Dell EMC
PowerProtect Cyber Recovery
Recovering Your Business from a
Sophisticated Ransomware or
Cyber Attack
Internal Use - Confidential
2 of Y
© Copyright 2021 Dell Inc.
Cyber attacks are increasingly sophisticated
Source: SolarWinds, Jan 2021
Source: Wired, Oct 2020
3 of Y
© Copyright 2021 Dell Inc.
Source: HealthITSecurity.com, Oct 2020
Cyber threats 2021:
the facts
39s
Every 11 seconds
a cyber or ransomware attacks occur.*
71%
$13M
$1T
43%
86%
$24.7M
$6T
48%
of breaches
are financially
motivated.
Avg. cost of
cybercrime for an
organization.
Total global
impact of cyber
crime in 2021.
of breaches
involved
small business.
Cybersecurity
Ventures
https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021
https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021
4 of Y
© Copyright 2021 Dell Inc.
Banking
Utilities
Software
Automotive
Insurance
High Tech
Capital Markets
Energy
US Federal
Consumer Goods
Health
Retail
Life Sciences
Media
Travel
Public Sector
$18.4M
$17.8M
$16.0M
$15.8M
$15.8M
$14.7M
$13.9M
$13.8M
$13.7M
$11.9M
$11.9M
$11.4M
$10.9M
$9.2M
$8.2M
$7.9M
“79% of global executives rank cyber attacks and threats as
one of their organization's highest risk management priorities
in 2020 “ Marsh
& McLennan
“69% of global IT decision-makers lack confidence their
organizations could reliably recover all business-critical data in
the
event
of
a
cyber attack. “
Global Data Protection Index Survey 2020 Snapshot
Dell EMC commissioned Vanson Bourne for the Global Data Protection Index, which was conducted between September and November 2019.
5 of 97
© Copyright 2021 Dell Inc.
Cyber resilience: legal and regulatory trends
“An air-gapped data backup architecture…”
“Confidentiality, integrity, availability and resilience”
"It is critical to maintain offline, encrypted backups of data"
"Ransomware payments may risk violating OFAC regulations"
“Ensure backups are not connected to the networks they back up.”
6 of Y
© Copyright 2021 Dell Inc.
Cyber attacks – a threat to Transformation
Data-driven Society
Inadequate
Protection for
Critical Data
Cyber Recovery is an
Enabler of Security
Transformation
Data has immense
value, offers insights
and transfers leverage.
Data fuels Global
economies and our
professional, social
and individual lives
Cybercrime and cyber
warfare are outpacing
preventative solutions
and are terminal threats
to businesses,
Governments and all
data-driven entities
Modern threats require
modern protection,
isolation and intelligence
to enable recovery in
wake of successful
ransomware
or cyber attack
7 of Y
© Copyright 2021 Dell Inc.
Broad spectrum of sophisticated cyber threats
Motivations, Techniques and Goals
Crime
Theft & extortion
for financial
gain
Insider
Trusted insiders
steal or extort
for personal,
financial, &
ideological
reasons.
Increasingly
targeted because
of privileged
access to
systems
Espionage
Hacktivism
Terrorism
Warfare
Corporate or
Nation-state
actors steal
valuable data
Advance
political
or social
causes
Sabotage &
destruction to
instill fear
Nation-state
actors
with destructive
cyber weapons
(NotPetya)
8 of Y
© Copyright 2021 Dell Inc.
Cyber resilience
is a strategy.
A high-level holistic strategy that includes
cyber security standards, guidelines,
people, business processes and
technology solutions.
Example: NIST Cybersecurity Framework
9 of 16
Y
© Copyright 2021 Dell Inc.
Framework
Cyber recovery
is a solution.
A data protection solution that isolates
business-critical data away from attack
surfaces.
Framework
Critical data is stored immutably in
a hardened vault enabling recovery
with assured data availability, integrity
and confidentiality.
10 of 16
Y
© Copyright 2021 Dell Inc.
Disaster recovery is not cyber recovery
Disaster Recovery / Business Continuity is not enough to address modern cyber threats
CATEGORY
DISASTER RECOVERY
CYBER RECOVERY
Recovery Time
Close to instant
Reliable & fast
Recovery Point
Ideally continuous
1 day average
Nature of Disaster
Flood, power outage, weather
Cyber attack, targeted
Impact of Disaster
Regional; typically contained
Global; spreads quickly
Topology
Connected, multiple targets
Isolated, in addition to DR
Data Volume
Comprehensive, all data
Selective, includes foundational services
