Axcient x360 Part 4: Secure By Design

Welcome to the final part of this four part exploration into Axcient’s new x360 platform. If you’re just joining us, be sure to check out the first three parts of the series:

In this post I’m revealing some of the cutting-edge security technologies that make the x360 platform Secure by Design: AirGap, “Air Cover”, AutoVerify, and Auto Configure. These unique technologies protect data from the latest cyber threats and hacking behaviors. Managed service providers (MSPs) can guarantee clients uninterrupted business continuity even after a sophisticated, human-operated ransomware attack. Keep reading to see how these built-in protections are transforming data security.

Unconditional protection

Security is not something to add after the fact, nor is it a feature – it’s why x360Recover is Secure by Design! Security must be an integral part of the foundation of modern software.

Perhaps you’ve been burned in the past by other vendors that treat security as a configuration item or a feature? In such solutions, you’re presented with a million settings that need to be configured to the T, or else you’re vulnerable to data loss. Key security features, like insider protection, are turned off, rather than on, by default. And complex infrastructure dependencies, or environmental requirements for proper security, seem to be working against protecting data.

I’m sure you’re familiar with this all too common scenario…when discussing ransomware and malicious deletion of backups, a backup vendor presents you with a pages-long checklist of security configuration “best practices.” If an incident occurs and data is deleted, you’re told you should have followed the checklist exactly as each best practice was written. Gee, thanks.

Axcient’s philosophy is fundamentally different. Remember, we’re here to cure the world of data loss! And that’s not a conditional mission based on deployment specifics, your deployment environment, how it’s configured, or even if it’s misconfigured.

We believe every deployment should have fundamental security and data loss protection mechanisms that are always active. These universal protections – that cannot be disabled – provide peace of mind so no matter if there is human error or a bad actor in play, data is safe and recoverable. Take back control and get peace of mind! Here is how we’re doing it…

AirGap: Never even consider paying the ransom.

The threat of ransomware is increasing, and the need for MSPs to mitigate this risk not only for clients, but for themselves, is more critical than ever. MSPs are being targeted due to their aggregation of data and the attacks are becoming more sophisticated. One rising type of attack are human-operated. This occurs when a bad actor infiltrates a network for weeks or months, escalating privileges, capturing credentials, and carefully planning their attacks before initiating ransomware data encryption.

These types of well-planned attacks involve backup system and data discovery, plus exploration into how the data can be deleted, ensuring maximum pressure on victims to pay the ransom. Mitigating such threats requires a layered security approach. Since backups are your very last line of defense when all else fails, it’s critical they’re resilient to any attempt at destruction or corruption – whether intentional or accidental.

Axcient AirGap is that fail-safe solution for getting data back even if the last line of defense is breached. Historically, the term “air gap” describes the physical separation of sensitive networks, with a minimum distance between them, and requires physical movement for data to enter or exit the air gapped network. Clearly, with new backup data being generated as often as every 15 minutes, it’s not practical for a human to physically move the data into an air gapped network in the traditional sense.

We’ve modernized the concept to account for what is not humanly possible. Our Axcient AirGap technology delivers the benefits of physical air gapping, but is fully automatic, always on, and instantly applied to all received data into our x360Recover cloud.

Further protection is provided with AirGap through the use of “honeypots.” In this case, honeypots are fake signals used to trick hackers into thinking their attempts to delete backup data were successful, even though the data is fully intact and available for near instant recovery. This false sense of success makes a hacker think their job is done, and so they stop the attack. However, because everything is protected through the AirGap, the data is there and usable, so there’s no reason to even consider paying the ransom.

“Air Cover”: Proactive problem solving.

If this series of posts has emphasized anything, it’s that being an MSP is tough! You’re expected to monitor for unknown, unforeseen and invisible problems, and then fix them immediately, without so much as a blip in the system. Your job gets even harder with software vendors who don’t support you. Too many believe their job ends as soon as they ship the software, but Axcient is partner-centric.

We don’t throw our software over the fence, hoping it works without taking any responsibility for issues, upgrades or unique integration. Sure, MSPs are the first line of defense, but we’re supplying you with the last line of defense, and that’s a partnership in service for your clients.

Axcient thinks of our MSP partners as troops on the ground, and in order to keep you protected for maximum success, we provide cover. We do that through “Air Cover.” Axcient is monitoring all software installations in the field with anonymized cloud telemetry of key operations – including backups, AutoVerify jobs (I’ll get to that next), software upgrades, etc. With “Air Cover” monitoring we gain necessary insights to proactively fix common defects with software updates. Additionally, we can pinpoint critical system issues and address them immediately.

For example, the Axcient team can identify backups where both AutoVerify and self-healing attempts failed. Then we can proactively work with our partners to resolve discovered issues before they become larger problems, or leave the door open for bad actors. We’re using the data available through our detailed monitoring and reporting to circumvent potential interruptions. Rather than just helping you with tickets as they’re submitted, we’re continuing in our mission to cure, and not just fix, data loss.

Additionally, certain Axcient x360 platform capabilities include RemoteAssist™ technology. Through RemoteAssist, MSPs can quickly authorize Axcient engineers to access backup appliances to securely diagnose and remediate issues that require human attention.

