1 00:00:00,000 --> 00:00:02,579 We go to doctors to perform our health checks. 2 00:00:02,689 --> 00:00:04,679 Now we have to do the health check of the business. 3 00:00:04,679 --> 00:00:11,489 Just ask the question to your team that in case we are attacked, what we need 4 00:00:11,489 --> 00:00:16,234 to recover, who is responsible, how will we recover, where we will recover. 5 00:00:16,834 --> 00:00:19,144 Do we have the right technology in place? 6 00:00:19,974 --> 00:00:23,335 When you ask those questions after your health check is done only then 7 00:00:23,335 --> 00:00:26,614 you'll be able to understand your current state of business And are 8 00:00:26,614 --> 00:00:29,594 you cyber ready or cyber resilient... 9 00:00:30,134 --> 00:00:30,644 or not? 10 00:00:48,938 --> 00:00:49,528 Hey, everybody. 11 00:00:49,638 --> 00:00:53,728 I'm Brad Bussie, Chief Information Security Officer here at e360. 12 00:00:54,248 --> 00:00:58,168 Thank you for joining me for the State of Enterprise IT Security Edition. 13 00:00:58,608 --> 00:01:02,478 This is the show that makes IT security approachable and 14 00:01:02,488 --> 00:01:04,458 actionable for technology leaders. 15 00:01:05,068 --> 00:01:08,738 I'm very happy to bring you a special guest this week. 16 00:01:09,138 --> 00:01:14,561 Field CTO, Shariq Aqil of Zerto, an HPE. 17 00:01:14,561 --> 00:01:17,931 You may not know this, but you are my very first guest. 18 00:01:18,231 --> 00:01:22,051 So if you wouldn't mind, tell our listeners a little bit 19 00:01:22,051 --> 00:01:25,701 more about you and about Zerto. 20 00:01:26,891 --> 00:01:27,391 Thank you. 21 00:01:27,401 --> 00:01:28,551 Thank you very much, Brad. 22 00:01:28,611 --> 00:01:29,661 I'm glad to be here. 23 00:01:29,661 --> 00:01:30,531 And thank you. 24 00:01:30,531 --> 00:01:31,831 Thanks a lot for having me. 25 00:01:32,471 --> 00:01:34,551 So I'll start with my background. 26 00:01:34,561 --> 00:01:36,291 So my name is Shariq Aqil. 27 00:01:36,311 --> 00:01:40,371 I'm global field CTO with Zerto, which is an HPE company. 28 00:01:42,576 --> 00:01:46,666 I joined this company just over two years ago, and before joining 29 00:01:46,666 --> 00:01:48,916 HPE and Zerto, I was, with Dell. 30 00:01:49,366 --> 00:01:52,786 I spent, just over five years there with Dell and EMC. 31 00:01:53,596 --> 00:01:55,516 I was part of their data protection division. 32 00:01:55,726 --> 00:01:58,466 And, then I was covering their global alliances, for the 33 00:01:58,466 --> 00:01:59,836 complete enterprise portfolio. 34 00:01:59,916 --> 00:02:02,016 Before joining Dell, I was with IBM. 35 00:02:02,096 --> 00:02:05,776 I spent, a few years there working in the software defined storage. 36 00:02:06,366 --> 00:02:09,796 And before that I was with Dell and before that spent a few years as a 37 00:02:09,796 --> 00:02:11,356 hands on resource in a data center. 38 00:02:11,356 --> 00:02:14,066 So just over 20 plus, years in the field. 39 00:02:15,246 --> 00:02:15,946 That's about me. 40 00:02:17,936 --> 00:02:18,206 Awesome. 41 00:02:18,906 --> 00:02:22,536 If we talk about Zerto, which is now acquired by Hewlett Packard 42 00:02:22,566 --> 00:02:28,556 Enterprise back in 2021, Zerto came into being back in 2009. 43 00:02:29,496 --> 00:02:34,306 And, it was a software that provides customers with disaster recovery, 44 00:02:34,466 --> 00:02:38,336 quick failover, failbacks, data mobility across different platforms 45 00:02:38,336 --> 00:02:39,736 and ransomware resilience. 46 00:02:40,096 --> 00:02:44,066 And all of this was built on the logics of continuous data protection. 47 00:02:44,706 --> 00:02:49,316 So always on data protection that provides customer with these three major use cases. 48 00:02:52,021 --> 00:02:52,601 Awesome. 49 00:02:53,231 --> 00:02:59,121 Well, thank you for being on the show, and I wanted to talk a little bit about 50 00:02:59,281 --> 00:03:06,071 cyber resiliency, so I know we're going to get into the Cyber Resiliency Vault, 51 00:03:06,181 --> 00:03:10,911 but I think for some of our listeners, maybe just giving them an overview 52 00:03:11,191 --> 00:03:16,851 of what a what is cyber resiliency and what is the problem it solves. 53 00:03:16,861 --> 00:03:19,301 So I figure I'll give them just a quick. 54 00:03:19,821 --> 00:03:23,551 You know, kind of high level, and then we can get a little bit 55 00:03:23,551 --> 00:03:24,711 more into the vault side of it. 56 00:03:24,771 --> 00:03:32,521 So as far as cyber resiliency, we're referring to an organization's ability 57 00:03:32,541 --> 00:03:37,061 to continue to operate effectively. 58 00:03:37,471 --> 00:03:44,871 Really in the face of cyber threats and attacks, and it encompasses what we 59 00:03:44,871 --> 00:03:50,761 would consider a comprehensive strategy, and that strategy includes things like 60 00:03:50,811 --> 00:03:57,661 prevention, detection, response and the analytical and Recovery and these are 61 00:03:57,661 --> 00:04:06,101 processes that are designed to protect as well as sustain the organization and 62 00:04:06,101 --> 00:04:13,211 really it's focused on what I would say critical operations and really the main 63 00:04:13,231 --> 00:04:23,216 problem that cyber resiliency solves is the vulnerability of, organizations to 64 00:04:23,626 --> 00:04:29,506 disruptions that are caused by things like cyber attacks, which can result 65 00:04:30,046 --> 00:04:36,896 in, we'll say, significant operational, financial, as well as reputational damage. 