Inventing Cyber Recovery… for our Customers

We know that it often takes a powerful event or highly visible shake-up to bring about big change, even if the need for change has been foreshadowed for some time. Cybersecurity is no different. New instances of big, public data breaches, hacks and information loss have increasingly filled the headlines. For me, one particular incident, the malicious, large scale data hack of a well-known, global entertainment company was that turning point to step into action. It was the moment where preparation met opportunity and my entrepreneurial spirit, fostered by the Dell Technologies culture, kicked into high gear. On Dell EMC’s Data Protection team, I am responsible for ensuring that our products protect our customers’ data. Finding new and better solutions is our business.

The Hack of the Century

The ‘Hack of the Century’ was a slow-moving, multi-stage attack that exposed sensitive data, erased thousands of the company’s personal computers and hundreds of its servers. Storage and backup systems were attacked and destroyed. It is believed that the hackers were inside the network for over six months before the attack.

A nation-state doesn’t usually attack a private sector corporation. But this particular attack set the stage for the art of the possible. For some background, ransomware is available as a service complete with localization, tech support, and user forums. Nation-states and criminals are collaborating giving bad actors unprecedented access to sophisticated exploit kits. Ransomware and destructive malware are increasingly targeting the core infrastructure (e.g. the domain controller) and the backup infrastructure.

Cyber Recovery – A New Form of Disaster Recovery

Shortly after the attack our team engaged with customers to analyze the emerging threat vectors and underlying tech components of existing business continuity solutions.

It became clear that that Dell EMC’s leading portfolio and reputation were a solid foundation to develop a solution that would shield companies from losing data in a cyberattack. It also became clear that the underlying technology components needed to be architected differently to protect from a different type of disaster. This urgency was corroborated by analyst firm Enterprise Strategy Group[i] who found that nine out of ten organizations are either using, planning for, testing, or interested in using isolated data protection copies as a preventative measure against cyberattacks.

So how is Cyber Recovery (CR) different than traditional disaster recovery (DR)? Take a look at the below overview.

Cyber Recovery Software

Let’s dig in deeper into the path of bringing to life a new solution. Our team got to work on designing a dream version of a cyber recovery solution that would keep our customers safe and increase their odds of being able to recover from a destructive cyberattack. Here is what we came up with:

  1. Keep an air-gapped copy removed from the network to minimize the attack surface.
  2. Institute a high degree of automation allowing a few privileged administrators to set protection & retention policies.
  3. Secure mechanisms to manage the infrastructure in the dark site (aka Cyber Recovery Vault) and to provide continuous reporting to IT and security personnel.
  4. Set ongoing integrity checks on the protection copies to flag when copies are corrupted or not recoverable.

The incubation phase of the solution was spent settling on an architecture and creating automation scripts to synchronize and protect copies in a dark site (aka Cyber Recovery Vault).

We spent over a year partnering closely with customers to refine the architecture and the workflow of the new Cyber Recovery solution. Along the way, we also needed to solve important challenges around secure management access, secure reporting, and anomaly detection on protection copies.

The team’s big moment came in October 2018 when we were able to offer our customers the first fully productized software version, PowerProtect Cyber Recovery 18.1. The software addresses the four key requirements above including a game changing innovation: the ability to analyze protection copies without data movement or re-hydration. This is made possible by an integration between PowerProtect Cyber Recovery and CyberSense (Index Engines).

Since then, we were able to release four versions of the software, each delivering important innovations to keep our customers’ data working for them, even in the case of a cyberattack.

A logical illustration of the Cyber Recovery solution is shown here:

Innovation at Dell Technologies

All of this is only possible with the right culture and an infrastructure to reward innovation. In looking back on how we were able to create this new solution, let me highlight the following three ingredients to success.

Innovation – Dell Technologies fosters innovation in several ways but noteworthy is the ease at which innovators can file patents to protect great ideas. We filed multiple patents related to Cyber Recovery and inventions are showcased driving profound sense of making a meaningful contribution to the future of a given market segment. Cyber Recovery also provided fertile ground for incubating a different approach to software development and then standardize it across other data protection areas.

Winning Together – Creating markets is difficult and brings a high degree of ambiguity. We were close to failing several times. Coming together as ONE team across product owner, scrum master, and developers vs. the often typical ‘us vs. them’ approach allowed us to accelerate development, reduce waste, and remove impediments quicker. The broader team is equally critical. Relentless pursuit of a winning message from marketing and constant feedback from the field specialists opened a path to success. Dell Technologies’ Cyber Solutions Group in Beer Sheva, Israel, ensured that our team is always at the cutting edge of cybersecurity making us highly relevant in the security community.

Customers and the Art of Active Listening – Winning the very first customer if difficult in and of itself. Keeping a customer can be even harder. Our partnership with Dell Consulting allowed us to understand the customer pain points as well as important corner cases. Once we had our first customer for our Cyber Recovery solution, we could quickly prioritize important areas such as simplifying the installation process and enhancing automation to improve the user experience.

These three tenets encourage everyone at Dell Technologies to put their best foot forward for our customers.

Food for Thought

Coming back to the solution we developed, I would be remiss not to mention that the area of analytics, while only briefly covered, opened an entire new dimension worth exploring. Customers tuck away their business continuity copies in the hope to use them for a recovery. But how can they be confident that this data copy is not corrupt? How does their CIO know that the data can be fully recovered after an attack? Sure, a periodic recovery drill is a common approach, but perhaps we can have more automation and mechanisms to ensure that every copy has integrity? What do you think?

Tell me what your concerns are when thinking about your organization’s cyber recovery readiness. You can reach me at Learn more about the Dell EMC Cyber Recover Solutions here.

[i] ESG Dell EMC Isolated Recovery Custom Research, 2018

About the Author: Stefan Voss