Kubernetes / Security / Storage

Ransomware: How the Kasten K8s Storage Platform Overcomes the Ultimate Data Replication Challenge

21 May 2021 11:04am, by

Kubernetes adoption continues to explode, but at the same time, ransomware attacks are becoming that much more prevalent and lethal as Kubernetes environments collectively represent a widening attack vector.

According to a Cyber Security Ventures report Veeam commissioned, a ransomware attack took place every 14 seconds in 2019, while a ransomware attack should occur every 11 seconds in 2021.

With the growing threat ransomware attacks pose to Kubernetes as well as to IT networks in general, Kasten’s latest K10 v4.0 release for Kubernetes storage was largely designed with this threat in mind. The platform offers a design feature — among other new functionalities for storage and replication — that allows for data and applications to be restored when the unthinkable happens. When organizations’ users and DevOps teams are locked out of their data and applications running on Kubernetes in the event of a ransomware attack, K10 v4.0 offers, through pre-set policy, access restrictions that allow users to restore data protected from ransomware encryption.

Growing legions of malware attackers and security postures “aren’t as well baked as we all would like them to be — which we are seeing across the board today,” Niraj Tolia, general manager and president of Kasten by Veeam, said during a recent presentation. “The flip side of that problem is that Kubernetes recovery is complex in this environment. We see more Kubernetes deployments at the edge and we see a much larger footprint, so we need systems that can protect people’s applications and data to fit in extremely small factors to move at a rapid pace that our applications move at.”

Gaurav Rishi, vice president of product at Kasten by Veeam, said the K10 v4.0 release, in addition to new ransomware protection, is the latest development in Kasten’s mission to offer DevOps teams multicluster view management and storage capabilities for Kubernetes clusters “and to operate Kubernetes applications at scale, as well as protect them,” while supporting multenancy and other security- and policy-management functionalities. “With  K10 v4.0, you see some of these same themes show up, but in different lights,” Rishi said. “And so, security — which I think is one of the biggest issues that we see today — is why we are introducing the first Kubernetes native ransomware-protection solution.”

Find, Click and Recover Data

During a demo, Nicholas Wright, a member of the technical staff for Kasten by Veeam, played the part of an intruder as he simulated an attack during the virtual launch event for Kasten K10 v4.0 He simulated a two-pronged ransomware attack, both on the live data, and on the application backups. The demo was intended to demonstrate how K10 v4.0 “can quickly and successfully recover an application after a data attack,” Wright said. The attack vector in the demo was a MySQL database running on Kubernetes that had been routinely backed up with Kasten K10 v4.0 that exported the restore points to an Amazon Web Services (AWS) S3 bucket. The data snapshots exported to an object store every hour are locked so that the objects with retention applied cannot be accessed.

Following the simulated attack during the demo, Wright showed, with the proper pre-set access, he was able to restore the data that was protected to replace the data that had been encrypted by the hypothetical attacker. Additionally, he showed how, once the backup is restored, a simple script deletes the data objects and compromises the credentials the attacker had used to gain access.

Simplicity Needed

Protecting against these types of attacks “as enterprises prepare for their adoption of production and business-critical Kubernetes environments, is critical,” Krista Macomber, an analyst for Evaluator Group, said. “Capabilities such as those made available in Kasten K10 v4.0 can simplify the process of shoring up Kubernetes environments from ransomware, better positioning customers to avoid gaps in coverage that could lead to extremely costly data loss and downtime,” she said.

Other capabilities that Kasten K10 v4.0 offers include:

  • Multicluster Operations: Authorized users can manage clusters, create backup policies for their own application namespaces and add secondary clusters directly through the multicluster manager for easy scalability,” Rishi wrote in a blog post.
  • NFS migration and NFS as a backup target, in addition to object storage options. Learn more here.
  • Relational and NoSQL DataServices.

A newsletter digest of the week’s most important stories & analyses.