66 00:04:37,346 --> 00:04:43,816 And by implementing, we'll say, robust cyber resiliency measures, 67 00:04:44,046 --> 00:04:50,581 organizations can minimize the impact of attacks, ensure the continuity 68 00:04:50,921 --> 00:04:55,691 of essential services, and this is, I think, the important one, 69 00:04:55,691 --> 00:04:58,631 quickly restore full functionality. 70 00:04:59,081 --> 00:05:05,381 And that's really just maintaining the trust that the business has 71 00:05:05,391 --> 00:05:08,101 put in us as cyber defenders. 72 00:05:08,541 --> 00:05:14,701 And really safeguarding assets in what I think Shariq and I would consider an 73 00:05:14,701 --> 00:05:19,111 increasingly hostile digital landscape. 74 00:05:19,781 --> 00:05:26,251 So I think that sets the stage for like cyber resiliency, really the problem. 75 00:05:26,961 --> 00:05:31,951 And I think it would be useful now, Shariq, if I go into like, 76 00:05:32,341 --> 00:05:37,971 what is a Cyber Resiliency vault and what problem does it solve? 77 00:05:38,351 --> 00:05:43,851 And then I think what would be good is, is just getting an idea 78 00:05:43,941 --> 00:05:46,656 of how does, how does Zerto work? 79 00:05:46,856 --> 00:05:52,656 Look at this whole problem and what, what does that landscape look 80 00:05:52,656 --> 00:05:56,816 like to you and, and let's see if we match up on what I'm saying. 81 00:05:56,846 --> 00:05:57,426 Does that sound good? 82 00:05:58,396 --> 00:06:00,256 Yeah, that sounds pretty good. 83 00:06:00,256 --> 00:06:03,286 And you know what, the way you describe cyber resilience is 84 00:06:03,286 --> 00:06:05,316 exactly what cyber resilience is. 85 00:06:06,006 --> 00:06:06,866 Let's just call it. 86 00:06:06,886 --> 00:06:07,766 It is an outcome. 87 00:06:08,016 --> 00:06:08,756 It is an outcome. 88 00:06:08,756 --> 00:06:09,646 It's not a product. 89 00:06:09,746 --> 00:06:10,576 It is an outcome. 90 00:06:11,116 --> 00:06:14,966 And to achieve that outcome, we have to have, different policies in place, 91 00:06:15,086 --> 00:06:18,856 right people in place, right education in place and right products in place. 92 00:06:19,406 --> 00:06:22,246 Only then we'll be able to achieve the resilience that you were 93 00:06:22,256 --> 00:06:24,526 talking about a few minutes ago. 94 00:06:25,156 --> 00:06:27,516 And, when it comes to it, there are two strategies. 95 00:06:27,556 --> 00:06:31,006 One is the proactive one means keeping the bad actors out. 96 00:06:31,776 --> 00:06:35,406 And that is like having a strong security defenses in place. 97 00:06:35,416 --> 00:06:37,626 So right products, right people, right policies, right 98 00:06:37,626 --> 00:06:39,716 education for the employees. 99 00:06:40,481 --> 00:06:42,851 They are well aware of what to click, what not to click so 100 00:06:42,851 --> 00:06:44,141 that we keep the bad actors out. 101 00:06:44,771 --> 00:06:48,941 The second phase comes in is like reactive when if a bad actor is in 102 00:06:49,091 --> 00:06:51,211 and they are able to cause any damage. 103 00:06:51,501 --> 00:06:55,471 Now, how to respond to that, how to detect it, how to recover and recover 104 00:06:55,471 --> 00:07:00,736 very quickly because, recovery is the, is the base that whole business will 105 00:07:00,806 --> 00:07:02,526 rely on in case of a cyber attack. 106 00:07:02,526 --> 00:07:03,196 There's a downtime. 107 00:07:03,196 --> 00:07:04,246 Now you have to recover. 108 00:07:04,786 --> 00:07:08,736 Now, how quickly you can recover and how sure you are, what kind 109 00:07:08,736 --> 00:07:10,346 of data you are recovering back. 110 00:07:10,946 --> 00:07:14,706 So, this is my perspective on cyber resilience, approaches. 111 00:07:15,441 --> 00:07:16,231 That's perfect. 112 00:07:16,761 --> 00:07:17,021 Yeah. 113 00:07:17,021 --> 00:07:23,681 And I think talking about the whole vault concept too will definitely help 114 00:07:23,721 --> 00:07:26,821 kind of add a little bit more to that. 115 00:07:27,261 --> 00:07:31,371 So essentially, like, when I look at this, this whole piece of what we've 116 00:07:31,381 --> 00:07:36,681 talked about, I look at the and you can correct me if I'm off here, but I 117 00:07:36,681 --> 00:07:40,591 think of a Cyber Resiliency Vault as... 118 00:07:40,936 --> 00:07:44,366 we'll call it secure, because that's what everybody wants to hear. 119 00:07:44,966 --> 00:07:49,236 A lot of times it's air gapped, air gapped storage. 120 00:07:49,756 --> 00:07:56,276 And it's really designed to protect critical data, as well as systems. 121 00:07:56,756 --> 00:08:02,926 And it's against things like ransomware and other forms of malware. 122 00:08:02,926 --> 00:08:05,206 I think that was kind of the initial intent. 123 00:08:05,756 --> 00:08:11,426 And it ensures that stored data remains secure. 124 00:08:12,001 --> 00:08:19,801 Immutable, and that means it can't be altered, can't be deleted, and thereby we 125 00:08:19,801 --> 00:08:25,701 maintain something pretty important, which is data integrity as well as availability, 126 00:08:26,171 --> 00:08:30,271 even in the event of security breaches, because we hear about this all the time 127 00:08:30,271 --> 00:08:34,171 where organizations have been breached and I see them down for a long time. 128 00:08:34,596 --> 00:08:36,946 Weeks, if not months. 129 00:08:37,336 --> 00:08:40,866 And what I'm starting to realize is I think a lot of them have not 130 00:08:41,516 --> 00:08:49,616 gotten very far into the concept of resilient systems and a resilient vault. 131 00:08:50,276 --> 00:08:50,856 So. 132 00:08:51,461 --> 00:08:56,891 I think when you look at this and having a specialized vault that can 133 00:08:56,891 --> 00:09:04,011 address things and, and it's really the, the crucial need for rapid recovery. 