Disaster Recovery Journal Summer 2024

n Proactively restores

alert about the ransomware presence and the remediation activities that occurred. n Attempts to slow or stop the attack by quarantining the compromised data, user account, or both . Some backup software even takes additional steps. All enterprise backup software now integrates with Microsoft’s Active Directory (AD) directory services. This integration positions the backup software to act more aggressively. Upon detecting ransomware, the backup software may attempt to quarantine the production data, the user account, or both. It will instruct Microsoft AD to limit

or stop access to the data or prohibit the user account from taking any further actions. Access to the data, user account, or both only

generation of AI. Used in this capacity, providers gather machine data from as many of their backup targets in the field as possible. This includes gath ering information about non sensitive customer data such as backup target firmware, disks, network ports, and perfor mance metrics. It then collects and aggre gates this data from all its deployed backup targets to analyze and identify poten tial issues. For instance, the machine data collected may indicate an HDD or network port is about to experience a failure. The provider may then notify its customer and perhaps even proactively fix the issue before the hardware failure occurs.

compromised data . Some backup software goes one step further than merely alerting to the possible presence of ransomware in backups. It may also monitor production data in real time and any changes to it. Should it detect suspicious activity on production data and definitively identify this activity as ransomware, it acts. Some backup software deletes the compromised production data and then performs a restore from a “good” backup. This activity can occur without administrative or user intervention. Instead, organizations receive an

then gets reinstated after an organization’s security professionals review and approve the access. Backup Targets Still ML Oriented Data protection solutions do not necessarily have to use AI for detecting ransomware. Disk-based storage devices that serve as backup targets still largely avoid employing AI capabilities in any capac ity. If they do offer AI in any form, it typically shows up as machine learning (ML). ML represents what most generally consider the first

10 DISASTER RECOVERY JOURNAL | SUMMER 2024