Zerto Presents at Cloud Field Day 17

Ransomware Resilience with Zerto – Replicate and Detect

Watch on YouTube
Watch on Vimeo

With the new release of Zerto 10 comes added functionality for you to achieve ransomware resilience with Zerto real time encryption detection built into the Continuous data protection ensures the earliest warning sign that ransomware may be impacting your virtual environment. Using the Zerto unique journal organizations can now be even more confident with rapid RPO and RTO with tagged clean checkpoints for verified recovery.

In this video, Chris Rogers, a senior technology evangelist at Zerto, introduces Zerto 10 and its key enhancements. The tagline for the release is “real-time detection meets real-time protection.” Chris explains that Zerto 10 focuses on four main areas: real-time encryption, ransomware detection, the Zerto cyber resilience vault, and protecting Azure at scale. He highlights the importance of early detection in ransomware attacks and explains how Zerto’s streaming inline detection works, providing real-time alerts and enabling quick recovery. Chris also mentions that Zerto 10 includes additional features like the Zerto secure appliance and emphasizes that the new capabilities are available to existing Zerto 9.7 customers at no additional cost.

Personnel: Chris Rogers, Justin Paul

Enhancing Data Analysis and Anomaly Detection with Zerto’s API and Grafana Integration

Watch on YouTube
Watch on Vimeo

Zerto leverages Grafana to visually represent data extracted through its API, allowing for the analysis of various metrics. The API provides valuable insights into logical blocks, encrypted and unencrypted data, enabling the identification of trends and anomalies. By examining SCSI blocks, Zerto’s algorithms can detect abnormal levels of compression and encryption, alerting users to potential issues like increased encrypted traffic. Notably, Zerto prioritizes real-time analysis over data storage, ensuring efficient processing. The 10.0 API further expands data availability, providing statistics at the volume, VM, and VPG levels. While Zerto currently recognizes all SCSI traffic as encrypted if the volume is encrypted, efforts are being made to differentiate between normal and malicious encryption. Zerto’s dedicated team continuously improves machine learning algorithms, keeping pace with security standards and advancements made by VMware.

Justin Paul discusses the capabilities of Grafana and the data obtained from Zerto’s API. By utilizing the API data, it is possible to rebuild Zerto analytics and visualize it through graphs. The data includes the total number of logical blocks, encrypted data, unencrypted logical blocks, and their combined total. Anomalies in encrypted traffic can be identified, even for applications not intended to be encrypted. However, systems using specific encryption methods like Linux file systems or Windows BitLocker may not show anomalies as they are already encrypted. Zerto’s algorithms analyze the data at the block layer to detect compression or encryption, with plans to refine and improve the algorithms over time. The data is not stored for long, as Zerto aims to retrieve data quickly and not hold onto it due to high data rates. The analyzed stats are sent to ZVM, which triggers alerts and tag checkpoints when sufficient evidence of a security issue is found. Zerto aims to be one layer of security among others and provide real-time alerts without the need for analyzing previous backups. The newer 10.0 API provides additional statistics at the volume, VM, and VPG levels. The discussion also touches on the potential differentiation between normal and malicious encryption and Zerto’s commitment to improving its algorithms and keeping up with security standards.

Personnel: Justin Paul

Ransomware Resilience with Zerto – Isolate and Lock with the Cyber Resilience Vault

Watch on YouTube
Watch on Vimeo

Introducing the new Zerto Cyber Resilience Vault. A complete solution combining the powers of Zerto and the wider HPE family, Organizations can now be confident in ensuring recovery even during the worst attacks. Built upon decentralized management with zero trust principles with always immutable data copies. The cyber resilience vault is the only Isolated recovery environment that uses Journalling technology as the primary recovery mechanism rapidly reducing downtime and data loss.