134 00:09:04,761 --> 00:09:07,281 And this really gives an organization. 135 00:09:08,011 --> 00:09:12,401 A point to restore back to and what we're trying to do is restore 136 00:09:12,401 --> 00:09:16,711 operations quickly, minimal disruptions. 137 00:09:16,761 --> 00:09:18,791 And this is following an attack. 138 00:09:19,021 --> 00:09:22,221 But I could almost see this as not just an attack. 139 00:09:22,221 --> 00:09:27,781 But if somebody makes a mistake, we call this in the industry a lot insider threat. 140 00:09:28,551 --> 00:09:30,031 Sometimes it's malicious. 141 00:09:30,551 --> 00:09:31,521 Sometimes it's not. 142 00:09:31,531 --> 00:09:33,661 Sometimes it's just somebody that doesn't know what they're doing. 143 00:09:34,021 --> 00:09:39,336 And next thing you know all of those VMs that you had are, are gone, they're wiped. 144 00:09:39,426 --> 00:09:41,386 And when you ask, well, how did that happen? 145 00:09:42,046 --> 00:09:44,786 It comes down to somebody just didn't know what they were doing. 146 00:09:45,476 --> 00:09:49,766 But I think some of the things to keep in mind is that with a vault, you know, we're 147 00:09:49,766 --> 00:09:51,496 doing things like encrypting the data. 148 00:09:51,946 --> 00:09:54,476 We're isolating it from the network. 149 00:09:54,746 --> 00:09:58,496 We're preventing unauthorized access and tampering. 150 00:09:58,926 --> 00:10:02,436 And really it, it fits into that broader. 151 00:10:03,236 --> 00:10:07,036 That broader resiliency strategy, that we've talked about. 152 00:10:07,736 --> 00:10:14,416 And I look at this as organizations that implement a vault really, they're 153 00:10:14,416 --> 00:10:19,846 enhancing their ability to withstand and quickly recover from an incident. 154 00:10:20,476 --> 00:10:23,906 We're, we're really ensuring that business continuity. 155 00:10:24,401 --> 00:10:28,991 And the protection of sensitive and critical data is there. 156 00:10:29,321 --> 00:10:34,981 And I think that generally this, I think this approach was looked 157 00:10:34,981 --> 00:10:40,691 at for just crucial environments where like data integrity and 158 00:10:40,691 --> 00:10:42,911 availability are super important. 159 00:10:42,991 --> 00:10:47,701 So if I kind of rewind, I look at this as financial services, healthcare, 160 00:10:47,711 --> 00:10:49,901 government, large enterprises. 161 00:10:50,351 --> 00:10:52,461 But honestly, I think where we're at now. 162 00:10:52,461 --> 00:10:52,511 Okay. 163 00:10:52,886 --> 00:10:59,596 Is this should be business as usual for organizations of all shapes and sizes. 164 00:11:00,306 --> 00:11:01,346 Yeah, absolutely. 165 00:11:01,506 --> 00:11:02,076 Absolutely. 166 00:11:02,096 --> 00:11:03,136 Beautiful description. 167 00:11:03,166 --> 00:11:09,506 And, the basic reason that these cyber walls came into being, like cyber attacks 168 00:11:09,506 --> 00:11:12,786 and these cyber attackers, what they were doing is like, they get into the 169 00:11:12,786 --> 00:11:14,536 network, they perform a network scan. 170 00:11:15,026 --> 00:11:18,406 And they identify anything that is connected anything that is storing the 171 00:11:18,406 --> 00:11:20,176 data or keeping the copies of the data. 172 00:11:20,466 --> 00:11:24,736 And then they attack those before encrypting the production environment 173 00:11:25,406 --> 00:11:28,776 So if you have a backup server sitting in there because we have to 174 00:11:29,036 --> 00:11:32,886 understand backups are good Backups needs to be there for operational 175 00:11:32,886 --> 00:11:37,106 recovery, but if they are sitting on network, then they are also a target. 176 00:11:37,156 --> 00:11:41,876 And we have seen these attackers targeting the backup copies or replica copies before 177 00:11:41,956 --> 00:11:43,306 they encrypt the production environment. 178 00:11:44,156 --> 00:11:48,316 So because of that reason, the requirement came to have an air gap copy 179 00:11:48,316 --> 00:11:52,026 of your data so that it is if somebody comes in and perform a network scan, 180 00:11:52,026 --> 00:11:53,506 they are not able to see that copy. 181 00:11:54,076 --> 00:11:55,866 And that copy has to be immutable. 182 00:11:56,066 --> 00:12:02,076 And when we talk about immutability, it has to be really immutable in a way that 183 00:12:02,106 --> 00:12:05,876 once it is written, nobody's able to tamper with it, including administrators. 184 00:12:06,626 --> 00:12:09,456 So the point that you were talking about internal attacks. 185 00:12:09,866 --> 00:12:13,886 So in that case, you have to have that protection available, uh, 186 00:12:14,526 --> 00:12:17,826 Once it is written, it has to be, it has to be immutable and nobody 187 00:12:17,826 --> 00:12:18,996 should be able to tamper with it. 188 00:12:19,616 --> 00:12:22,466 So we talked about isolation, we talked about immutability, but 189 00:12:22,496 --> 00:12:26,306 the third thing and that is the important thing is like integrity 190 00:12:26,306 --> 00:12:27,726 of the data that you are storing. 191 00:12:28,856 --> 00:12:29,986 What is the health of the data? 192 00:12:29,986 --> 00:12:35,306 How clean the data is so that in case you are hit, you should know what is 193 00:12:35,306 --> 00:12:39,336 the last known good copy I can go back to, to start the recovery process? 194 00:12:39,746 --> 00:12:44,666 So these cyber walls really provide all three or four capabilities not only to 195 00:12:44,666 --> 00:12:49,516 store the data, but to check the health of the data as well as keeping it immutable. 