jpg)
Updates…
It’s a lot of work, but it needs to happen. For the backup infrastructure, you could make the case that this is more important than anything. Consider aggressive patch management for:
Software for the backup infrastructure Hardware
Veeam backup server Server hardware, firmware
Veeam backup proxies, software repos Hypervisor hardware
Windows Operating Systems Backup repositories
Linux Operating Systems
![Page 42: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/42.jpg)
Follow @VeeamKB
![Page 43: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/43.jpg)
Prepare for help
Tip #14
![Page 44: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/44.jpg)
Veeam Tech Support can help!
![Page 45: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/45.jpg)
What to expect
How are customers dealing with ransomware treated
from an operations’ perspective when they
open a case?
What steps happen in the SWAT team to help customers get through
the situation?
What advice would you give someone who is going through this type
of situation?
![Page 46: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/46.jpg)
Security & network tools
Tip #15
![Page 47: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/47.jpg)
Resiliency, remediation… But
Prevention and protection should be a strategy as well.
Cisco has a number of solutions:Cisco Umbrella Roaming, Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Advanced Malware Protection (AMP) for Email Security, Cisco TrustSec, Firewalls and more
Microsoft Windows Defender
![Page 48: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/48.jpg)
Users are your worst
enemy…
Tip #16
![Page 49: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/49.jpg)
Tip #16: Users are your worst enemy
![Page 50: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/50.jpg)
Insider threats
Tip #17
![Page 51: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/51.jpg)
Tip #17: Insider threats
deloitte.wsj.comhttp://vee.am/cATUHw
![Page 52: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/52.jpg)
Have visibilityinto suspicious behavior
Tip #18
![Page 53: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/53.jpg)
Tip #18: Have visibilityinto suspicious behavior
Use monitoring software to automatically detect suspicious VM behavior
Example: Predefined alarm “Possible ransomware activity”in Veeam ONE™ — This alarm triggers if there are a lot of writeson disk and high CPU utilization.
![Page 54: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/54.jpg)
Tip #6: Have visibility into suspicious behavior
![Page 55: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/55.jpg)
One final thing…
Tip #19
![Page 56: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/56.jpg)
Tip #19: Master the 3-2-1-0 RuleRecover from any scenario, especially ransomware attacks!
* Don’t forget your offline copy!
2Different media
3Different copiesof data
1of which is off-site*
0No errors afterbackup recoverabilityverification
![Page 57: 19 tips to prevent ransomwareattacks for 2018 · 2019-03-19 · 19 tips to prevent ransomwareattacks for 2018 Troy Dunavan Veeam Software Senior Systems Engineer, SLED troy.dunavan@veeam.com.](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c7e0f629b8240a23aae0/html5/thumbnails/57.jpg)
Thank you
Veeam US Headquarters20 William StreetWellesley, MA 02481
Join us on:www.veeam.com
678.353.2140 (Main office)800.774.5124 (Support)800.913.1940 (Support)