The Zerto Cyber Resilience Vault, also known as Z-Vault, provides organizations with an isolated recovery environment or vault to protect against ransomware attacks. As regulations regarding data protection become stricter, isolated recovery environments are increasingly mandated as the last line of defense and emergency recovery option. Ransomware attacks often target data protection solutions, making it crucial to protect these solutions themselves. The Zerto Cyber Resilience Vault offers a fully isolated and air-gapped environment with mutable data, based on zero-trust principles. It includes components such as HPE ProLiant for compute, HPE Alletra for storage, and HPE Aruba Networking for networking. The vault ensures no network connectivity outside of the replication link between the storage arrays, providing enhanced security. It also supports replication from cloud sources and integration with the HPE Backup and Recovery Service. Z-Vault aims to offer a better, faster, and more cost-effective solution compared to existing cyber vaults on the market, reducing downtime and ransomware impact. By combining the isolated recovery environment and the vault into a single hardware infrastructure, Zerto simplifies the recovery process and ensures data immutability and air-gapped security. The vault helps organizations meet compliance and regulatory requirements while providing enhanced protection against cyber threats.

Personnel: Chris Rogers, Justin Paul

Ransomware Resilience with Zerto – Test and Recover

Watch on YouTube
Watch on Vimeo

Even the best laid plans can come undone unless frequent and extensive testing can be completed. Utilizing Zerto’s automation and orchestration capabilities organizations can now test non-disruptively in isolated networks or clean rooms to ensure they are ransomware ready, once testing has been completed ready-made compliance reports make passing audits and regulatory requirements easy.

Chris Rogers, senior technology evangelist at Zerto, discusses the importance of ransomware resilience and testing in data recovery. Zerto has been emphasizing the need for simple, non-impactful testing for years, especially in the context of security. Chris highlights the significance of frequent and extensive testing, rather than just checking a single virtual machine or performing a single restore. By using Zerto, customers have significantly reduced their testing time, completing it in less than two hours compared to three and a half days previously. The testing is fully automated, orchestrated, and does not impact production workloads. Zerto customers perform over 18,000 tests per month on average, with an impressive average recovery time objective (RTO) of three minutes and 19 seconds. Chris also mentions the ability to conduct real-time testing and utilize the isolated recovery environment for various purposes, such as patch testing, vulnerability scanning, data analytics, and forensics. While Zerto does not replace antivirus tools or have official partnerships with malware cleanup companies, they provide the infrastructure and availability for recovery, allowing customers to bring their own tooling and layer additional security measures on top. Zerto offers different recovery options for ransomware, including instant file restore, instant VM restore, recovery from multi-VM app infection, recovery from single site infection using the cloud or secondary site, and extended journal copy for multi-site infection recovery. The recently introduced Rapid Air Gap Recovery using the cyber resilience vault provides an additional layer of protection. Chris acknowledges that Zerto’s focus is not on detection but on recovery, and customers still have work to do in removing the malware or encryption. However, the vault allows customers to recover applications into an isolated environment where they can leverage their own tools and scan the recovered VMs for any infections.

Personnel: Chris Rogers, Justin Paul

Introducing Zerto 10 Secure Virtual Manager Appliance

Watch on YouTube
Watch on Vimeo

Zerto 10 is the first version of Zerto that is exclusively available via the new Zerto Secure Virtual Appliance, allowing for simpler installs and upgrades the Zerto Secure Virtual Appliance comes pre-hardened out of the box so all customers can benefit from increased security without pages of hardening guides to worry about. Learn how to migrate from your Legacy Windows ZVM to the new Zerto Virtual Manager appliance (ZVMA) with the newly released migration tool.

The Zerto secure appliance is a new all-in-one virtual manager appliance that simplifies the deployment, management, and support experience for customers. It has moved away from Windows deployment to Linux, making it easier to troubleshoot and manage. The appliance comes pre-hardened for security, including multi-factor authentication and role-based access control. Zerto has also introduced a seamless migration utility that allows for quick and efficient migration of environments. The appliance is currently delivered as a single virtual machine, but there are plans for future deployments with multiple appliances for redundancy. Zerto aims to provide more frequent updates and move towards a more SaaS-like update process. The architecture has shifted from a monolith to a microservices-based approach, with many components running as web-based services. The appliance communicates with HPE GreenLake and Zerto Analytics containers for data transmission. Keycloak is used for authentication and integration capabilities. The Linux operating system and containers are pre-hardened, although specific details regarding the hardening of the Kubernetes cluster are not mentioned.

Personnel: Chris Rogers, Justin Paul