196 00:12:51,446 --> 00:12:52,156 Exactly. 197 00:12:53,396 --> 00:12:59,506 And I think something, if I know the listeners out there, and I know 198 00:12:59,506 --> 00:13:02,546 those watching, they're probably going to ask the question based 199 00:13:02,546 --> 00:13:04,136 on, on what we've discussed. 200 00:13:05,146 --> 00:13:11,566 Why do we need cyber resiliency and Cyber Vaults? 201 00:13:12,086 --> 00:13:15,836 And I think of this as kind of two pieces. 202 00:13:15,836 --> 00:13:21,916 One, the way we've described it, cyber resiliency focuses on the broader 203 00:13:21,916 --> 00:13:28,836 strategy of preparing for and responding to and recovering from a cyber attack. 204 00:13:29,176 --> 00:13:35,646 While the Cyber Resiliency vault, is it's a specific and we'll call it 205 00:13:35,686 --> 00:13:42,286 a tactical tool that is supporting the the strategy and that's that's 206 00:13:42,296 --> 00:13:45,466 essentially by safeguarding the data. 207 00:13:46,296 --> 00:13:46,946 What do you think? 208 00:13:46,946 --> 00:13:50,336 Is that a pretty accurate assessment? 209 00:13:50,766 --> 00:13:51,816 Accurate, pretty accurate. 210 00:13:52,176 --> 00:13:54,876 And I'll just give you an example. 211 00:13:55,276 --> 00:13:58,726 There are like five different pillars you already talked about, identify, 212 00:13:58,726 --> 00:14:00,606 protect, detect, respond, recover. 213 00:14:01,186 --> 00:14:04,876 So usually the first three pillars usually lies with the security teams. 214 00:14:05,246 --> 00:14:09,136 Identify, protect, detect is like keeping the bad actors out, stopping the attacks 215 00:14:09,136 --> 00:14:10,866 even before they cause any damage. 216 00:14:11,416 --> 00:14:12,996 So they are doing a very good job. 217 00:14:13,106 --> 00:14:15,866 They have best tools in place and they are keeping the bad actors out. 218 00:14:16,116 --> 00:14:20,156 But if a bad actor is in, and if there is any corruption, Now, the 219 00:14:20,156 --> 00:14:24,146 question is who owns the recovery of the data after that corruption? 220 00:14:24,206 --> 00:14:25,116 Is it security team? 221 00:14:25,916 --> 00:14:27,256 Or is it someone else? 222 00:14:28,336 --> 00:14:32,216 If it is a storage team, now the question is, do they have the right infrastructure 223 00:14:32,216 --> 00:14:36,406 deployed to be able to perform that kind of recovery from a cyber attack? 224 00:14:36,906 --> 00:14:41,216 And this is where, exactly where you need the vault to help complement 225 00:14:41,216 --> 00:14:42,881 your cyber resilience strategy. 226 00:14:44,521 --> 00:14:48,971 I agree, because I end up seeing organizations that often point in 227 00:14:48,971 --> 00:14:54,821 different directions when you say, well, who's responsible for for this recovery? 228 00:14:55,231 --> 00:15:01,001 And I think I think having a vault definitely starts to simplify 229 00:15:01,191 --> 00:15:05,131 and having the strategy overall is, I think, pretty important. 230 00:15:05,571 --> 00:15:12,261 So what I'd like to talk about is specifically like how do you 231 00:15:12,271 --> 00:15:16,831 do this vault concept with Zerto? 232 00:15:17,261 --> 00:15:23,551 So I would think of this as, as building a Cyber Resiliency 233 00:15:23,571 --> 00:15:25,751 vault with the Zerto technology. 234 00:15:25,751 --> 00:15:28,561 I'm just super interested in, in what that looks like and kind 235 00:15:28,561 --> 00:15:30,281 of the approach that you take. 236 00:15:30,281 --> 00:15:37,811 And then I figure what I could do is talk about how we look at this from 237 00:15:37,811 --> 00:15:42,901 a program perspective and tooling is always great for supporting the program. 238 00:15:42,901 --> 00:15:45,971 So I think let's go tools first and then let's talk a little bit about program 239 00:15:46,881 --> 00:15:47,371 Sure thing. 240 00:15:47,381 --> 00:15:51,511 So before going into the details of our solution, I want to talk about the 241 00:15:51,521 --> 00:15:55,611 market landscape quickly, which was there before we launched our product. 242 00:15:56,201 --> 00:15:59,041 So there were many cyber world offerings out there in the market. 243 00:15:59,721 --> 00:16:03,371 But one thing that was common in all those solutions, all those solutions 244 00:16:03,371 --> 00:16:05,291 were based off of backup software. 245 00:16:06,126 --> 00:16:06,376 Right. 246 00:16:06,436 --> 00:16:09,196 The backup software writing the data and then you are vaulting it. 247 00:16:10,106 --> 00:16:15,726 And one reminder that our customers never relied on backup software to provide 248 00:16:15,726 --> 00:16:17,276 them with mass recovery of the data. 249 00:16:18,156 --> 00:16:19,506 Nothing to do with anything. 250 00:16:19,516 --> 00:16:21,906 It is some technology limitations are always there. 251 00:16:21,916 --> 00:16:25,886 They use something like a storage replication, something like Zerto 252 00:16:26,246 --> 00:16:29,696 to provide them with the ability to quickly fail over, fail back 253 00:16:30,066 --> 00:16:31,586 and do the mass data recovery. 254 00:16:32,426 --> 00:16:35,466 Because the backup, first of all, it takes long time to recover. 255 00:16:35,466 --> 00:16:35,526 Right. 256 00:16:35,527 --> 00:16:35,534 Right. 257 00:16:35,534 --> 00:16:35,541 Right. 258 00:16:35,751 --> 00:16:38,071 Plus you only perform backup once a day. 259 00:16:38,941 --> 00:16:40,351 So there's a data loss window. 