Axcient has equipped its suite of business availability products with behind-the-scenes technology designed to protect backups from tampering by ransomware and other security threats.
Called AirGap and quietly embedded at no extra cost in the vendor’s X360 backup platform some four months ago, the new functionality employs a variety of techniques to ensure that only legitimate requests to delete or alter backup data are executed, and to provide MSPs a window of time in which to recover erased or corrupted backups even after damage has been done.
It arrives as ransomware coders, aware that companies with up-to-date, usable backups are immune to extortion, are increasingly targeting backup data for removal or encryption. AirGap seeks to block those efforts by requiring multiple validations of any command to delete or change backups, according to Ben Nowacky, senior vice president of product at Axcient.
“Our systems do not allow you to delete data unless it’s gone through a very specific workflow of people and approvals,” he says.
In addition, AirGap preserves second-order backups of backups on a segregated network accessible only by a short, specific list of people for a brief period after protected data is modified. That gives MSPs time to help ransomware victims recover their data even if an attacker compromises the backups. That safeguard has in fact already helped three Axcient partners get clients fully up and running again within 24 hours of attacks that crypto-locked the victim’s primary data and deleted their backups.
“A catastrophe was averted, and no bad actor got paid,” says an Axcient briefing document on AirGap.
Axcient declined to specify how long it preserves emergency backups, to avoid giving hackers potentially useful information. “That’s part of the secret sauce, so we don’t want to talk about it too much,” Nowacky says.
Included in AirGap as well is a “honeypot” feature designed to expose ransomware attempts by fooling attackers into believing they’ve located and destroyed an end user’s data copies. “A malicious or a bad actor might think that they’re actually deleting data and think that their actions are corrupting a system or destroying data when they’re actually not,” Nowacky says.
Significantly, he continues, AirGap is enabled by default for all X360 users. “You don’t have to do any extra action, you don’t have to sign up for anything new, you don’t have to click a box or check anything or turn anything on.”
That was a feature insisted on by Axcient CEO David Bennett, who in his previous role as chief revenue officer for security vendor Webroot saw firsthand that BDR solutions are a critical last line defense against ransomware. Bennett played a central role in the design and development of AirGap.
“A lot of it really came from my belief, which is that the biggest attack vector that businesses and particularly MSPs are going to have to deal with is not necessarily around malicious code, but malicious human activity,” he says, adding that the only way to mitigate malicious human activity is to isolate it from its intended target.