Datto has added extra protection against accidental and malicious deletion of backup data to its BDR solutions.
The business continuity and managed service software vendor discussed the new functionality today during an online MSP Technology Day event dedicated largely to security-related topics.
Called Datto Cloud Deletion Defense and provided to users at no extra cost, the added safeguard automatically syncs backup images from locally-installed Datto appliances to a locked down portion of Datto’s cloud that neither legitimate administrators nor hackers masquerading as legitimate can access. MSPs who need to can then restore the segregated backups should an attacker or clumsy technician delete their primary copies.
“Even if an attacker somehow is able to delete your local backup data, you will always have a copy in the cloud and we can virtualize those images and get you back up and running in minutes,” said Datto Chief Information Security Officer Ryan Weeks in a conversation with ChannelPro. “It’s really the ultimate backstop in protection of backups.”
Backups are an essential defense against ransomware, which is why ransomware scripts often attempt to locate and remove them. Datto added ransomware detection functionality to its RMM solution last December to help MSPs block such efforts, and MSPs are already using the software to protect almost 300,000 devices worldwide. Cloud Deletion Defense contributes a further, final layer of protection.
“If everything else fails and an attacker still can somehow request that the data be deleted, we need a defense that makes sure that there’s always a copy of that data for a period of time after the deletion,” Weeks says. Weeks declined to specify how long Datto retains extra backups for fear of revealing potentially useful information to threat actors.
The Cloud Deletion Defense service has been operational for some four months, Weeks notes. “We just really haven’t announced it.” Data protection and availability vendor Axcient offers a similar feature to its BDR users.
Today’s official introduction of Cloud Deletion Defense comes eight days after Datto announced its acquisition of BitDam, whose software protects email and collaboration platforms from malware, ransomware, and phishing attacks. The BitDam solution’s MSP-friendly functionality and effectiveness in preventing known and zero-day threats, according to Weeks, were both factors in Datto’s decision to buy the company.
“We had them third-party lab tested,” Weeks says. “The performance of the solution was phenomenal.”
Datto is currently preparing BitDam’s software for use by its partners, according to Radhesh Menon, the company’s chief product officer.
“We are diligently working through integration plans so that we can start delivering the technology that’s the core of BitDam in a way that’s offered in the familiar and trusted Datto consumption model,” he said in an MSP Technology Day presentation today.
BitDam’s solution, plus the forthcoming Microsoft Azure continuity solution that Datto disclosed last week, are elements in the vendor’s evolving “cyber resilience” strategy, which seeks to address the five core functions in the widely respected NIST cybersecurity framework: identification, protection, detection, response, and recovery.
Datto RMM fills the identification role, Menon said today, and BitDam’s solution will meet the protection requirement. Detection and response come from the ransomware detection functionality now available in Datto RMM, and recovery comes from Datto’s BDR products.
