Smart infrastructure vendor Nebulon today announced that its latest offerings provide newly hardened backups for configuration and snapshots, in an effort to add a new tool to the antiransomware arsenal for Linux systems.
The idea, according to Nebulon, is to protect against the problem of misconfigured servers and dated server configurations in Linux systems. This is a particularly serious problem in IT shops where configuration and patch management aren’t handled in a centrally organized way.
Nebulon’s new service works using the same principle as its existing smart infrastructure offerings, which are delivered via PCIe cards—here, the system periodically writes “known-good” configurations of the bootloader to the system, which can’t be touched by ransomware attackers, according to Gartner Research senior director and analyst Tony Harvey.
“ImmutableBoot basically means that all you have to do is have the ‘golden image’ of the operating system with all the right configs, that’s been patched and hardened and updated, then you stick a flag on it that says ‘this is now immutable,'” he said. “So anything after that gets written to memory but not to the disk. The ransomware thinks it’s writing to the drive it thinks is the OS, but it’s blocked from doing so.”
Protecting boot volumes a key new feature for Linux
Thus, companies hit with a ransomware attack can theoretically just reboot their servers to the “immutable” configuration for quick recovery, at least as far as the boot drive is concerned. This isn’t an overall, silver-bullet ransomware protection solution, noted Harvey, but the ability to protect boot volumes effectively is an important new capability.
“If you think about it, for a major ransomware event, the basic problem wasn’t restoring from backup, it was rebuilding the system in the first place so that you could restore from the backup,” he said.
The same principle applies to the TimeJump feature, which works on the data and operating system layers. That’s less unique, according to Harvey—large storage array vendors tend to offer this capability—but still an important capability for ransomware protection, particularly in concert with ImmutableBoot.
“With the data side of the house, they make those snapshots immutable, so you know that your snapshot from a week ago is uninfected,” he said. “You can jump back to the snapshot, and you’ll lose a week’s worth of data, burt at least your system’s working now.”