Recovery
Standard DR (e.g., failback)
Iterative, selective recovery; part of CR
11 of Y
© Copyright 2021 Dell Inc.
Cyber recovery & data protection leadership
2015
First “Isolated” recovery solution with custom deployment
2018
Introduced PowerProtect Cyber Recovery solution
2019
First technology vendor in Sheltered Harbor Alliance Partner Program
2020
First Endorsed Sheltered Harbor Solution – PowerProtect Cyber Recovery
2021
Introduced PowerProtect Cyber Recovery for Multi-Cloud
2021
Introduced PowerProtect Cyber Recovery for AWS
750+
Cyber Recovery Customers
1
© Copyright 2021 Dell Inc.
Data Protection
Appliances & Software*
Based on combined revenue from the IDC 3Q20 Purpose-Built Backup Appliance (PBBA) Tracker, with select Storage Software segments from the 3Q20 Storage Software and Cloud Services Qview.
2 IDC
12 of 97
#1
3Q20 Storage Software and Cloud Services Qview
Cyber Recovery Requirements
Modern threats require modern solutions
Isolation
Physical & logical
separation of data
Immutability
Preserve original
integrity of data
13 of Y
© Copyright 2021 Dell Inc.
Intelligence
ML & analytics
identify threats
PowerProtect Cyber Recovery
ON-PREMISES
MULTI-CLOUD
AWS
Maximum control of data and
infrastructure with a secure
on-premises vault solution
A Multi-cloud managed service
providing a secure dedicated
vault with predictable
performance
Quickly and easily deploy
Cyber Recovery with minimum
investment and enhanced
security
Modern protection and recovery for critical data
from ransomware and cyber threats
to ensure business continuity and enable transformation
14 of Y
© Copyright 2021 Dell Inc.
PowerProtect Cyber Recovery
Data Vaulting and Recovery Processes
‸
Cyber Recovery Vault
Data Center
1
Sync
4
Analyze
2
Copy
Automated
Operational
Air Gap
Production
Backup
Recover
15 of Y
© Copyright 2021 Dell Inc.
3
Lock
Monitoring & Reporting
PowerProtect Cyber Recovery
Basic Recovery Processes
Data Center
Cyber Recovery Vault
Recovery Steps:
• Evaluate analytics
Backup Server & Target
A
• Select Restore Points
Reverse
Replicate
• Restore using original backup
application, leveraging Cyber
Recovery vault data and
catalog
Recover in
production
• Cleanse / patch impacted
applications as necessary
Production Hosts / Arrays
B
Backup Hosts
in vault
(Pre-existing
or added for
recovery)
16 of Y
© Copyright 2021 Dell Inc.
Multi-Cloud Data Services – PowerProtect Cyber Recovery
Data Vaulting and Recovery Processes
Public Cloud Providers
PowerProtect DD
Virtual Edition
Data Center
‸
(on-premises or Cloud)
Cyber
Recovery
Vault
1
Sync
2
3
4
Copy
Lock
Analyze
Automated
Operational
Air Gap
Recover
Production
Backup
17 of Y
© Copyright 2021 Dell Inc.
Monitoring & Reporting
PowerProtect Cyber Recovery
Data Vaulting and Recovery Processes
Manage
‸
Data Center
(on-premises or Cloud)
Cyber Recovery Vault
VPC
1
Sync
Automated
Operational Air Gap
Production
2
PowerProtect
Cyber Recovery
PowerProtect
DDVE
Copy
3
Lock
AWS S3
Backup
Recover
Monitoring & Reporting
18 of Y
© Copyright 2021 Dell Inc.
PowerProtect Cyber Recovery Advantages:
Modern protection for critical data and an enabler of Security Transformation
Isolation
Physical & logical
separation of data
PowerProtect Cyber Recovery
vault is protected with operational
air gap either on-premises or in
cloud and multi-cloud offers
Immutability
Preserve original
integrity of data
Multiple layers of security
and controls protect against
destruction, deletion and
alteration of vaulted data
19 of Y
© Copyright 2021 Dell Inc.
Intelligence
ML & analytics
identify threats
CyberSense enables assured
recovery of good data and offers
insight into attack vectors from
within the Cyber Recovery vault
Why Cyber Recovery is best
Best
• Automated, Vaulted Air Gap
Good…
• Full Context Indexing
with AI / ML Analytics
Better…
• Integrated Lock
SEC 17a-4(f) Compliant
• Endorsed by Sheltered Harbor
• Protection From Insiders
• WORM Immutable
• Enhanced Recovery Tools
• Multi Backup SW-Vendor
Support
• Elevated Security Credentials
20 of Y
© Copyright 2021 Dell Inc.
PowerProtect Cyber Recovery Solution Differentiators
 Yes
! Partial
X No
Best
Better
Good
Solution Category
Verified integrated lock SEC
17a-4(f) WORM immutable




