Zerto

Zerto

I think that security is still the hottest topic in the IT world right now, the faux AI craze notwithstanding. Many companies have product offerings in the security space, focusing exclusively on the data integrity and recovery spaces—what we used to call backup and recovery back in the heyday of tapes and offsite storage. This is not to say that tape backups still don’t have a place; they’ve been making somewhat of a resurgence lately. However, we’ll leave that alone for now and focus on one company in the security space with a comprehensive portfolio of tools to help you protect your valuable data.

Zerto, a Hewlett Packard Enterprise company, positions itself as having three main categories upon which its product offerings are based: disaster recovery, ransomware resilience, and multi-cloud mobility. These are offered under the larger umbrella of continuous data protection (CDP). There’s a lot to unpack here, as while Zerto’s tools can be positioned as parts of a whole, they focus on different pieces of the CDP puzzle.

Let’s start with some ransomware attack statistics to set the stage and get everyone properly paranoid. According to Zerto’s research, 94 percent of all ransomware attacks actively tried to compromise backups. And why wouldn’t they? If backups are readily available and non-corrupted, restorations become much more trivial. Of those attacked entities, 57 percent had their backups successfully compromised. Those organizations were, in turn, two times more likely to pay the ransom, and the overall recovery costs increased 8-fold.

Zerto claims to have three pillars of ransomware resilience to help fight this problem: replicate, detect, isolate, lock, and test and recover. Within those pillars reside product offerings that all work to accomplish the same thing: making your network highly resilient to ransomware attacks. While nothing will ever be foolproof or 100% successful in this endeavor, the Zerto product suite seems comprehensive and a step towards a successful preventative strategy.

One of the critical challenges with cyber resiliency in the face of ransomware attacks is ensuring that your backups are not only available and aren’t themselves successfully attacked or encrypted but also to guarantee that the data you have backed up is free from exploits or compromise. It is not uncommon for attackers to get into your systems, gain more and more access while moving laterally through your network—installing software exploits along the way—and take 30 days or more before attacking in a meaningful manner (i.e., the point at which your data is encrypted or taken offline). If you are backing up data continuously, you’re also backing up the implanted backdoors, which means as soon as you recover your data, the attackers can compromise you once again. We need a method to perform backups and give ourselves the best chance of keeping them as clean as possible.

Zerto solves the replication and detection (or continuous data protection) using near-synchronous replication. This agent-less technology doesn’t tip off attackers with obviously installed software agents while still allowing for 5-10s replication in real-time with no virtual machine stunning or interruption in your production systems. Doing replication on this near real-time basis from inside the hypervisor or the cloud allows for near real-time detection of anomalies as well, helping to ensure that you are alerted to any suspicious changes to your systems before you back them up. Moreover, you can backup to three locations simultaneously—from the cloud to on-premises, vice-versa, or from one hypervisor to another, making the solution very flexible in how you structure your backup strategy.

On the isolate and lock front, Zerto is flexible, offering public cloud isolation and immutability with fully immutable and isolated offsite data copies. If your data is not only unchangeable but is also wholly offline, this makes for the best security for your backups, providing the ultimate protection against ransomware attacks from at least a backup perspective. Zerto also offers its Cyber Resilience Vault, an immutable data vault on FIPS-certified high-performance hardware (from HPE). This may be a place to look for those looking for an on-premises highly performant backup system.

The Zerto solution is much more comprehensive than I have space to write about here, but it is undoubtedly an intriguing product suite in the market. Others are doing similar things, and it’s ultimately up to the reader to find the appropriate solution for their environment. I see the concept of taking near-instantaneous backup copies from the journal (not the production VM itself) and pushing it to immutable storage as very attractive. The Cyber Resilience vault worries me a little, only because of the typically astronomical costs of exfiltrating data from the cloud to on-premises storage. For those running on-premises hypervisors, however, it’s likely a perfect solution that needs to be a part of any evaluation of backup solutions.

Something that wasn’t talked about during the presentations I was a part of is Zerto’s pure cloud solutions. Zerto for Microsoft Azure, for example, allows for local copies to be made to the cloud or across DR regions within the cloud. With support for storing an extended immutable journal copy in Azure blob storage and data tiering between blob types, pure cloud networks have a lot of flexibility. I highly encourage you to investigate the cloud offerings, regardless of the cloud or clouds you use.

At the end of the day, Zerto seems to have a comprehensive and well-thought-out solution in the market for various use cases. Immutable backup storage and the ability to detect, in near real-time, data anomalies is an incredibly valuable solution. Whether you ultimately go with Zerto or not is something each of you will have to evaluate and answer for yourselves. However, they most certainly should be a part of any investigation of solutions of this type.

comments powered by Disqus

Related Posts

Security Field Day 2024

Security Field Day 2024

In my current role in the IT industry, I think about disaster recovery (DR), continuous data protection (CDP), and overall ransomware recovery almost all the time.

Read More
New Blog Host, New Blog Post

New Blog Host, New Blog Post

I’m finally back after several years of writing in just about any place other than my lovely blog.

Read More
Security Audits

Security Audits

If you work in IT for even a few minutes, you’ll almost assuredly run headlong into the wonderful world of security audits—ostensibly, services to help you better secure your organization and its assets from internal and external threats.

Read More