Advanced solution for an often overlooked element of the security world

Published by Dutch IT Channel

Eduard Keijzer (pictured), partner manager at Fundaments, uses the NIST Cybersecurity Framework to talk about what he sees going on in the market. It aims to help organisations improve their cyber security and consists of five elements: identify, protect, detect, respond and recover. Keijzer: ‘A dichotomy is emerging in the market. Many big security players are doing everything they can to prevent incidents and analyse them afterwards. That is good and it should continue. But actually this is limited to the first four elements of the NIST model. Those parties expect partners to take on the ‘recover’ part. This is where we often see things go wrong between partners and vendors. One expects the other to do it and vice versa. Partners do not always have the right knowledge for it either.’

Damage item

The fact that the ‘recover’ component remains down is a concern, as the importance of quick and proper recovery is high, Keijzer explains. ‘I recently asked a customer to calculate how much it would cost him to be out of business for eight hours. Many customers are then unable to quote an amount at all because they have never thought about it. This client estimated that it costs a tonne. He had his security in order, including disaster recovery. When I asked about it, he turned out to have an RPO (Recovery Point Objective, ed.) of four hours. That means four hours of data loss, so in this case a loss of €50,000. So how nice would it be if you could reduce that time of four hours to 15 seconds?’

‘Ransomware is a big challenge and just preventing it is not enough,’ he says. ‘Ransomware recovery is really a must. In more than half of the cases when ransomware becomes active, the backup is taken. So how do you go about recovery? We are jumping into that gap with our solution Ransomware Recovery with AI.’

Downtime and data loss minimised

As the name suggests, the solution protects against ransomware attacks with the help of artificial intelligence. Anomalies, such as abnormal encryption, are detected within seconds thanks to smart algorithms. ‘By continuously replicating, you discover certain patterns. If something suspicious happens, the alarm bells go off.’ Action is taken immediately and can then be restored to a safe moment a few seconds before the attack, minimising downtime and data loss.

Keijzer: ‘You can spin up a new environment from the data you have protected within half an hour. After that, security analysts can investigate what happened and re-lock the open doors. Then you unlock everything from our sovereign and Dutch cloud platform. By serving your primary processes from a different location, you survive the ransomware attack within hours. You have only a few seconds of data loss and so the overall impact remains very limited. Once your primary processes are running, you can rebuild your existing environment in peace.’

Isolated test environment

The solution is not only attractive for large companies with big budgets, Keijzer stresses: ‘If you classify your data properly, you can determine which applications with important data you equip using this service. On average, that will be about thirty per cent of the total data. With us, you therefore pay only thirty per cent of the cost. The solution is very granular. You can purchase the service starting at €500 per month. Furthermore, the impact on your performance is small. Nor do you need thick connections between different locations. You don't have to make a big investment and that is the strength of this solution.’

It also doesn't matter to what extent you are in the Cloud as an organisation. ‘You can use it in an on premise situation, if your IaaS environment is running at Fundaments and also if you use the public Cloud of, for example, Azure. So there are all kinds of use cases to think of for this distinctive service that will allow you to pick up this underexposed piece in the security world.’

The isolated test environment you create is ideal for running updates, testing applications and doing stress tests, among other things, Keijzer explains. ‘Meanwhile, replication of your live environment continues as usual. So not only do you reduce the impact of ransomware with this service, but you make your IT environment much more lean and mean by using your functionality differently.’

Together with partners

Fundaments is a company that works a lot through partners, so Keijzer sees an important role for them. ‘They can offer this service. We can support them with white papers, mailings and offer texts, all ready to go. We really seek cooperation with partners with this too. For instance, we go to their customers together. We can also help create a broader business continuity plan for end-users. We are always open to new partners to enter into this cooperation. Because we are used to working with partners, we know exactly what they expect from us in terms of knowledge, skills and, above all, ethics.’

For end users, it does not end with having this service, Keijzer emphasises in conclusion. And that offers additional opportunities for partners. ‘Having the solution is one thing, testing it is two. You have to do a fallback test at least once or twice a year. For partners, there is a revenue model in assisting with this. With each test, a test report is created, where you as an end customer can see in what order and how fast VMs are started. For IT managers, being able to offer such a test report to management is very valuable, because you can show how quickly an environment can be up and running again after a disaster. In an audit, a report like this is also worth its weight in gold. So even with that, you can add a lot of value as a partner around this solution.’

M. You can read more about our Ransomware Recovery with AI solution here.