!
!
Protection from malicious use
of access and credentials

!
!
!
x
!
Multi backup software
vendor support

x
!
x
x
x
Automated operational Air
Gap controlled from vault

x
x
x
x
x
Solution provider in Sheltered
Harbor alliance partner
program

x
x
x
x
x
Full content indexing on-prem
w/ AI /ML analytics

x
x
x
x
x
Validation of backup set
integrity to aid and accelerate
recovery

!
x
x
x
x
In-House Resiliency Services:
Advisory, Implementation,
Runbooks, Custom, and
Managed

x
x
x
x
x
*Based on Dell analysis using publicly available data, April 2021
*Some Best features are optional
**Some Resiliency Services are optional
21 of Y
© Copyright 2021 Dell Inc.
How CyberSense Works
Machine learning enables early detection & rapid recovery from a cyber attack
SECURITY
ANALYTICS
Cyber Recovery
with CyberSense
100+ statistics indicative
of cyber attack
• Attack vector notification
• Ransomware
• Corrupted file details
• Data changes / deletions
• Breached user accounts
COMPREHENSIVE
INDEX
MACHINE
LEARNING
Changes in
content over time
Trained on thousands of trojans
and 20+ attack vectors
22 of Y
• Breached executables
© Copyright 2021 Dell Inc.
• Recovery of last good copy
Compare: CyberSense vs. “Basic” Analytics
Machine learning enables early detection & rapid recovery within the Cyber Recovery vault
CyberSense:
Basic Analytics:
On-Premises
Analytics Engine
Full content
indexing of:
1
2
3
Cloud-based
Analytics Engine
File metadata
Document metadata
vs.
1
Scans only
file metadata
2
3
Suspicious files
sent to cloud
for 2nd pass or
full content analysis
Document content
23 of Y
© Copyright 2021 Dell Inc.
PowerProtect Cyber Recovery
CyberSense Alert
24 of Y
© Copyright 2021 Dell Inc.
Sheltered Harbor’s Mission
The Sheltered Harbor initiative was launched by the industry in 2015
to ensure that in a worst-case scenario:
 Public confidence in the financial sector is maintained
 Critical data sets are protected across the industry
 Critical services can continue even when systems and backups are down
 An impacted financial institution has a lifeline to survival
 All of the above must be achievable independent of the event’s origin
25 of Y
© Copyright 2021 Dell Inc.
Sheltered Harbor Data Vaulting
Data Vault Requirements






