Today, Veritas released Flex 2.0, offering a comprehensive solution to address customers' security needs by providing a robust, hardened, and immutable platform to guard against ransomware attacks. To get more details on Flex Appliances Ransomware Resilience, read the Flex Security Paper.
Backups are an organization’s key to recovery. To ensure your critical and most important asset—data—and your IT infrastructure is protected from an attack, Veritas focuses on data integrity to help backup files remain safe and untouched from malicious invaders.
NetBackup software supports data encryption in-transit and at rest.
NetBackup and the Flex Appliance provide immutable and indelible storage that reduces the risk of malware or ransomware encrypting or deleting backup data, thereby making it unusable. Within the Flex Appliance, the NetBackup WORM storage server offers a secure, container-based MSDP solution. Flex Appliances offer Enterprise and Compliance lock-down modes, you can choose the right immutability strength. NetBackup and the Flex Appliance solution has completed a third-party Immutability Assessment from Cohasset Associates, an industry-recognized assessor of immutability controls, specifically SEC Rule 17a-4(f), FINRA Rule 4511(c) and the principles of Commodity Futures Trading Commission (CFTC) in regulation 17 CFR § 1 .31(c)-(d).
The Flex Appliance comes with a wide variety of security features (see the Flex Security document for details) that include:
NetBackup software 8.3 master server communicates with the storage unit to gather immutability and indelibility capability and WORM retention period (min/max) settings. Then the master server sets up immutability controls on the storage unit and applies the WORM retention period policy. NetBackup software provides backup image management with visual representation of immutable lock, image deletion after the WORM retention period (via CLI), and honor legal hold on the catalog. Flex Appliance runs immutable storage server to provide WORM capability, retention locks, and platform hardening against ransomware and malware threats. Compliance Clock is used for the retention period and is independent of OS time. Flex Appliance has two lockdown immutability modes – Enterprise and Compliance. An appliance lockdown state can be enabled at any time. You can choose Compliance mode or Enterprise mode MSDP storage container but cannot be mixed.
Flex Appliances eliminate root account access to appliance OS & MSDP container, only host admin account can login to compute nodes. Account policies are used to allow elevated user certain administrative commands and access to shell and Web UI operations.
The following lists describe the firmware security hardening.
To setup immutable storage is super easy. Seeing is believing. Watch Flex Appliance Immutable Storage server demo.