Unlike some vendors, who demand this level of access at all times, RemoteAssist requires your explicit approval before access can be granted by the appliance operating system (OS). To further respect our partners’ privacy, RemoteAssist access is time limited and secured through RSA public-private key encryption. All communication must go through a bastion host, with session recording, to produce a complete audit trail. This complete process allows Axcient to collaborate with partners in diagnosing and resolving difficult issues, while lowering your labor overhead and enforcing strong security and auditing.

AutoVerify: Trust your backups with automated testing.

Testing backup and disaster recovery (BDR) is traditionally a labor-intensive, repetitive task that, while critical to do, is not actually improving the quality of your clients’ IT environments. Not to mention that it doesn’t earn MSPs any money and honestly, no one enjoys doing it.

So we’ve created AutoVerify to do a large portion for you! Every day the local backup appliance virtualizes the latest backup recovery point for each system and runs a battery of tests to check for bootability, operating system health, and filesystem and application integrity.

How many times have you been burned by backup software that claims a backup was successful – green check mark included – only to find that when you go to restore that some, or even all of that recovery point is unusable? Regardless of whether the backup did not properly capture the right data, or the backup data was corrupted (for example, silent data corruption) the result is the backup was not restorable.

This is just one fear that keeps MSPs up at night. If you can’t fully trust your backup system, you have a false sense of security with severe consequences coming your way. We’re helping MSPs sleep sound, using the series of tests run by AutoVerify each night. These tests go much deeper than simply ensuring the OS can boot and take a screen shot.

Detailed results produced by AutoVerify are preserved with a backup snapshot, and results of the last test run are available for quick review in the web console. The results are part of the aggregate health status information shown in the cloud management console, so you can quickly verify the health of all your protected systems. Of course, if something didn’t verify as planned, you can see exactly which tests failed for which systems and act accordingly.

Tests run for a given system are intelligently and automatically determined based on the operating system and software installed within the system. You don’t have to worry about remembering to activate a particular integrity check for a given application. For example, AutoVerify will automatically detect that a server has Microsoft Exchange installed and perform Exchange-specific integrity verification checks to ensure the database is mountable and useable for granular recovery. As AutoVerify expands over time with more checks, you won’t have to worry about manually configuring each one, but instead, immediately get the benefit as soon as the appliances has auto-updated.

While other vendors may offer solutions that trigger certain tests or workflows, these are vulnerable to mistakes or misses when a solution is first configured, or a new protected server is added. With AutoVerify, MSPs have complete confidence because it’s part of the recovery tool by default, and intelligently tests everything it can, every time.

Auto Configure: Software that learns your IT environment.

Few things are worse than being blind-sided by software misconfiguration. Even worse, not finding out until it’s too late to remediate. And still worse than that, having the vendor somehow blame it on you.

Complex systems software, including backup or sync, can have hundreds, or even thousands of configuration options. Administrators are expected to be perfectly trained and educated on each setting to ensure maximum security and reliability of service. But that’s just not realistic. IT systems are fundamentally complex, and the need for configuration to adapt to IT environments is real.

Axicent believes all default configurations should be secure out of the box. Software should automatically adapt and configure itself to the environment as much as possible. Instead of relying on humans to configure the software to be secure and reliable, Axcient invented Auto Configure.

Consider this, backups that rely on Microsoft Volume Shadow Copy Service (VSS) to take application consistent snapshots sometimes fail because a single VSS writer fails or gets stuck. Backup applications traditionally fail these backups, forcing MSPs to manually configure VSS writer exclusions to get health backups on that system. With Auto Configure technology, if the backup detects a particular VSS writer has failed, instead of failing the backup, it automatically retries. During the retry, it excludes writers that were blocking the previous snapshot attempt, thereby allowing the backup to continue. Information about the adaptations are captured so the effectiveness of Auto Configure can adapt as well and become more effective over time.

Secure by Design: Don’t settle for less.

Together, as part of the Axcient x360 platform, these security technologies work hand-in-hand to keep you and your clients safe, make your system smarter over time, improve reliability, and reduce labor overhead. MSPs can confidently protect clients with a high level of assurance in their last line of defense – and then some! We’re passionate about inventing new ways to help everyone sleep soundly, knowing their business-critical data is safe, no matter what.

Through our ongoing mission to cure the world of data loss, we’re also making data protection and management easier, and more intuitive for MSPs. I began this blog series by claiming that we might even make BDR enjoyable – what do you think? I’d love to hear from you! Join our community to start a conversation or ping me on LinkedIn. Together, let’s cure data loss!

If you have any questions about the Axcient x360 platform, or would like a demo or trial, feel free to contact us directly – we’re here to help!

About the Author: 
Kevin Hoffman // Founder & CTO, Axcient

Kevin is the Co-Founder and Chief Technology Officer of Axcient. In 2002, John Williams, George Welborn and Kevin Hoffman saw the opportunity to reinvent data protection, and became pioneers bringing transformative cloud services to the IT channel. Kevin brings over 20 years of experience solving business challenges with software and cloud technology through a values- and team-centric approach.

He earned a B.S. in Computer Science from Brigham Young University and a Ph.D. in Computer Science from Purdue University. His published research includes work on memory programming models, language theory & runtimes, aspect-oriented programming, software modularity, dynamic software analysis, automated debugging and reputation systems. Beyond work, he is a family  man, and has avid  interests in piano, cycling, skiing, and physics.