260 00:16:40,916 --> 00:16:44,656 If we talk about data loss of 24 hours plus the recovery time of a couple 261 00:16:44,656 --> 00:16:47,826 of weeks, that's a long, a long time. 262 00:16:47,976 --> 00:16:51,486 And we saw that as a gap in the market, that all these solutions 263 00:16:51,486 --> 00:16:53,286 are based off of this technology. 264 00:16:53,626 --> 00:16:58,316 So what we did with our solution is, we brought the data 265 00:16:58,316 --> 00:17:00,126 mover Zerto into the picture. 266 00:17:00,391 --> 00:17:05,121 And coupled it with HPE hardware to come up with the solution where 267 00:17:06,211 --> 00:17:11,001 we provide a cyber vaulting, not based off of backup, but based 268 00:17:11,001 --> 00:17:13,411 off of continuous data protection. 269 00:17:13,961 --> 00:17:16,991 So any point in time recovery that is getting replicated 270 00:17:16,991 --> 00:17:18,941 to our vault, number one. 271 00:17:19,821 --> 00:17:23,581 The second thing is as we are replicating the data, now we are performing the 272 00:17:23,591 --> 00:17:27,081 scan of the data to identify any anomalies, any traces of the encryption. 273 00:17:27,581 --> 00:17:30,151 So within three to five seconds, you are. 274 00:17:30,641 --> 00:17:34,971 You know that the data copy is clean or not, instead of you perform 275 00:17:34,981 --> 00:17:38,911 backup, wait 24 hours and then start the scan and then you know that you 276 00:17:38,911 --> 00:17:40,351 have a right, a clean copy or not. 277 00:17:41,091 --> 00:17:42,211 So we combined it. 278 00:17:42,231 --> 00:17:43,581 So this is how we move the data. 279 00:17:43,591 --> 00:17:47,501 As we are moving the data, we are scanning it, then we are making it immutable, 280 00:17:47,741 --> 00:17:49,071 but we are not leaving it there. 281 00:17:49,211 --> 00:17:56,171 From there on, we are creating an air gap copy of that data into our wall zone. 282 00:17:57,001 --> 00:18:00,971 And that is totally based off of decentralized architecture. 283 00:18:01,541 --> 00:18:03,171 So there is no single manager of it. 284 00:18:03,971 --> 00:18:06,861 If there is no single manager, there is no single point of compromise. 285 00:18:07,501 --> 00:18:11,061 The whole architecture is built on zero trust principles. 286 00:18:12,086 --> 00:18:15,876 So the data mover component does not know about the retention policy. 287 00:18:15,876 --> 00:18:18,906 The retention policy holder does not know about the replication policy. 288 00:18:18,906 --> 00:18:20,866 So there are many things that we considered. 289 00:18:21,756 --> 00:18:25,796 And the beauty of this architecture is that it is continuous data protection. 290 00:18:25,796 --> 00:18:28,716 So it does any point in time recovery for up to whatever 291 00:18:28,936 --> 00:18:30,306 retention duration you want. 292 00:18:30,636 --> 00:18:36,206 Plus the recovery time for petabytes of data came down from weeks or 293 00:18:36,226 --> 00:18:41,956 months So that's one part of the recovery of the data loss window. 294 00:18:41,956 --> 00:18:45,586 We brought it down from like 24 hours down to three or four hours. 295 00:18:45,587 --> 00:18:50,736 Recovery time, we brought it down from like 30 plus days down to two hours. 296 00:18:50,916 --> 00:18:54,826 So that's the business impact that we reduced. 297 00:18:55,736 --> 00:18:59,176 The third thing that people don't usually talk about, we always talk 298 00:18:59,186 --> 00:19:02,886 about vaulting the data, but we never talk about recovering the data. 299 00:19:04,206 --> 00:19:07,766 Because if you have, if you are under cyber attack means your production is 300 00:19:07,766 --> 00:19:09,456 compromised, might not be accessible. 301 00:19:09,456 --> 00:19:11,846 So now you have the data copy, where will you recover it? 302 00:19:12,206 --> 00:19:13,016 You will need a clean room. 303 00:19:14,446 --> 00:19:17,916 So what we did in our architecture, we combined the vaulting and clean 304 00:19:17,916 --> 00:19:22,596 room in one solution to be able to not only store the data, keep it safe, 305 00:19:22,636 --> 00:19:26,306 but also in case of attack, we will be able to recover it, perform tests, 306 00:19:26,306 --> 00:19:29,856 do the forensic, do the cleansing, and then move the data back to production. 307 00:19:30,886 --> 00:19:33,416 So that's on a high level Brad, that's our architecture. 308 00:19:33,416 --> 00:19:34,756 I love it... 309 00:19:35,841 --> 00:19:39,561 Honestly, when I look at this, I mean, I, I feel that this is in some cases, the 310 00:19:39,601 --> 00:19:46,421 only chance that an organization would, would have to recover because of just 311 00:19:46,431 --> 00:19:49,331 how attacks are starting to ramp up. 312 00:19:49,981 --> 00:19:55,296 And, I think, you know, tools are tools are fantastic, but when I've 313 00:19:55,306 --> 00:20:00,586 noticed is after watching a lot of these recovery events of organizations 314 00:20:00,586 --> 00:20:07,296 that have been compromised, I found really the kind of the weakest link 315 00:20:07,336 --> 00:20:14,306 is the people in preparation and the ability to act when the event occurs 316 00:20:14,696 --> 00:20:16,456 like your technology is fantastic. 317 00:20:16,881 --> 00:20:19,091 It's, it's there to be leveraged. 318 00:20:19,511 --> 00:20:24,741 But when I start talking to an organization and I, I just ask one simple 319 00:20:24,751 --> 00:20:27,691 thing, what needs to come up first? 320 00:20:28,851 --> 00:20:30,731 Let's say you're, you're completely down. 321 00:20:31,401 --> 00:20:33,151 What does that actually look like? 322 00:20:33,251 --> 00:20:37,461 And I have a bunch of people staring at me and they don't know the answer to that. 323 00:20:38,131 --> 00:20:42,171 So what, what I think would be interesting is if we talk through 324 00:20:42,171 --> 00:20:48,221 kind of the, the programmatic approach and how we could then leverage Zerto. 