PowerProtect Cyber Recovery
“Unchangeable”
“Separated”
“Survivable”
“Accessible”
“Decentralized”
“Owned & managed by
institution or service
provider”
is first turnkey data vaulting
solution to be endorsed by
Sheltered Harbor
26 of Y
© Copyright 2021 Dell Inc.
Founders Federal Credit Union
Data integrity drives business transformation
Challenges
•
•
•
Expand business in highly
competitive regional banking market
Offering customers fast, reliable &
innovative services on any device
Making data protection and data
integrity a cornerstone of Founder’s
customer promise
Results
PowerProtect Cyber Recovery
• Protects critical data that is fueling
•
both technological and business
transformation
“Impeccable data quality” has
increased competitive advantage
•
IT staff roles transformed from
administrators to data technologists
•
CIO measures value of IT by its
contribution to transformation efforts
•
•
Provides confidence to IT leaders that
critical data is protected from
ransomware & cyber attacks
Reassures Business leaders and
customers that PII and other data is
protected from cyber attack
27 of Y
© Copyright 2021 Dell Inc.
Financial Services
Protect securities trading platform & critical data
Challenges
•
•
•
Outage risks $10M/day
Heterogeneous vendor environment
Board concerned with compliance
with FFIEC & Federal Reserve
regulations
Results
PowerProtect Cyber Recovery
•
Automated, orchestrated process to
minimize operational impacts
• Recovery runbooks for all storage &
backup environments
28 of Y
© Copyright 2021 Dell Inc.
•
Met Board mandate for efficient
and reliable recovery from cyber
destruction
•
Provided foundational
environment to protect additional
applications over time
Healthcare industry
Protect critical sensitive data and business operations
Challenges
PowerProtect Cyber Recovery
Results
•
Targeting of healthcare institutions,
impact of large attacks
•
Quick deployment of turnkey
operational air gap and vault
•
•
•
Budget constraints
•
CyberSense for active cyber threat
analysis / alerts
• Prepared for response with
Regulatory pressures
29 of Y
© Copyright 2021 Dell Inc.
“Nobody else has an air gap like
Dell Technologies”
minimal investment vs. risk of
$10M catastrophic incident
Key Data to Protect by Industry
Healthcare
Legal
Electric medical records, scheduling,
payment and billing systems
Document management, conflicts checking,
billing, email
Financial Services
Oil & Gas
Payment, core banking, trading,
treasury, sheltered harbor data
Seismic & geographical exploration data
Life Sciences
Government
Research and development,
drug discovery & clinical trial data
Property records and taxes, justice systems,
payment collection, licenses
Manufacturing
Retail
Plant manufacturing and scheduling,
ordering systems, inventory
Point of sale, inventory, shipping
30 of Y
© Copyright 2021 Dell Inc.
Start Now!
Cyber Recovery vault recommendations
Authentication, Identity & Security
Intellectual Property
•
•
•
•
•
•
•
Active Directory / LDAP
DNS dumps
Certificates
Event logs (including SIEM data)
Source code
Proprietary algorithms
Developer libraries
Networking
Host and Build Tools
•
•
•
•
•
•
•
•
•
Switch / router configuration
Firewall / load-balancer settings
IP Services design
Access Control configuration
Firmware / microcode / patches
Physical/Virtual Platform Builds
Dev Ops tools & automation scripts
Firmware / microcode / patches
Vendor software
– Binaries (golden images)
– Configurations & settings
Storage
Documentation
•
•
•
•
•
Backup hardware configuration
SAN / array configurations
Storage abstraction settings
Firmware / microcode / patches
•
•
31 of Y
© Copyright 2021 Dell Inc.
CMDB / asset D/R and Cyber Recovery
Run-books &checklists
Management extracts
HR resources & contacts lists
Cyber Recovery is a Key Enabler of Cyber Resilience
Focus on increasing confidence in the ability to recover
from a cyber attack through key technologies and processes
Air Gapping,
Immutability
& automation
AI/ML based
security
analytics tools
Runbooks
and recovery
process
32 of Y
© Copyright 2021 Dell Inc.
Business
Recovery
At speed
and scale
Cross
functional
enablement
Dell Technology Services
Enabling your Cyber Recovery Strategy
STRATEGIZE
IMPLEMENT
ADOPT
SCALE
(Align, Architect, Plan)
(Design, Install, Integrate)
(Use, Train, Operate, Measure)
(Improve, Tune, Optimize)
Consulting
Assessments
Workshops
Deployment
Residency
Support
Education
Managed Services
Internal Use - Confidential
33 of Y
© Copyright 2021 Dell Inc.
Why PowerProtect Cyber Recovery
Physical and logical Isolation plus an
operational air gap protect data vault
from unauthorized access
Intelligent analytics & ML help to enable
confident recovery with data integrity
Immutability & multi-layered security
design protects against a full spectrum
of threats, including insiders
First Sheltered Harbor endorsed
turnkey data vaulting solution
Modern ransomware and cyber protection
for Cloud, Multi-Cloud and
on-premises data
Proven cyber recovery solution with
5 years in the market, hundreds of
customers
34 of Y
© Copyright 2021 Dell Inc.
Multi-cloud data protection leadership
Data Protection Appliance & Software1
Data Replication & Protection Software2
Purpose Built Data Protection Appliances3
1,100+ cloud data protection customers4
750+ PowerProtect Cyber Recovery customers4
>4.0 Exabytes of data protected in the cloud4
1
Based on combined revenue from the IDC 3Q20 Purpose-Built Backup Appliance (PBBA) Tracker, with select Storage Software segments from the 3Q20 Storage Software and Cloud Services Qview.
2 IDC
3
3Q20 Storage Software and Cloud Services Qview
Based on IDC WW Purpose-Built Backup Appliance Systems Tracker, 3Q20 (revenue).
4 Based on
Dell analysis, March 2021
5 “Analyzing the
Economic and Operational Benefits of the Dell EMC Data Protection Portfolio” Report, Enterprise Strategy Group, September 2020
35 of Y
© Copyright 2021 Dell Inc.
Learn More
dellemc.com/cyberrecovery
@DellEMCProtect
delltechnologies.com/dataprotection
Business Cyber
Risk Bulletin
Case Study:
Founder’s Federal
Credit Union
ESG Analyst Validation:
Cyber Recovery &
CyberSense
36 of Y
© Copyright 2021 Dell Inc.
delltechnologies.com/cloudprotection
ESG Analyst Video
Cyber Recovery &
CyberSense
dellemc.com/webinars