What is an Isolated Recovery Environment?
For enhanced ransomware resiliency, it is important to secure your backup data for clean recovery. This can be achieved with an environment purposely built and designated as an Isolated Recovery Environment. An IRE may also be a DR environment, or perhaps a sandbox, or test, environment, which means you can use your existing infrastructure. This environment should employ methods to do test restores of production data, perform malware scans, and ensure that any discovered infections cannot spread, and in some cases, perform data forensics. This provides administrators a clean set of files on demand to neutralize the impact from a ransomware attack. Such an environment can also benefit from data isolation techniques, like an air-gap, where the physical and logical connections are blocked unless specifically allowed through implementation of the NetBackup IRE solution. Implementing zero trust architecture, along with immutable and indelible storage and malware scanning techniques within the IRE further secures backup data from any risks surrounding the spread of malware and ransomware.
NetBackup's Isolated Recovery Environment Solution
Traditional network isolation solutions physically or logically break connectivity between secure locations, making all communication in or out impossible. This limits data transfer to the isolated environment and endangers RTO and RPO if the tertiary copy is needed. Commonly referred to as the "pushing" of replication data from the source to the target, the source domain independently processed and submits a replication job to a target domain. This traditional approach limits the time available to replicate critical data into a secure environment when the connection is down or blocked.
By contrast, the Pull replication model initiates the replication request from the target. As of version 10.1, NetBackup's IRE solution optimizes data movement by offering a "Pull" replication model whereby the request to send data comes from the IRE’s MSDP and the reverse connection offers better control of the data flow to further secure the environment both logically and physically. Replications to the IRE are now able to be fully controlled from within the IRE itself including support of a specific window as defined in the IRE airgap schedule.
The use of the IRE functionality should be combined with 3-2-1-1 best practices for your data: at least 3 copies of critical backup images, on at least 2 different types of storage media (disk, tape, cloud), with at least 1 image offsite from production, and at least 1 image written to some form of immutable storage. The use of MSDP-C with immutable cloud storage, Flex WORM instances, as well as NetBackup Recovery Vault are excellent ways to implement or even augment this solution. Business needs may further require additional copies of backup images on different media in different locations in order to meet business continuity goals and compliance requirements.
An IRE will commonly be the last stop, or one of the last SLP operations for the backup image. This allows integration with multi-domain SLP strategies where several domains act as a DR for a counterpart domain, as well as the inverse, allowing 2 production domains to protect each other. The IRE will usually be an extra destination to further isolate the critical data outside of any production domain. Conversely, an existing DR environment is an excellent candidate domain to implement IRE on any NetBackup 10.1 MSDP or Flex WORM version 17 instances.
Having an isolated environment provides another layer of resiliency to combat against the threat of ransomware. For more information on building out an IRE using NetBackup, click here.