325 00:20:48,711 --> 00:20:55,401 In this type of scenario where we've been compromised, either systems 326 00:20:55,491 --> 00:20:57,481 are down, all systems are down. 327 00:20:57,531 --> 00:20:59,621 Active directory has been impacted. 328 00:21:00,021 --> 00:21:03,691 There's some form of event that is, that is happening. 329 00:21:04,211 --> 00:21:11,991 So the first thing that, that I ask clients is Let's try to get in 330 00:21:11,991 --> 00:21:13,281 front of this before it happens. 331 00:21:13,281 --> 00:21:14,181 That's the big thing. 332 00:21:14,421 --> 00:21:21,721 But first, ask yourself and your organization today, can your business 333 00:21:21,781 --> 00:21:26,101 recover without major financial loss? 334 00:21:26,641 --> 00:21:31,261 And I would say in 80% of organizations that are asked that 335 00:21:31,261 --> 00:21:34,421 question, the answer is maybe. 336 00:21:35,121 --> 00:21:36,031 It's not a no. 337 00:21:36,101 --> 00:21:36,951 It's not a yes. 338 00:21:36,991 --> 00:21:38,441 People just aren't sure. 339 00:21:39,161 --> 00:21:44,011 So what what we've done is we've we've kind of looked at this as 340 00:21:44,051 --> 00:21:47,181 a cyber resiliency framework. 341 00:21:47,531 --> 00:21:52,981 So the first thing that I would ask is if that's a maybe for your organization, 342 00:21:53,221 --> 00:21:57,331 consider this framework, and I'm going to just kind of rapidly go through it. 343 00:21:57,831 --> 00:22:03,561 First aspect is making sure you understand the mission. 344 00:22:04,151 --> 00:22:04,421 What? 345 00:22:04,421 --> 00:22:06,701 What is the mission of your organization? 346 00:22:07,061 --> 00:22:13,401 The implementation of your technology and identify technology requirements overall. 347 00:22:13,841 --> 00:22:15,121 When do things need to come up? 348 00:22:15,431 --> 00:22:16,471 In what order? 349 00:22:16,661 --> 00:22:17,991 What service accounts? 350 00:22:18,041 --> 00:22:19,521 There's a lot of things that go into that. 351 00:22:19,571 --> 00:22:23,571 I make it sound kind of easy, but there's a lot of work that needs to happen. 352 00:22:24,111 --> 00:22:28,991 Second is revenue as well as brand equity. 353 00:22:29,291 --> 00:22:32,411 So this, this essentially supports. 354 00:22:33,236 --> 00:22:38,456 Enables your overall business strategy because as we've seen with some of 355 00:22:38,456 --> 00:22:44,046 these cyber attacks recently, not only is it a revenue impact to the business 356 00:22:44,046 --> 00:22:48,596 'cause they're, they're down and they're unable to provide the service that they 357 00:22:48,601 --> 00:22:50,786 are implementing in the first place. 358 00:22:51,136 --> 00:22:56,866 They brand takes a significant impact and customers may not be as comfortable 359 00:22:56,866 --> 00:23:00,966 coming back and doing business with an organization that's been compromised So. 360 00:23:01,806 --> 00:23:03,656 Asking yourself that question. 361 00:23:04,356 --> 00:23:10,326 Third, what what are the core business functions and aligning 362 00:23:10,336 --> 00:23:14,936 those with security to protect critical systems as well as data? 363 00:23:15,276 --> 00:23:19,046 And then I think this is where some of that vaulting technology comes into play. 364 00:23:19,726 --> 00:23:25,871 And fourth, There's the internal operations and administrative functions. 365 00:23:25,871 --> 00:23:29,401 And this is where I see a lot of organizations really struggle, because 366 00:23:29,401 --> 00:23:35,541 what I'm asking you to do is map technology to business functions. 367 00:23:35,991 --> 00:23:40,971 And that's essentially the only way you're ever going to recover from. 368 00:23:41,471 --> 00:23:44,741 A large scale cyber event. 369 00:23:46,111 --> 00:23:46,921 What do you think of that? 370 00:23:46,921 --> 00:23:52,231 Do you think that's, that's pretty solid as far as a framework and approach? 371 00:23:52,251 --> 00:23:53,261 It's pretty high level. 372 00:23:53,771 --> 00:23:56,531 That's a really, really, very strong approach. 373 00:23:56,561 --> 00:23:57,821 And you covered it again. 374 00:23:57,861 --> 00:24:02,521 You covered it very well because you cannot achieve resilience with one thing. 375 00:24:02,871 --> 00:24:05,571 You have to have the right people identified. 376 00:24:05,571 --> 00:24:07,501 You have to have right policies in place. 377 00:24:07,511 --> 00:24:10,351 You have to have right products in place to be able to support that. 378 00:24:10,791 --> 00:24:15,711 But not only, not only these three P's, but you also, also need to consider. 379 00:24:16,976 --> 00:24:22,006 That, in, in case you are attacked, what are the minimum viable business 380 00:24:22,006 --> 00:24:23,506 components that you are recovering? 381 00:24:23,566 --> 00:24:25,546 So, it will start with identification. 382 00:24:26,356 --> 00:24:27,526 As you explained it very well. 383 00:24:27,566 --> 00:24:29,246 Identify what you want to protect. 384 00:24:29,636 --> 00:24:32,566 Identify the interdependencies of those components. 385 00:24:32,776 --> 00:24:35,596 So that you are not just recovering the data, but you are recovering 386 00:24:35,596 --> 00:24:38,166 the complete ecosystem that is required to serve that data. 387 00:24:38,516 --> 00:24:39,246 Exactly. 388 00:24:39,456 --> 00:24:39,736 Right. 