Sergey Nivens - Fotolia

Unitrends backup and recovery attacks ransomware

Unitrends' physical and virtual appliances can alert administrators if ransomware is detected. The updated products also feature simplified backup management.

Unitrends backup and recovery products are now playing detective with ransomware.

Ransomware detection in the latest versions of the Unitrends Recovery Series physical appliances and Unitrends Backup virtual appliances uses predictive analytics to determine the probability that ransomware is operating on a server, workstation or desktop computer. Unitrends alerts customers when it detects ransomware, so they can immediately restore from the last legitimate recovery point.

"It's become a lucrative business," Paul Brady, CEO of Unitrends, based in Burlington, Mass., said of ransomware.

Brady, who has been Unitrends' CEO for about six months, said he is hearing from customers that ransomware remains a huge problem. He said he does not think other major players in the market can proactively detect it like Unitrends can.

The Unitrends backup 'game changer'

Richard Malewicz, CIO of Livingston County, Mich., has been using Unitrends Recovery RC936S and Unitrends Cloud since January 2016, and he called the ransomware detection a "game changer." The Unitrends backup and recovery systems protect 73 TB of data for the county of 186,000 people.

[Unitrends has] brought forth a functionality and capability to the data backup market in such a particular way where it did not exist previously.
Richard MalewiczCIO of Livingston County, Mich.

"[Unitrends has] brought forth a functionality and capability to the data backup market in such a particular way where it did not exist previously," Malewicz wrote in an email interview.

"It's often said that a data backup system is the last line of defense in a ransomware attack, but in actuality, a traditional backup system isn't defensive at all. When you restore data from a backup system after a ransomware attack, it's an indication the enterprise's cyberdefenses have failed. It is merely a risk management contingency operation at that point." 

Malewicz called the Unitrends capability of detecting ransomware "the last line of defense."

"While it is true you may still need to restore data after a Unitrends ransomware detection, however, the scope and severity of the ransomware attack has been mitigated and the admin is notified."

The U.S. government estimated that ransomware attacks averaged more than 4,000 per day in 2016, up from the approximately 1,000 attacks per day in 2015.

"[Ransomware detection] will be a feature that continues to evolve and improve with the product," Brady said.

Robert Rhame, a research director at Gartner who focuses on backup and recovery, said he is encouraging vendors to incorporate ransomware detection into data protection products.

"Storage and backup vendors are uniquely positioned here, since any [ransomware] activity will result in a large delta in deduplication ratios and a marked increase in changed files," Rhame wrote in an email. "Attempts by ransomware threat actors to remain dormant until backup retention expires can also be thwarted in this way. Rapid identification that an encryption wave has occurred reduces the window of loss and can alert an organization that an attack is underway."

Commvault, Code42, Datto, Druva and Veeam have pre-defined alerts that detect potential ransomware activity, Rhame said.

For the next step past the initial detection and reporting capabilities, Rhame said he would like to see backup and storage vendors integrate security information and event management to give security teams an alert from the infrastructure and operations team that an attack is underway. 

Management and monitoring 'through a single pane of glass'

The updated products -- Unitrends Recovery Series and Unitrends Backup 9.2 -- also include self-service for application owners. Admins for Oracle and Microsoft SQL Server, Exchange and SharePoint can manage Unitrends backups through role-based access control. They can initiate recoveries without having to engage the entire backup and recovery system.

Unitrends Distributed Enterprise Manager allows global enterprises with multiple branch offices the ability to centrally manage and monitor thousands of distributed backup appliances.

The management and monitoring is "through a single pane of glass," Brady said.

In addition, the updates come with Recovery Assurance, which features automated disaster recovery testing.

"This provides peace of mind," Brady said.

Unitrends is approaching 19,000 customers, said Joseph Noonan, vice president of product marketing. The vendor has traditionally been a strong SMB player, but also has customers in the midmarket and enterprise fields. And the vendor is eyeing more enterprise customers with this latest release.

Brady listed Rubrik, Commvault and Veeam as top competitors in the market.

The Unitrends Backup product ranges from a free edition that protects up to 1 TB of data to the Enterprise Plus at $1,699 for any size environment. The Unitrends Recovery Series features models as low as $2,499, with 2 TB raw capacity, to as high as $250,000, with 180 TB raw capacity.

Next Steps

Organizations detail how they recovered from ransomware

Unitrends Recovery Series makes use of flash

Backup and recovery trends include improved ransomware protection

Dig Deeper on Backup and recovery software