BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
At a time of increased ransomware activity and heightened awareness, Quorum has launched an appliance designed to recover from an attack.
The Quorum onQ Ransomware Edition, which became generally available today, takes snapshots of servers and provides server-level recovery.
"It's the first vendor we've seen put out a product specifically to address a ransomware problem," said George Crump, founder and president of analyst firm Storage Switzerland.
Rise up, time to take a snapshot
Ransomware has been prevalent for some time now, but made international headlines in May when the WannaCry strain simultaneously hit 300,000 machines in 150 countries.
The Quorum onQ Ransomware Edition works alongside a company's main backup system. The Quorum onQ appliance takes snapshots of production servers. Customers decide the intervals of the snapshots, which are encrypted and saved to the appliance as virtual machine (VM) images. If there is a ransomware attack, IT can isolate the affected system and use the last known good snapshot to start up the VM copy.
Darin Pendergraftvice president of product marketing, Quorum
"If your backups aren't secure, you're in trouble," said Darin Pendergraft, vice president of product marketing at Quorum.
The product serves as a "second layer" of protection, said Quorum systems engineer Jason Snook. The recovery point objective (RPO) can be as little as 15 minutes, but most organizations will set the snapshot frequency to an hour, Snook said. The more frequent the snapshots, the greater the drag on performance, so organizations will have to balance their RPO needs against performance impact.
Crump said he generally recommends 30-minute RPOs.
"An hour is better than a day, but 30 minutes is better than an hour," Crump said.
Ball in the servers' court
The Ransomware Edition of the Quorum onQ appliance protects up to 15 servers. It can restore one or two of those servers immediately after an incident, offering what the vendor calls "one-click instant recovery." The ransomware appliance provides server-level restores rather than file-level restores. When customers restore thousands of files, they're not always sure what they're restoring and the process can take too long, Quorum's Snook said.
"The ability to just spin up a server, especially in the ransomware case, is very interesting," Crump said.
Quorum's failback options include incremental and full bare-metal recovery. While the recovery nodes are running, an organization can begin the bare-metal recovery failback using Quorum's custom ISO. The ISO can be used to boot a physical or virtual machine from any supported ISO media, and will show users a screen that will walk them through the process.
The appliance contains 22 TB of storage and 64 GB of RAM, and is built on the same technology as the Quorum onQ enterprise backup and disaster recovery platform.
The Ransomware Edition of the Quorum onQ appliance is priced at $15,000 for 15 servers and maintenance.
The product is similar to Quorum's full backup and disaster recovery offering, but it's cheaper and captures data more frequently, Crump said.
As organizations are often reactive, Crump said the next time there's a large-scale ransomware attack, like WannaCry, he expects a sales spike for the new product.
Crump said he would like to see Quorum add the ability to copy data offsite from the Ransomware Edition of the Quorum onQ appliance.
Backup and recovery protects organizations against ransomware
Quick backup tips to help fight ransomware attacks
Offline backup a key for comprehensive protection strategy