Dell has been busy developing hardware and software to thwart cyber attacks while providing insights and predictability across the entire data protection environment. Dell recently introduced the PowerProtect Appliance to simplify data protection and drive efficiency and PowerProtect Recovery to protect businesses from cyber attacks and ransomware. And the Data Protection Suite, a comprehensive solution built to protect modern workloads across multiple environments.
Dell has been busy developing hardware and software to thwart cyber attacks while providing insights and predictability across the entire data protection environment. Dell recently introduced the PowerProtect Appliance to simplify data protection and drive efficiency and PowerProtect Recovery to protect businesses from cyber attacks and ransomware. And the Data Protection Suite, a comprehensive solution built to protect modern workloads across multiple environments.
One of the key elements of the Data Protection Suite is the Data Protection Advisor (DPA), a reporting and analytics platform that provides complete visibility into a modern data protection infrastructure. Data Protection Advisor allows organizations to measure backup and recovery SLAs, track compliance and recoverability, measure performance, and review data and applications’ utilization and protection status.
What is Dell Data Protection Advisor?
The DPA automates and centralizes data collection, monitoring, and reporting into a single, comprehensive view of the environment and monitors data on AWS, Microsoft Azure, and Google Cloud. Organizations gain actionable insights and predictability across a diverse data protection environment with DPA. Data Protection Advisor measures backup and recovery SLAs, tracks compliance and recoverability, measures performance, and reviews data and applications’ utilization and protection status.
Proactively Detect Anomalies
Data Protection Advisor has a built-in stateful Analysis Engine that continuously monitors backup appliance activities and detects anomalies based on customer-defined rules. Critical data can be protected from cyberattacks by creating simple rules to deliver immediate alerts via email, call local scripts, and send SNMP traps and log events.
DPA’s Analysis Engine provides a pre-emptive method of detecting anomalies based on predefined rules and sending alerts immediately. This proactive approach is more effective than reporting since reports are sent at scheduled intervals and require an operator to manage them. In a cyberattack, it’s best to be informed of the attack as soon as the threat is detected.
Proactively detecting anomalies is a form of information security management that focuses on anticipating and preventing potential threats with the help of analyzing backup appliance activities. This strategy includes the following:
- Identifying potential threats
- Preventing attacks before they happen
- Detecting attacks as soon as possible
- Responding to attacks in an appropriate way
Detecting Ransomware
In Data Protection Advisor’s deduplication environment, metrics are collected regarding the “size” of a given backup job (i.e., the amount of data sent for backup after deduplication) and “size scanned” (i.e., the amount of data before deduplication). Typical ransomware or malware attacks require a fair amount of unique, encrypted data to succeed. So, an increase or deviation in job size based on the historical two-week average may indicate an attack.
Setting alerts to flag increases in data can alert administrators to possible malicious code. If necessary, customers can customize both the time frame of the average and the percentage of deviation during the assignment based on their specific needs.
Detecting Insider an Attack or Remote Execution
During an internal malicious attack or a similar attack using remote execution, a bad actor would most likely make configuration changes to the backup application by disabling backups, schedules, and workflows and shutting down servers.
DPA can detect changes to a backup application’s configuration but could also be used as a means to detect foul play or human error. DPA’s Analysis Engine can trigger an alert when it detects configuration changes. By default, Data Protection Advisor collects configuration data from the backup application twice daily and is customizable.
Data Protection Advisor has many rules available that can be leveraged out of the box. Enabling them in Analysis Engine makes them proactive in detecting anomalies and threat effectively.
To learn more about useful Analysis Engine Rules and policies, refer to the Dell Data Protection solutions site and the Data Protection Advisor data sheet.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | TikTok | RSS Feed
