Axcient’s Security-First Approach Part 3: Infrastructure
In this third and final part of Axcient’s Security-First Approach series, we’re highlighting our infrastructure security. How we keep our data centers, networks, and agents protected from attack vectors. In Part 1: People you saw how Axcient’s distributed security capability makes every single employee responsible for solving security issues in their respective roles and departments. In Part 2: Process, we show you how security is embedded in our ongoing processes from application and backup agent security, to RMM integration and data center security. Keep reading to see how Axcient’s third security pillar, infrastructure, is keeping both our data, and our partners’ data, secure.
Multi-layer Data Center Security
Of course no one thing is ever going to protect MSPs and their clients. It takes multiple layers and the assumption that at least one or more is capable of being breached. Assuming ‘it won’t happen to me’ is simply unrealistic. Axcient’s real-time data center protections monitor activity to understand anomalies in the network as soon as they occur. The intention is to reduce dwell time as much as possible when an incident occurs. These protections include:
- Centralized logging
- Monitoring management
- Security information and event management (SIEM)
- Security operations center (SOC)
- Explicit permission model on hardware firewalls that defaults to deny-all unless specific access has been granted.
- Distributed denial-of-a-service (DDoS) through a third-party.
- No command and control systems that allow access to critical infrastructure like storage, backups, virtual machines (VMs), or anything that could compromise a partner’s system.
- Auto-detection, tagging and monitoring on all data that has been spun up.
- Daily security scans with anomaly alerts on all internal systems and every VM on the network.
Backup Data Security
Axcient created AirGap as a built-in, always-on feature of our business continuity and disaster recovery (BCDR) solution, x360Recover. Launched in summer of 2020 after years of R&D, AirGap protects backups from ransomware and other malware attacks. With the mindset, it’s not if MSPs and their clients will be attacked, but when they get attacked – AirGap is designed to be your last line of defense. When endpoint protection fails or firewall security is compromised – even after a hacker believes they’ve successfully deleted business critical data and backup files – AirGap has you covered.
AirGap separates data deletion requests from the actual mechanics of data deletion. Whether it’s a hacker maliciously deleting things in the hopes of holding you ransom, or accidental deletion by a well-intentioned employee, your backups remain safe. With AirGap, data can only be deleted after passing through the safety archive after a period of time. For additional security, AirGap includes ‘honeypots’ or fake signals that make it appear as if data has been deleted, when it’s actually saved in the safety archive. From there, your fully intact data can be instantly recovered in the x360Recover agent. AirGap is third-party tested by two separate information security management companies who were unable to permanently delete data, despite being given full access to our systems.
Internal Axcient Security
One of the two biggest threats to our partners and our business is an attacker using our own agents against us. Whether it be x360Sync, x360Cloud, or x360Recover, if a bad actor is able to weaponize one of our products to spread malware, we’ve failed. Axcient takes a number of additional security steps to prevent this from happening – for example, digitally signing updates and patches over encrypted traffic and encrypted tunnels, and internally hosting mirrors that require validation. Instead of downloading a third-party package directly to an appliance or anything else, they are all hosted internally. Packages go through a security scan and manual review before being digitally signed and then dropped onto our mirror internally. This way appliances only pull validated updates, and updates are only pushed when requested. There are no unattended updates.
The second biggest threat that keeps us awake is a bad actor gaining persistence in our network and data center, deleting backups, and executing some type of attack. Our worst case scenario is a hacker getting in and starting to delete data. To combat this threat, Axcient maintains a heavy focus on ensuring a high level of monitoring and telemetry around backup systems. If any anomalous traffic, or normal traffic that appears anomalous occurs on storage servers – which are segregated out of the network – we are alerted as soon as possible to contain the threat quickly.
Even with two-factor authentication, hardware authentication, and daily security scans, there are still very few people in the Axcient organization with access to our storage centers. Highly restricted access to servers extends into our development and engineering departments, and everything is encrypted to further limit access. We also use a least-privileged access model to overcome the chance that an old employee still has permissions, or the potential that a bad actor is lurking in the dark.
Of course, these aren’t the only priorities in our security-first approach, but we do spend a significant amount of energy on preventing these types of agent-based infrastructure attacks. Ben Nowacky, Senior VP of Product says, “Security is not a static thing, it has to continuously evolve. Your incident response policies need to continuously evolve. As events happen, we monitor, observe, and understand what occurred. We look at the threats in the landscape and figure out what we need to do as a business to enhance and elevate our game to prevent those things from happening.”
See Security-First for Yourself!
As Axcient CEO, David Bennett says, “We’re here to help whether you buy our products or not. Feel free to reach out!” Axcient offers MSPs a free 14-day trial of all Axcient backup products, one-on-one demos, and regular online and in-person events. Start your trial today!
About the Author:
Liz Mellem // Technical Copywriter, Axcient
Liz Mellem has been a freelance copywriter for over four years in the technology, education, and alternative medicine industries. She produces content, sales collateral, and email marketing campaigns that contribute to digital marketing strategies for sales growth and brand awareness. In her free time, Liz enjoys reading, exploring Austin, and Netflix with her cat, Harlem.