389 00:24:39,766 --> 00:24:41,676 So you have to identify that. 390 00:24:42,136 --> 00:24:45,956 Then when you have identified, then you move it, then you protect it 391 00:24:45,986 --> 00:24:49,256 using a product, but then you need to have right processes in place 392 00:24:49,256 --> 00:24:53,396 and right people identified that who will be able to test that data. 393 00:24:54,286 --> 00:24:56,516 What should, should be the access mechanism? 394 00:24:56,836 --> 00:24:58,506 What are the policies about it? 395 00:24:59,366 --> 00:24:59,716 And. 396 00:25:00,111 --> 00:25:04,651 After that, what, how can, how can you perform the testing of whatever you have 397 00:25:04,711 --> 00:25:10,451 identified to be protected and whoever is required to, to test the data and 398 00:25:10,451 --> 00:25:12,401 actually perform the recovery testing? 399 00:25:12,881 --> 00:25:13,701 That's a big one. 400 00:25:13,911 --> 00:25:14,851 Yeah, that's a big one. 401 00:25:14,851 --> 00:25:18,261 I see a lot of organizations struggle where they haven't tested 402 00:25:18,591 --> 00:25:21,361 and what they bring back is not what they needed to bring back. 403 00:25:21,801 --> 00:25:22,891 , that's, that's something 404 00:25:22,891 --> 00:25:23,061 that. 405 00:25:23,167 --> 00:25:24,196 Yeah, 406 00:25:24,276 --> 00:25:28,126 because that, that testing will really compliment when in case of a cyber 407 00:25:28,126 --> 00:25:31,736 attack, when you are down, you will need to go through not only like just 408 00:25:31,736 --> 00:25:35,816 bringing data backup, you might have to go through like data forensics first. 409 00:25:36,586 --> 00:25:41,226 So do you really want to have a solution in place that supports 410 00:25:41,226 --> 00:25:45,216 you so that supports you to perform testing so that you've been. 411 00:25:45,846 --> 00:25:50,116 You perform the testing, you'll be able to test all of your tools right there on 412 00:25:50,116 --> 00:25:55,206 the set of the data to perform forensic analysis, cleansing, and a rehearsal 413 00:25:55,376 --> 00:25:56,986 to move the data back to production. 414 00:25:57,106 --> 00:25:58,366 So these are the important things. 415 00:25:58,366 --> 00:25:59,566 So identification. 416 00:26:00,036 --> 00:26:02,386 Identification, protection, testing. 417 00:26:03,306 --> 00:26:04,096 Totally agree. 418 00:26:05,186 --> 00:26:12,556 And Shariq, something I always like to do in the podcast is I like to give a kind 419 00:26:12,556 --> 00:26:16,686 of a wrap up, of an I never liked to use the word expert, but it comes out of my 420 00:26:16,686 --> 00:26:22,666 mouth often, like an, an expert opinion and some pro tips when it comes to. 421 00:26:24,656 --> 00:26:31,816 So when it comes to cyber resiliency, as well as vaulting, I kind of want 422 00:26:31,816 --> 00:26:39,736 to give the listeners a couple of high level things to consider, because I think 423 00:26:39,736 --> 00:26:42,876 sometimes this can seem a little complex. 424 00:26:43,176 --> 00:26:45,576 So I'll start with just a couple. 425 00:26:46,286 --> 00:26:50,296 And then I think we can, we can wrap it up with, with kind of your, your 426 00:26:50,306 --> 00:26:55,396 pro tips or, or overall thoughts when it comes to a Resiliency Vault. 427 00:26:55,426 --> 00:27:01,676 So I think if you're looking at this today, I would start with getting 428 00:27:01,676 --> 00:27:06,221 a clear understanding of what your critical assets actually are. 429 00:27:06,271 --> 00:27:12,171 I think it's actually one of my mentors, John Kindervog has said "it 430 00:27:12,171 --> 00:27:14,961 is defining your protect surface. 431 00:27:15,331 --> 00:27:17,651 It's not necessarily your attack surface because. 432 00:27:18,211 --> 00:27:22,971 That's pretty much everywhere now, but it is start with that clear understanding 433 00:27:22,971 --> 00:27:26,401 of what it is that you're going to protect, which is your critical asset." 434 00:27:26,961 --> 00:27:31,251 I would say ensuring the vault is properly air gapped. 435 00:27:31,271 --> 00:27:35,521 So I liked the discussion that we had about the zero trust implementation 436 00:27:35,521 --> 00:27:43,036 and keeping things separate as a cyber practitioner, I would say, encrypt 437 00:27:43,576 --> 00:27:50,606 everything as often as possible, whether it's in transit at rest in a vault, 438 00:27:51,146 --> 00:27:53,726 encrypt everything that you possibly can. 439 00:27:54,316 --> 00:28:01,506 And then I would say, implement those strict access controls and and adopt 440 00:28:01,626 --> 00:28:04,201 least privilege, wherever possible. 441 00:28:04,801 --> 00:28:08,371 And then I would say, and this is just good cyber hygiene, you know, 442 00:28:08,381 --> 00:28:11,811 regularly update and patch systems. 443 00:28:12,421 --> 00:28:16,111 I think the one that stuck with me from this conversation is 444 00:28:16,641 --> 00:28:19,971 test your recovery process. 445 00:28:20,451 --> 00:28:27,996 And I would stay, I would say, stay compliant as well as audit regularly 446 00:28:28,456 --> 00:28:36,286 the entire process, not just for your cyber program, but the audit slash 447 00:28:36,326 --> 00:28:39,676 recovery process for your cyber vault. 448 00:28:41,606 --> 00:28:44,456 That's a great description again, but, one thing that we have 449 00:28:44,456 --> 00:28:48,156 learned from these cyber attacks in almost all type of cyber attacks. 450 00:28:49,406 --> 00:28:54,166 There was a requirement for having a clean infrastructure in place before you can 451 00:28:54,166 --> 00:28:58,016 perform the recovery because production was compromised, DR was compromised, 452 00:28:58,026 --> 00:29:01,486 and they were, our customers were not able to use existing infrastructure. 