瑞安·凯恩与鲁尚克·谢蒂_即使你无法访问您的备份仍然不可更改吗.pdf

1、#BHUSA BlackHatEventsAre Your Backups Still Immutable,Even Though You Cant Access Them?Speaker(s):Rushank Shetty Ryan KaneINTROwhoamiData Immutability BackgroundVendor Case StudiesRecommendationsThe WhyQ/AIntro whoami Ransomware Groups Data Immutability Dell/EMC IBM DS8000 AWS Backup Recommendations

2、 Why test Q/AWHOAMIRyan KaneNorthwestern MutualPen Tester/Red TeamerCypherCon Volunteer(MKE,WI)Rushank ShettyNorthwestern MutualPen Tester/Red TeamerFirst-time Black Hat Attendee/PresenterIntro whoami Ransomware Groups Data Immutability Dell/EMC IBM DS8000 AWS Backup Recommendations Why test Q/ABACK

3、UPS AS A TARGETBackups targeted by Ransomware groupsPrevent Restoration=Force Paymente.g.,Alphv/Alpha Spider destroy backups-using Disk Wipe-delete Azure Compute snapshotssource:CrowdStrike CSIT-23328 Analysis of Tactics,Techniques,and Procedures Used by ALPHA SPIDER Affiliates in 2023Intro whoami R

4、ansomware Groups Data Immutability Dell/EMC IBM DS8000 AWS Backup Recommendations Why test Q/ADATAIMMUTABILITYWrite-Once,Read-Many(WORM)Retention Lock/Vault LockGovernance Mode vs Compliance ModeEven root/admin cannot modify dataIntro whoami Ransomware Groups Data Immutability Dell/EMC IBM DS8000 AW

5、S Backup Recommendations Why test Q/ATESTINGWhy is it needed?-Ransomware Resilience-Enterprise Relies on Solutions-Timely RecoveryOur ExpectationsAttack Immutability?Attack Server/App InfrastructureIntro whoami Ransomware Groups Data Immutability Dell/EMC IBM DS8000 AWS Backup Recommendations Why te

6、st Q/AOUR TESTED SOLUTIONSPhysical Appliances1.Dell EMC DataDomain2.IBM-DS8000Cloud Service3.AWS BackupIntro whoami Ransomware Groups Data Immutability Dell/EMC IBM DS8000 AWS Backup Recommendations Why test Q/ADELL/EMCDATA DOMAINTarget:Dell EMCDataDomain OS (DDOS yes,its called that)Retention-Lock