Soft Delete, Variable Repository Naming and Multiperson Approval
Backups are essential for businesses to ensure they can recover their data in case of any disaster, including cyber or ransomware attacks. However, attackers have become smarter and are targeting backups to cripple businesses. That’s why we’ve put together this guide on how to defeat backup attackers using our Soft Delete, Variable Repository Naming and Multiperson Approval (MPA) features.
Asigra Tigris is the first line of defense to protect your backups from attackers who may have gained admin access. Once they are in your system, your backups are the next place they will attack to make sure you have no way of getting back up and running. Here’s how it works.
How Attackers Might be Targeting Your Backups
Attackers have different ways of targeting your backups. They may have penetrated your networks and have access to storage devices and file repositories. Attackers with compromised admin credentials can quickly discover your backup files and start deleting them from online storage and archive processes. They can also steal the backups for ransom or use the data for other malicious purposes.
Viruses are programmed to look for specific file and repository naming conventions for backups and then delete them automatically. For instance, Veaam backup files have the extension ".vib," and some backup files use the same convention – device, backup job name, data – in their naming convention.
Or they might access the backups directly from the backup software. If attackers can access the backup software with available admin access, they can look for backup jobs and start deleting them using the software.
Attackers could try to change backup job policies and retention policies. For example, they could reduce daily backups to weekly, stop backup job processes, stop sending notifications to other admins, and reduce immutable retention policies from 14 days to 1 day or 1 hour. All of this could be detrimental to an organization’s data and future recovery efforts if the attack isn’t discovered in time. These steps are usually taken in preparation for the launch of a ransomware attack.
How Asigra Tigris Thwarts These Attacks
Asigra Tigris is a backup and recovery software with advanced features to protect your backups against attacks.
Here are three ways Asigra Tigris thwarts these attacks:
Asigra Tigris has a function that allows attackers to believe that their attempt to delete a backup file has been successful. In actuality, Tigris keeps a hidden copy of the backup job available, which must go through a secondary process to actually be deleted. This means that even if an attacker deletes a backup file, it is still available for recovery. This feature ensures that you always have a copy of your data, even if an attacker tries to delete it.
Variable Repository Naming
Asigra Tigris allows you to rename your file repositories in non-standard formats to prevent recognition and deletion of your backups. By using Variable Repository Naming, attackers will not be able to find your backups easily, and they will have a hard time deleting them. This feature adds an extra layer of security to your backups, making it harder for attackers to compromise your data.
Multiperson Approval (MPA)
In the event that someone has access to the backup software, you can configure Multiperson Approval (MPA) so users require multiple people to approve a potentially destructive action that can result in the loss of data.
Administrators can configure a threshold to determine how many approvals are required and select the approvers from a list of users. When a user attempts to perform a task that requires approval, the approvers receive an email with the name of the user and a description of the task and must approve or deny the request. The approval link expires after 30 minutes. A task must meet the configured approval threshold with no denials to be approved.
This feature ensures that only authorized personnel can make changes to your backups. By setting up Multiperson Approval (MPA), you can prevent unauthorized access and changes to your backups, reducing the risk of attacks.
Protect Your Backups From Attackers With Asigra Tigris
Protecting your backups against attacks is crucial to maintaining data safety. Asigra Tigris offers advanced features to thwart backup attackers, including Soft Delete, Variable Repository Naming, and Multiperson Approvals. If you're interested in learning more about how Asigra Tigris can protect your backups, get in touch with us today. Don't let attackers compromise your data – act now with Asigra Tigris.
Our team is ready to help with solutions for backup protection, ransomware security, and much more.
To learn more, get in touch with us online to request a demo, or give us a call today at (416) 736-8111 or 1 (877) 736-9901 to request a demo.