AirGap: Your Last Line of Defense Against Cyber Threats
If you don’t back up, you can’t recover. But what’s an MSP to do if those backups get deleted? Today’s bad actors are hip to our reliance on backups, and they’re targeting them in cyberattacks like ransomware. On top of that, unprotected backups can also be accidentally deleted by well-intentioned employees and during natural disasters.
Table of Contents
Axcient AirGap protects backups as a last line of defense against data loss so you can always recover – without ever even considering paying a ransom. Keep reading to see how this built-in and always-on feature protects you and your clients from the potentially catastrophic fallout of a data loss event.
What Is AirGap?
AirGap is an anti-ransomware and data deletion feature that acts as your last line of defense after an accidental incident or malicious attack on your backup files. Leveraging automation, security controls, time gaps, and a little trickery, this Disaster Recovery as a Service (DRaaS) tool protects backups so MSPs and your clients can always recover. AirGap is automatically enabled in both x360Recover for BCDR and x360Cloud for Microsoft 365 and Google Workspace backup.
How Does AirGap Work?
AirGap uses Axcient’s proprietary Chain-Free backup technology to create a gap in the form of a firewall between the actual filesystem and the recovery solution – x360Recover or x360Cloud. Continuous native snapshots of the filesystem are automatically taken by AirGap and stored in a safety archive that is separate from the actual filesystem.
Data deletion requests can only be fulfilled after a varying amount of time has passed and multiple validations are made internally. So, even when data has “been deleted,” it’s not really deleted. Instead, it’s safe in the archive, waiting, and ready to be restored in as little as 15 minutes.
Can AirGap Really Protect Against Ransomware?
Of course, to combat today’s sophisticated cyberattacks – including ransomware – DRaaS tools need more than just air to stop the bad guys from getting the data. And that’s why AirGap is armed with the following critical security capabilities and data protection safeguards.
- Honeypots trick bad actors into thinking they’ve successfully accomplished their dirty goal of deleting data, but it’s just an illusion. To them, it looks like their job is over, and they can move on – but the data is safe on isolated tiers of storage, so you get the last laugh.
- Human factor controls limit who can create data deletion requests and who can fulfill data deletion requests within Axcient. Only a select number of authorized security individuals can complete both actions, and no one individual can carry out both actions. That means that to delete data from AirGap, two different people must verify it.
- Human two-factor authorization is required to verify and complete data deletion requests in AirGap. An authorized individual from the MSP must call in and audibly approve data deletions in AirGap before completion. In the event of a cyberattack where phone, email, and support systems are compromised, requests will not be completed without that audible confirmation.
- Time gaps between when data deletion requests are created, when they’re verified, and when they’re executed give MSPs ample time to stop malicious activity before it’s too late. The length of the time between processes varies so that bad actors can’t recognize patterns and replicate AirGap’s behaviors.
Has AirGap Been Tested?
Of course! Since launching in 2020, AirGap has been third-party tested by the independent information security management company FRSecure, and real-world tested by Axcient’s MSP partners.
Third-Party Internal Penetration Testing
FRSecure used automated and manual internal penetration testing to determine the level of effort required to break through AirGap and successfully delete backup data.
We gave their penetration testing team of ethical hackers VPN access to the Axcient data center to imitate a compromised developer system and a specific vault. They had open access to all hosts, with nothing considered out of scope. Their six objectives included…
- Establish persistence and enumerate the network.
- Gain privileged access.
- Move laterally throughout the network to obtain administrative levels of access to the environment.
- Access sensitive data.
- Crack passwords.
- Permanently destroy backup data in the Axcient vault.
Unfortunately for the bad guys, FRSecure could not break through AirGap or successfully delete backup data. Here’s what they reported in their findings…
- Data in AirGap can’t be destroyed: “FRSecure attempted to delete [a data system] from the management portal, and it was successfully deleted. [AirGap] was able to restore a complete backup to the management portal and vault. During this test, FRSecure couldn’t fully destroy data from the air-gapped repository.”
- Data in AirGap can always be recovered – even after it appears to have been deleted: “With access to the management portal, FRSecure took advantage of this to attempt to delete the [data system]. The system disappeared immediately, however; a restoration was completed from the [AirGap] backup.”
- Data in AirGap is always available: “FRSecure then tried to delete [the data system] from the [Axcient] vault and after 45 minutes, the system was still available.”
MSP Real-World Testing
Naturally, AirGap has also been tested by our MSP since it was deployed for Axcient partners as a feature for BCDR and backup. Countless times, AirGap has successfully recovered “lost” data after advanced attacks, but here are just two examples:
Never pay a ransom with AirGap: After a hacker infiltrated one MSP’s system, they hid behind the scenes learning the company’s behaviors and expanding their privileges. As most hackers do, this one waited until Sunday to take advantage of most people’s day off. The bad guy crypto-locked the MSP’s entire system and 10 of their clients before hitting them with a hefty ransom demand.
Luckily, both the MSP and their clients had backups protected with AirGap and were quickly restored without giving a thought to paying the ransom. With just one call to Axcient support, the MSP’s systems were wiped, and backups were restored for uninterrupted business continuity.
The MSP never had to weigh the worth of their client’s data, inform anyone that their sensitive information had been stolen, contact lawyers for breach support, communicate the incident to the public, pay regulatory fines and penalties for being out of compliance, or face the consequences of a potentially business-fatal ransomware attack. That’s how Axcient’s MSP partners sleep so soundly.
Always keep your business moving with AirGap: To give you an idea of just how quickly data in AirGap can be restored, this is an actual exchange between Axcient support and one of our MSP partners, with real-time stamps, following an incident.
May 13th at 10:10 a.m. | MSP: “Someone penetrated our system last night and managed to delete protected systems in multiple appliances.”
May 13th at 10:31 a.m. (20 minutes later) | Axcient: “Backups and protected servers on first appliance successfully recovered; we have 6 more to go.”
May 13th at 1:58 p.m. (4 hours later) | Axcient: “All protected systems on all appliances were successfully recovered. Root and admin passwords changed. Partner clients have ransomware; Partner will start recovery.”
May 15th at 3:26 p.m. (2 days later) | Axcient: “Kindly let me know if we can close this ticket.”
May 15th at 3:32 p.m. | MSP: “Yes, you can close it; thank you very much.”
With near-instant recovery from protected backups in AirGap, this MSP recovered from a disaster scenario quickly, calmly, and with very little communication with support. Not only does AirGap give you peace of mind and confidence against ransomware attacks, but it gives you speed with few technical requirements. So, not only can you recover after a disaster, but you can do it without overextending yourself, your team, your technicians, or your budget.
Ready to See AirGap for Yourself?
Start your free 14-day trial of x360Recover or x360Cloud to test AirGap’s capabilities for yourself. Experience the relief of knowing backup data is safe from ransomware, other cyberattacks, and human error. You can also attend a demo to see a live recovery or schedule a 1:1 demo for a private tour of Axcient’s BCDR and backup solutions. No matter your next move, make sure your backups are protected and verified for recovery to avoid permanent data loss. In today’s cybersecurity landscape, it’s not a question of if data loss will happen but when – and that requires proactive, comprehensive BCDR from a vendor you trust.
About the Author: Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in healthcare technology and information technology, and is now the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in IT. Carissa is also an elected official in Cary NC, a town chock full of technology-forward people. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?