Discover Feature: Ransomware Assessment & Inventory

In today’s cloud-centric world, enterprises are accelerating their cloud journeys to gain a competitive advantage over competitors which has led to exponential data growth. While developers yearn for the cloud operating model, it comes with its fair share of challenges for cloud operators; for instance storing and managing business-critical data, managing against malicious attacks, unpredictable disasters and unexpected data loss due to software corruption, or accidental deletion. These challenges get compounded when one wants to gain visibility on assets deployed in several accounts that are scattered across regions. Below are some of the pain points that exist in the public cloud.

• Lack of global visibility – There is no centralized management to gain global visibility into AWS assets and their data protection across services, accounts, and regions. This is further underscored by the painful operational recovery process when there are multiple accounts and regions under management.
• Unidentified risks – Given the lack of visibility and fragmented information on assets across accounts and regions, it becomes difficult to gauge the health of data protection leading to unprotected, under-protected and over-protected assets.
• Complex risk management – The lack of global filtering makes it challenging to establish a sound data protection strategy across assets.

In January 2022, we launched the newly designed Clumio Discover to deliver intelligence with actionable insights on cloud storage, risk and compliance to allow users to gain visibility, identify vulnerabilities, and protect cloud assets. Let us delve into the niceties of Clumio Discover in the following sections and understand how it adds value by solving the challenges noted above.

Ransomware Risk Assessment

The explosive growth of public cloud has led to AWS customers having many assets in their AWS environments and there is no consistent manner in which these assets are protected. Some are partially protected with in-account AWS snapshots, cross-account AWS snapshots, some have complete air-gapped protection whereas others are not protected at all. It becomes complex to figure out what is protected and what is not protected. Discover’s ransomware risk assessment capability helps solve this problem.

The ransomware risk score is calculated at the asset level and then aggregated to show the overall score. We assess the risk by considering how well protected your backups are against ransomware attacks so that in the event of a ransomware attack, you can restore from the backups. We consider the different backup types and the age of those backups to calculate the scores. You can learn more about how asset-level and aggregated scores are calculated in this KB article. The ransomware risk assessment view is divided into three sections.

Asset Group Protection

Asset Group Protection provides actionable insights to ensure that assets within specific accounts and regions are protected against bad actors. It helps to easily figure out what proportion of your total assets are protected and with what data protection strategy. Use the “Group By” feature on the right side to visualize data protection based on accounts, regions and asset types.

Find Anomalies in Data Protection

You can easily find anomalies in your data protection strategy by understanding the vulnerabilities that adversaries could potentially exploit. Assets are plotted based on their backup types and the age of those backups. Assets that have backups older than 30 days appear in the right section indicating that these assets are at risk of losing data.

Ransomware Protection Score History

As new resources are spun up, it is critical to ensure that they are protected appropriately. To that end, we enable you to visualize how assets are protected over time along with a trend of the protection score. For example, if you provisioned new EBS volumes for a web application and assuming that these volumes do not have any backups, then you will notice a downtick in your protection score.

Data Recovery Risk Assessment

When you define a backup policy and apply the policy to assets, there is a possibility that some of the assets could be missing restore points thereby failing to meet your RPO requirements. The data recovery risk assessment is based on this principle of ensuring that assets have all the restore points as mandated by the backup policy.
The data recovery protection score is calculated at the asset level and then aggregated for all assets. You can learn more about how asset-level and aggregated scores are calculated in this KB article. The data recovery risk assessment view is divided into three sections.

Asset Group Protection

Defining an RPO of 24 hours and achieving an RPO of 24 hours are two different things. It can be challenging to know if the restore points of your backups will match the defined RPO unless you have a handle on it to measure it and take corrective action to adjust your backup strategy to match it. Are you worried about being out of compliance at any point? If the answer is yes, then the data recovery risk assessment is the solution where it helps you understand which assets have missing restore points causing you to be noncompliant.

Find Assets with Missing Restore Points

A detailed assessment of assets violating the RPO requirements is provided through this visual. You can find assets with at least one missing restore point along with the time since the last backup so that you can start protecting your critical assets right away.

Data Recovery Protection Score History

You can track the protection score trend as you create new assets and protect them with different backup policies based on your business requirements. Depending on the number of missing restore points, you will notice a downward or upward trend in compliance.

Global Visibility into Assets and their Data Protection

Cloud governance goals cannot be met fully without having the right tool for visibility. Although AWS offers service specific tools, the distributed nature of its usage creates the need for global visibility into assets and their data protection strategies. Discover’s Overview tab provides high-level asset and backup information along with the risk assessment scores for ransomware and operational data recoverability that instantly tell you if there are any gaps in your data protection plans. You can hone in on specific assets by applying filters for specific tag, account, region, and asset type.

Global Inventory of Assets

The Inventory service in Discover allows you to view, monitor, and analyze all assets and their data protection across accounts and regions. It provides a single place for cloud admins to consume insights on key AWS resources like S3, EBS, EC2, RDS, and DynamoDB. We are currently working on some powerful features for each asset type that would enable you to optimize for cost and performance, and make informed decisions about future investments. Stay tuned for more on this in future blog posts.

Review Data

If you want to take a data-oriented approach to understand how your assets are protected, then the Resource List tab is useful as it lays out per-asset information like backup types, backup count, missing restore points, and protection scores. You can export the data to a CSV to perform an offline analysis.

Eliminate Risk by Taking Action

The aforementioned Risk Assessment features enable you to identify risks with the current data protection strategies. You can take action to eliminate risks by adding air-gapped data protection with Clumio SecureVault through Rules Engine – a feature we built to automate data protection at scale by user-defined rules. For example, if you identified that EBS volumes with the tag Environment:Development have a low ransomware protection score, then you just create a protection rule for EBS with that tag and you are all set!

Keep your eye out for more innovations coming your way from Clumio Discover. In the meantime, you can sign up for a 30-day free trial in AWS Marketplace.