Backup frustration brought this CTO to forefront of ransomware protection
Constant versioning of file systems is the way to go, Nasuni cofounder says
Interview As CTO of The New York Times two decades ago, Andres Rodriguez became frustrated with the time-consuming and unreliable process of backing up massive amounts of data that was only tested when it failed.
That experience led him in 2008 to launch Nasuni, building what has become a cloud-native global file platform that does away with traditional backups and instead constantly creates new versions of files that are not shipped to a backup system but instead are kept on the cloud-based platform. In addition, everything is managed – both in the cloud and on-premises – via the platform.
Enterprises save money by not having to build extensive backup environments and they can better protect their data, said Rodriguez, who also is now Nasuni's CTO. As an added bonus, the platform also gives organizations more tools to protect against the ongoing threat of ransomware.
It's not something company officials thought about while building Nasuni's portfolio over the past decade, but it was nice realization.
"My entire focus was, 'We can get rid of back up because backup is unreliable and the backup windows take too long,'" he told The Register.
"What I did not foresee was the dramatic chink in the armor of data protection that ransomware was going to throw into the whole backup model. The reason ransomware works is because when you quietly encrypt lots and lots of files and file servers and you do that for long enough that your snapshots are no longer current, your snapshots are no longer holding the healthy parts of your files when you have to go to backup."
Ransomware groups rely on that, Rodriguez said. Their strategy is predicated on the long time and high costs it takes for a targeted enterprise to copy the data back into the file servers, regardless of what that backup technology is. Once a ransomware attack occurs, data – often terabytes worth of data – needs to be copied and sent from a healthy backup system to unhealthy one in what is rapidly becoming a highly distributed environment.
Attackers also now are targeting backups to increase the odds that organizations will have to pay the ransom.
- FIN7 crime-gang pen tester headed to US prison for five years
- Borat RAT: Multiple threat of ransomware, DDoS and spyware
- 'Precursor malware' infection may be sign you're about to get ransomware, says startup
- Unit 42: Ransomware demands we're aware of averaged $2.2m last year
"Now you can get both problems: you get the file servers taking a long time to rebuild and you get the many distributed file servers saturating the pipe of the backup media server," he said.
"That pretty much adds up to a kill shot for backup when it comes to unstructured data or files. There's no way to make backup better or faster so that this is no longer a problem. You have to not have to back up the data. The only way not to have to back up the data and still be protected is you have to version the data within the file system."
The threat of ransomware promises to continue to rise as many threat groups shift away from simply deploying their own ransomware code and instead build it and then lease it to others, lowering the barrier to entry for hackers and accelerating the use of ransomware as a weapon. Cybersecurity firm Sophos said [PDF] that in 2020 and 2021, 79 percent of all rapid response calls to incidents involved ransomware.
Combating ransomware is not just about preventing it, Rodriguez said. Eventually an attack will be successful. What's increasingly important is how quickly a company can recover.
Cybersecurity firms and industry analysts will argue that backing up data can help an organization recover in the case of an attack, but Rodriguez said it's too slow and too costly. Four weeks of downtime for a Fortune 500 company can mean millions, or billions, of dollars in lost revenues and expenses to restore operations, Nick Burling, veep of product management at Nasuni, told The Register. The price can be higher if the company has to pay the ransom.
Burling said he likes to talk about the end of ransomware being in sight, but "it's not because you magically figured out how to prevent attacks. The attack is going to happen. As good as your endpoint protection might be and all of the different tools … the way you make ransomware go away is if you stop customers from ever having to pay it. That's the key thing. No Nasuni customer has ever paid a ransom when using our platform."
The foundation of the platform is the highly scalable UniFS file system that is housed inside Amazon Web Services, Microsoft Azure and Google Cloud. Data protection has always been a function of Nasuni's technology, but in recent years ransomware has become a focus. The vendor's Continuous File Versioning snapshot technology ensures that changes to files wherever they're located are deduplicated compressed and stored as immutable, reads-only objects in cloud storage.
With this, organizations always have the last unaffected version of every file. If a ransomware attack hits, the enterprise can quickly revert back to the latest version from before the attack and restore all the files within minutes, no matter when the attack occurred or the damage it did. Platform users can decide how often to create snapshots of the files.
There also is an auditing system in place that enables enterprises to restore only those files affected by the ransomware attack.
Most recently, the Boston-based company in September introduced a new cloud service called Global File Acceleration that makes hybrid cloud file synchronization up to five times faster by running near real-time analysis to ensure that often-used data is located closer to the company's edge systems for faster retrieval.
"At the end of the day, the file system is the place of record," Rodriguez said. "The difference between a file system that's being backed up and relies on that backup for recovery and a file system that is fully reliant on versioning for that recovery is orders of magnitude in the time that it takes to bring the healthy version of the file system back to the line. That's the game changer."
The response has been good. The company has about 600 customers and last month announced another investment round that netted $60 million, bringing to $148 million that Nasuni has raised over the past five years and $247 million total, according to Crunchbase. ®