Datto has added extra protection against accidental and malicious deletion of backup data to its BDR solutions.
The business continuity and managed service software vendor discussed the new functionality today during an online MSP Technology Day event dedicated largely to security-related topics.
Called Datto Cloud Deletion Defense and provided to users at no extra cost, the added safeguard automatically syncs backup images from locally-installed Datto appliances to a locked down portion of Datto’s cloud that neither legitimate administrators nor hackers masquerading as legitimate can access. MSPs who need to can then restore the segregated backups should an attacker or clumsy technician delete their primary copies.
“Even if an attacker somehow is able to delete your local backup data, you will always have a copy in the cloud and we can virtualize those images and get you back up and running in minutes,” said Datto Chief Information Security Officer Ryan Weeks in a conversation with ChannelPro. “It’s really the ultimate backstop in protection of backups.”
Backups are an essential defense against ransomware, which is why ransomware scripts often attempt to locate and remove them. Datto added ransomware detection functionality to its RMM solution last December to help MSPs block such efforts, and MSPs are already using the software to protect almost 300,000 devices worldwide. Cloud Deletion Defense contributes a further, final layer of protection.
“If everything else fails and an attacker still can somehow request that the data be deleted, we need a defense that makes sure that there’s always a copy of that data for a period of time after the deletion,” Weeks says. Weeks declined to specify how long Datto retains extra backups for fear of revealing potentially useful information to threat actors.
The Cloud Deletion Defense service has been operational for some four months, Weeks notes. “We just really haven’t announced it.” Data protection and availability vendor Axcient offers a similar feature to its BDR users.
Today’s official introduction of Cloud Deletion Defense comes eight days after Datto announced its acquisition of BitDam, whose software protects email and collaboration platforms from malware, ransomware, and phishing attacks. The BitDam solution’s MSP-friendly functionality and effectiveness in preventing known and zero-day threats, according to Weeks, were both factors in Datto’s decision to buy the company.
“We had them third-party lab tested,” Weeks says. “The performance of the solution was phenomenal.”
Datto is currently preparing BitDam’s software for use by its partners, according to Radhesh Menon, the company’s chief product officer.
“We are diligently working through integration plans so that we can start delivering the technology that’s the core of BitDam in a way that’s offered in the familiar and trusted Datto consumption model,” he said in an MSP Technology Day presentation today.
BitDam’s solution, plus the forthcoming Microsoft Azure continuity solution that Datto disclosed last week, are elements in the vendor’s evolving “cyber resilience” strategy, which seeks to address the five core functions in the widely respected NIST cybersecurity framework: identification, protection, detection, response, and recovery.
Datto RMM fills the identification role, Menon said today, and BitDam’s solution will meet the protection requirement. Detection and response come from the ransomware detection functionality now available in Datto RMM, and recovery comes from Datto’s BDR products.
“Through a combination of existing sets of products and technologies that are already available or imminently available from the Datto portfolio, you have capabilities that map directly to the NIST framework that you can bring to bear to make sure that your SMBs are inching closer to the cyber resilience nirvana that they truly deserve to get to,” Menon said.
Datto isn’t the first vendor to build cyber resilience into its messaging and product roadmap. OpenText has been using the same term since it acquired backup vendor Carbonite (and with it security vendor Webroot) in 2019, for example, and Acronis has rebuilt its portfolio around software that merges backup and security as well. Barracuda has been selling both backup and security products even longer, and like Datto has an RMM platform to manage them all with.
Datto dedicated a portion of today’s agenda to content aimed at reassuring partners about the safety of its products. According to Weeks, the SolarWinds Orion and FireEye breaches last year and the more recent revelation of critical vulnerabilities in Microsoft’s on-premises Exchange Server application have MSPs wondering how much faith to place in the systems they rely on to keep themselves and their customers safe.
“There’s almost a crisis of confidence in MSPs and confusion about which vendors can I trust,” he says.
Weeks encourages channel pros to grill their vendors about the techniques they use to produce secure code, prevent supply chain infections, and otherwise harden their offerings.
“Until MSPs really start holding their vendors accountable to certain standards of security, you’re going to continue to see things like this happen,” he says.
Datto’s role in helping mitigate high-profile breaches and zero days, according to Weeks, includes rolling out tools like the one it released last December to help MSPs identify customers compromised by the FireEye breach, or the similar Exchange Server scanner it shipped several weeks ago.
“We’re going to focus a lot on making tools available to MSPs quickly when there are these types of issues,” he says, noting that current and future tools can be used alongside management applications from vendors other than Datto. “We’ve actually been releasing the tools to our GitHub page so that any MSP can use it in any RMM.”
