Designing a Highly Secure Backup Solution

Cyber attackers know to be successful they must remove your ability to recover. They try to gain access to your backup infrastructure and acquire administrative passwords, elevate credentials to gain access to your system shell or filesystem, look for security holes in all system software, anything they can exploit to gain access to your backup environment.   

This makes it essential to protect your backup data and ensuring your backup infrastructure is highly secure. However, building a comprehensive and secure data protection solution extremely challenging for organizations. It starts with preventing network access and unauthorized login. However, today’s reality is that passwords are often not protected sufficiently – leading to login credentials being compromised. Therefore, it is also important to ensure that if an attacker does gain access. their permissions to perform destructive operations are highly restricted.

Let’s look at some of the protection values and see what can be done yourself or with Veritas, and what is automatically done by design with NetBackup powered appliances (Flex, Flex Scale and Access).

As you can see, NetBackup makes it possible to develop your own secure data protection solution, but it does involve deep security knowledge in the various layers of the infrastructure.  Also, as difficult as this is to get this right for your initial set up, it is even more of a challenge to constantly stay up to date on new security vulnerabilities that arise so you can ensure that any change you implement doesn’t impact other things unintentionally.

NetBackup Appliances bring together the power of NetBackup software with state-of-the-art servers and storage technology to enable fast deployment of enterprise-class data protection that is proven ransomware-resilient. They were designed from inception with security as a primary need.  

As part of product development and ongoing maintenance, each element of the appliance, including its Linux OS, drivers, appliance software, patches, and the core NetBackup application is continuously tested for vulnerabilities using both industry-standard and advanced security products such as Tenable, Qualys, Black Duck, and OpenSCAP. External penetration, or PEN, testing is also regularly performed. As new threats are identified Veritas releases security patches. Veritas also regularly updates the third-party packages and modules in the product as part of regular maintenance release cycles.  These measures ensure that exposure to unauthorized access and resulting data loss or theft is minimized. This requires hundreds to thousands of hours of highly skilled engineers dedicated to designing both the initial cyber resilient solution and the ongoing security updates.

This results in a solution that is secure by design and protects against multiple attack vectors including:

• Network: Preventing network access to backup systems and providing an isolated environment that stores an additional backup copy of essential data
• Users: Adding an extra layer of protection from password theft to prevent unauthorized login, which is the easiest method for attackers to gain access to a system
• Application and OS: Strictly limiting user and process permissions and isolating service access permissions so that even if an attacker was able to enter a system via a stolen password, they would have limited rights to any action
• Storage: Highly restricting access to your filesystem and destructive operations

In summary, NetBackup-powered appliances strengthen your organization’s Zero Trust strategy. NetBackup powered appliances add additional layers of security on top of NetBackup software including immutable storage with an indelible compliance clock, integrated container isolation, and a security hardened OS. The multi-layer security within NetBackup powered appliances is a proven architecture that helps protect you from unknown threats and prevent data loss due to ransomware attacks while allowing you to recover more efficiently.

For more details on built-in security features included with NetBackup powered appliances, check out The Quickest Way to Achieve a Cyber Resilient Data Protection solution white paper.