UWS, a major University with more than 20,000 students experienced a significant breach in a failed ransomware attack. Their core students’ records databases were managed by RDB as a full service. After the attack had resulted in the complete shutdown of the network and all services, it was discovered that only the RDB Servers had not been breached.
Because we had all of the relevant back-ups and an active DR, we were able to recover the records with no loss of data. The main task was to rebuild the entire records system, not just the database, in conjunction with the vendor, on a new secure platform. RDB designed and implemented the new secure platform in RDB Cloud (its public-cloud-adjacent infrastructure). This reconstruction of a highly customised application was accomplished with the vendor within 8 weeks in time to accept new students.
After this response RDB assumed responsibility for much of the SOC services including full MXDR for staff endpoints and, a proactive investigation/remediation services with vulnerability and SIEM added for the server environments.
This episode demonstrated that our general practices are very secure, but can be enhanced with our specialist Managed Security Services. When combined, these provide an incredibly resilient service for any Enterprise system.
Active Resiliency
RDB offers a set of services, which together offer unprecedented levels of resiliency to customers. It is not sufficient to rely on defences to keep attackers at bay. One must assume that there will be a breach that needs to be recovered from and use that as the litmus test for restoration and business continuity.
The objective is to provide an alternate DR infrastructure that can be restored to within hours, meaning any potentially compromised infrastruture can remain isolated with all core applications operating from the alternate DR infrastructure safely.
Traditional active DR designs, while effective to a degree, face substantial challenges in the context of modern cyber threats.
The proliferation of digital data and the escalating sophistication of cyber threats necessitate advanced cybersecurity measures. Disaster Recovery (DR) infrastructures are pivotal in ensuring business continuity and data integrity post-cyber incidents. Conventional DR strategies often involve periodic data backups and off-site storage. However, these methods are increasingly vulnerable to modern cyber threats, such as ransomware and advanced persistent threats (APTs). This paper argues for the adoption of alternative DR infrastructures with immutable backups to address these vulnerabilities effectively.
Challenges of Traditional DR Infrastructures
Traditional DR infrastructures typically rely on duplicative data storage systems and periodic backups. While these methods provide a basic level of security, they are not infallible. One primary concern is the vulnerability of backup data to corruption or deletion during a cyber attack. Modern ransomware, for instance, often targets backup files to prevent organizations from restoring their systems without paying a ransom.
Moreover, traditional DR solutions frequently involve complex configurations and manual processes, increasing the risk of human error. These errors can result in incomplete or outdated backups, undermining the reliability of the DR system. Additionally, the restoration process from traditional backups can be time-consuming, causing prolonged downtime and significant financial losses.
The Concept of Immutable Backups
Immutable backups are an innovative solution to the limitations of traditional DR systems. An immutable backup is a data storage method where the stored data cannot be altered or deleted for a predefined period. This immutability ensures that once data is written, it remains unchanged, providing a reliable recovery point in the event of a cyber attack. Furthermore air-gaps can be introduced providing a further level of access control which is essentially not-reachable by the same mechanism. RDB's BaaS has these features built in to ensure that level of protections