453 00:29:02,026 --> 00:29:06,076 So you need to have a clean set of equipment available. 454 00:29:06,291 --> 00:29:10,581 For you to perform the recovery and perform the testing and you can, and that 455 00:29:10,581 --> 00:29:13,641 will actually enable you to perform the regular testing because now you have a 456 00:29:13,641 --> 00:29:15,791 dedicated infrastructure that's clean. 457 00:29:16,561 --> 00:29:22,931 So identification, identify it, have a detailed incident response plan in place. 458 00:29:24,206 --> 00:29:28,656 Because now, now it will not be only the security teams doing the forensic. 459 00:29:28,656 --> 00:29:31,316 It will be the storage team providing them with the data. 460 00:29:31,316 --> 00:29:33,876 It will be networking team, bringing the networks back. 461 00:29:34,396 --> 00:29:36,926 And then all these teams have to work together. 462 00:29:37,096 --> 00:29:41,966 So you need to have the right incident response plan in place that. 463 00:29:43,196 --> 00:29:46,256 Product is providing you with a copy of the data, but everything else 464 00:29:46,266 --> 00:29:50,806 that is serving the data has to be in place before you go back to normal. 465 00:29:52,246 --> 00:29:56,656 So identification, then documenting it, having this 466 00:29:56,716 --> 00:29:58,596 incident response plan in place. 467 00:29:58,646 --> 00:29:59,906 And again, I'll come back to.. 468 00:30:00,266 --> 00:30:00,836 Test it. 469 00:30:01,456 --> 00:30:02,476 Perform the testing. 470 00:30:02,496 --> 00:30:08,196 Have a testing exercise, testing rehearsal plan for your teams to like 471 00:30:08,226 --> 00:30:11,516 coordinate and test everything beforehand. 472 00:30:11,516 --> 00:30:11,666 All right. 473 00:30:13,036 --> 00:30:13,906 Couldn't agree more. 474 00:30:15,306 --> 00:30:19,596 I think, if there's, if there's two things that I want our listeners to, to 475 00:30:19,596 --> 00:30:25,196 take away from this, it's always what's the action that, that they should take 476 00:30:25,216 --> 00:30:27,246 after listening to something like this? 477 00:30:27,696 --> 00:30:32,776 So we spent, you know, 25, 30 minutes, I would say going pretty, pretty 478 00:30:32,776 --> 00:30:37,706 high level on this, but there's a lot more conversation to be had. 479 00:30:37,716 --> 00:30:42,776 So from an organizational standpoint, what, what should their action be? 480 00:30:42,776 --> 00:30:43,616 And I would say. 481 00:30:44,091 --> 00:30:44,771 Two things. 482 00:30:44,901 --> 00:30:53,981 One, I would implement a cyber resiliency review, so I'm a big fan of discover and 483 00:30:53,981 --> 00:30:56,391 assess before you do much of anything. 484 00:30:56,871 --> 00:31:02,741 So I would say, conduct that review, and it's really looking at current trends. 485 00:31:03,316 --> 00:31:07,736 Cybersecurity strategies and systems and second, once you've done that and 486 00:31:07,736 --> 00:31:11,466 you have some good information that comes back from it, then it's time 487 00:31:11,466 --> 00:31:14,406 to adopt a Cyber Resiliency Vault. 488 00:31:14,956 --> 00:31:19,236 And I think that's where you can invest and adopt, vault technology. 489 00:31:19,236 --> 00:31:21,786 And I think Zerto is a great, great solution for that. 490 00:31:22,716 --> 00:31:23,036 Yep. 491 00:31:23,266 --> 00:31:23,646 Thank you. 492 00:31:23,686 --> 00:31:26,956 Thank you for, for that, feedback, but, you nailed it right there. 493 00:31:30,351 --> 00:31:32,931 We go to doctors to perform our health checks. 494 00:31:33,041 --> 00:31:35,031 Now we have to do the health check of the business. 495 00:31:35,031 --> 00:31:41,841 Just ask the question to your team that in case we are attacked, what we need 496 00:31:41,841 --> 00:31:46,586 to recover, who is responsible, how will we recover, where we will recover. 497 00:31:47,186 --> 00:31:49,496 Do we have the right technology in place? 498 00:31:50,326 --> 00:31:53,686 When you ask those questions after your health check is done only then 499 00:31:53,686 --> 00:31:56,966 you'll be able to understand your current state of business And are 500 00:31:56,966 --> 00:31:59,946 you cyber ready or cyber resilient... 501 00:32:00,486 --> 00:32:00,996 or not? 502 00:32:01,126 --> 00:32:03,536 And from there on we can take the discussion further. 503 00:32:03,566 --> 00:32:04,746 There are many technologies. 504 00:32:04,826 --> 00:32:06,766 It's not just HPE. 505 00:32:06,787 --> 00:32:07,177 It's not just Zerto. 506 00:32:07,177 --> 00:32:08,796 There are many technologies out there. 507 00:32:09,216 --> 00:32:10,956 They all have unique benefits. 508 00:32:11,116 --> 00:32:15,351 So I think, once you identify what is your requirement, our customers should 509 00:32:15,361 --> 00:32:19,381 talk to all these providers of these components so that they can take the 510 00:32:19,381 --> 00:32:23,381 discussion forward, understand what is available and be able to make the 511 00:32:23,381 --> 00:32:25,031 right decision for their environment. 512 00:32:26,851 --> 00:32:27,371 Excellent. 513 00:32:28,451 --> 00:32:31,401 All right, Shariq, I really appreciate you spending some time 514 00:32:31,401 --> 00:32:32,801 with us on the podcast today. 515 00:32:33,221 --> 00:32:34,471 And, thanks again. 516 00:32:34,901 --> 00:32:38,731 I hope our listeners have a great rest of their day or night 517 00:32:38,771 --> 00:32:39,881 or whenever you're listening. 518 00:32:40,351 --> 00:32:41,611 And, enjoy the content. 519 00:32:41,641 --> 00:32:42,101 Thank you. 520 00:32:42,721 --> 00:32:43,571 Thank you very much, Brad.