Axcient has equipped its suite of business availability products with behind-the-scenes technology designed to protect backups from tampering by ransomware and other security threats.
Called AirGap and quietly embedded at no extra cost in the vendor’s X360 backup platform some four months ago, the new functionality employs a variety of techniques to ensure that only legitimate requests to delete or alter backup data are executed, and to provide MSPs a window of time in which to recover erased or corrupted backups even after damage has been done.
It arrives as ransomware coders, aware that companies with up-to-date, usable backups are immune to extortion, are increasingly targeting backup data for removal or encryption. AirGap seeks to block those efforts by requiring multiple validations of any command to delete or change backups, according to Ben Nowacky, senior vice president of product at Axcient.
“Our systems do not allow you to delete data unless it’s gone through a very specific workflow of people and approvals,” he says.
In addition, AirGap preserves second-order backups of backups on a segregated network accessible only by a short, specific list of people for a brief period after protected data is modified. That gives MSPs time to help ransomware victims recover their data even if an attacker compromises the backups. That safeguard has in fact already helped three Axcient partners get clients fully up and running again within 24 hours of attacks that crypto-locked the victim’s primary data and deleted their backups.
“A catastrophe was averted, and no bad actor got paid,” says an Axcient briefing document on AirGap.
Axcient declined to specify how long it preserves emergency backups, to avoid giving hackers potentially useful information. “That’s part of the secret sauce, so we don’t want to talk about it too much,” Nowacky says.
Included in AirGap as well is a “honeypot” feature designed to expose ransomware attempts by fooling attackers into believing they’ve located and destroyed an end user’s data copies. “A malicious or a bad actor might think that they’re actually deleting data and think that their actions are corrupting a system or destroying data when they’re actually not,” Nowacky says.
Significantly, he continues, AirGap is enabled by default for all X360 users. “You don’t have to do any extra action, you don’t have to sign up for anything new, you don’t have to click a box or check anything or turn anything on.”
That was a feature insisted on by Axcient CEO David Bennett, who in his previous role as chief revenue officer for security vendor Webroot saw firsthand that BDR solutions are a critical last line defense against ransomware. Bennett played a central role in the design and development of AirGap.
“A lot of it really came from my belief, which is that the biggest attack vector that businesses and particularly MSPs are going to have to deal with is not necessarily around malicious code, but malicious human activity,” he says, adding that the only way to mitigate malicious human activity is to isolate it from its intended target.
Axcient has hired two “white hat” security consulting groups to verify AirGap’s effectiveness by attempting to hack the system. Their work, which is expected to continue for another four to five weeks, will eventually result in the publication of a detailed penetration testing report.
“Our goal is to be able to go to the market and say, ‘Look, it’s not just us telling you. We had other people come in and try to do what a bad actor would do to your data,'” Nowacky says.
AirGap’s name alludes to “air gapping,” a security strategy dating back to the mainframe era that relies on physical or logical separation to shield data and applications from harmful activity. “While the concept is generally not a new concept in the industry, what we’ve done is we’ve taken it to the next level,” Nowacky says.
In research published last week, security vendor Trend Micro recorded a 10% increase in ransomware detections during 2019. SonicWall, in a study of its own posted a month ago, reported a 6% drop in ransomware detections last year from a record high in 2018 to a still massive 187.9 million. More and more of those attacks, furthermore, are being directed at MSPs themselves.
“We’re really seeing this as a key element for us to help our partners keep their business and their client’s business running,” says Angus Robertson, Axcient’s chief revenue officer. “They see this as an existential threat to their business.”
Other recent security upgrades to X360 include the addition of multifactor authentication functionality. According to Robertson, activating MFA is presently, but only temporarily, optional.
“We’re using adoption campaigns and our partner success team to educate our partners and get them comfortable so that we reach a decent amount of partners who have MFA turned on, and then we’ll make it mandatory,” he says. “Our goal is to do that soon.”
Further defensive safeguards are on the X360 roadmap for 2020. “We’ll have multiple layers of security enhancements and things that protect our partners being rolled out over the course of the year,” Nowacky says.
Introduced late last year, X360 is designed to serve as a single sign-on entry point to Axcient’s Office 365 backup, file sync and share, and business continuity/disaster recovery products, along with billing, marketing, and enablement resources.
“We saw a pretty significant uptake quickly,” says Robertson of the new system. Fueled in part by that adoption, Axcient’s Office 365 protection revenue grew 77% on a quarter-over-quarter basis in the final quarter of 2019, and its business continuity revenue grew 58%. Both the Office 365 backup and business continuity businesses were up some 200% year over year in those same months.