All right, good morning, re invent everybody fired up. I know I am. Uh first of all, thank you for taking time to have a chat with us this afternoon, we're gonna talk about a lot of things that are heavy on the minds of everybody. Um clearly, we're in the security theater for a reason. Um but here we're gonna talk about some unique things that we're doing in collaboration.
Again, my name is Dante Orsini. I'm with 1111 Systems. I'm joined with these two esteemed gentlemen here, Avi with AWS Tim with Beam. So let's get to it if we look at what's happening, right? We're really focusing on a couple of things in this presentation. We know that cyber threats at an all time high. It's only accelerating. We're gonna talk about some of the things that we can do to actually improve our cyber resilience. And at the same time, the the critical role that data protection plays in that.
So I love this slide take it in. This is a result of a lot of research. Uh VAM does a tremendous job here every year. They're doing a lot of original research in this case, there were 4200 people from around the world not Beam customers, right? 4200 folks in the enterprise space that were surveyed for this, we saw a lot of unique insights out of this. But if you take a look at this, obviously, we know that things like ransomware are are on the on the rise. But when you look at one of the biggest challenges that we see, I can't wait to see what happens in 23. You know, to see that the increase of 42% year over year is significant.
However, when you look at what's happening and you look at the number of people that answered this question. Have you been compromised in the last 12 months? And the question was actually posed if so, how many times? So what's interesting is depending on who you believe. When you read a lot of research, what's the typical dwell time of an event? Some people will say as, as you know, as little as 90 days, some people will say 200 days. So in this case, there were 15% of the the actual survey respondents that said that they had not been compromised. But if you buy into the fact that it could be up to 200 days of of dwell time, maybe they were compromised and they weren't even aware of it yet, right?
But here's the punch line. If you look deeper into the data, the number of people that said they were compromised more than once was out just outstanding and obviously troubling when you look at that. But the piece that's really interesting is if you look at the number of people that were compromised more than three times, imagine having to sit in front of your board quarterly and talk about your response to the latest cyber event that you had to withstand. Not a good place to be. Right?
So, again, more people were compromised more than once than people that were not compromised at all. Right. Obviously, these are troubling statistics. We're all in this fight together, but we're gonna talk a little bit about, you know what we're doing to actually close the gap and the gap is the part that we're gonna talk about today, right? Because we'll talk about things you can do from a preventative side. But at the end of the day, it's not a case of if it's when.
So when you're compromised, do you have a gap in your data protection strategy? Because that's the quickest path to recovery. It's also the number one target for someone that compromises the infrastructure pretty simple, right? It's economics. If I can compromise your backups, then I can hold you for ransom at a much higher rate than if you can still restore from a backup. Makes sense.
All right. I see a couple of heads nodding. I like it. Thanks for that. All right, as we move on. We know that there's a lot of things that, that will cause an event when you go through the post, you know, event actions and you're looking at what happened through the forensics process. A lot of these, you're familiar with, you know, when we look at, you know, people not having adequate playbooks and understanding how to respond what the challenges are in the network, the lack of visibility that they may have.
But I would argue that one of the biggest things is in the middle. It's social engineering and we'll talk about that in just a minute because at the end of the day, regardless of how strong, you know, your preventative actions are. Social engineering is a quick way to get into an infrastructure, right?
So we're gonna talk a little bit about the preventative side. This is where I want to actually, you know, ask Tim to join in here. A lot of this is gonna look familiar, right? When we talk about things we can do from an encryption perspective. MFA you know, a lot of people are gonna leverage, you know, endpoint detection, manage detection, response. But at the end of the day, we're gonna talk a little bit about what happens post then as well. Go ahead, Tim.
Yeah, thanks, Dante. So when I'm thinking about what Beam can do to help in these scenarios, we can leverage things like encryption, which is pretty straightforward, it's table stakes, right? Leveraging Beam software, we can either use our own encryption or running an AWS. We can use KMS services provided by AWS. So when we're leveraging these types of tool sets, we've got these features to help address the particular gaps.
O on the previous slide when I'm thinking about specific VAM features, whether it's on prem and in the cloud, wherever we're running VAM, we can leverage things like immutability in order to, to protect that critical data that we know from our previous research stats is specifically what's being targeted. When I think about items like clean room, it makes me want to ask a question to Avi you know, what do we get out of leveraging tool sets in AWS in particular?
So Avi if I'm thinking about a clean room and I need a place to recover my data, do we get infrastructure to be able to recover too?
Yeah, absolutely. So one of the benefits about using this entire solution together is that when you're performing a recovery, you can recover all of your data into brand new AWS account natively. Since the data is already on AWS, you're using immutability and S3 object log. So with AWS, you get and Beam, you get the ability to recover then into your own new account. And by using 1111, all the data is already in a separate account that is just your own customer data.
So using this joint solution, you have the data in your own separate account and be able to recover as well into a brand new account owned completely by you. It's not shared with other customers. I mean, another thing I want to mention this anomaly detection like this is a capability of Beams introducing in our upcoming release, the ability to scan in line our backups and look for some of this malicious data that might have, you know, crept into your environment. So we can um notify you if we see something abnormal or anomalous.
Um Dante, let's jump to the next one.
Yeah, before we jump, the, the other thing i just wanted to add to that is, you know, we talked a little bit about the preventative side of this, right? And there's a lot of folks in here, they're gonna focus on that. But at the end of the day, you have to understand even the best plan needs to also include what you're gonna do in the time of compromise. This is the number one most overlooked challenge that we see when we talk to customers, they simply are not prepared to deal with what happens when they are compromised, right?
We know that all the great tooling, we have to, to try to identify this on the front end. You know, if somebody's still able to compromise the infrastructure, then what, right, what happens post boom in an event? This is where we see a lot of organizations are really challenged and i wanna make sure everybody understands by leveraging AWS that gives us infinite capacity to stand up multiple copies of the data in completely isolated clean room environments. I'm gonna say it again, multiple copies of the data in completely isolated clean room environments that enables the expeditious recovery post event. Why? Because when people are are working with carriers on this from a cyber reliability insurance purpose, the number one call they have to make is to that carrier. What's the carrier gonna do? They're gonna bring in their own folks that run the forensics process. And the number one challenge they have because we work with a lot of these people is they simply don't have access to enough infrastructure to bring up multiple copies of the data simultaneously to really expedite the entire forensics process. This is not a quick thing unless you've got all the right process, both on the front end and on the post event end.
All right. So why are we up here? Well, we're up here because VAM 1111 and AWS are expanding our relationships. 1111 has been a partner. I've worked with my entire career at VAM over seven years and now we're introducing these capabilities that we've worked together on time into an AWS infrastructure. So like to Dante's point, with infinite capacity to take on backups, infinite capacity to be able to recover them into these environments will produce better outcomes for everyone.
Um uh the customers vendors and, and, and partners, anything you wanna add. Yeah. So i think 1111 has been using AWS, they're running their control plane on AWS. 1111 has also been using Beam for a while now and we and AWS have existing partnership. So by combining all three, we're actually providing the ability for a combined joint offering on AWS where you don't have to worry about managing the Beam infrastructure or running or securing the account. 1111 does all of that for you. So it's just a better together story with all three of us.
Appreciate that. So yeah, so just to reiterate right, we've been partnering with VAM since 2009, we've been doing this at scale globally for a very long time. And what's exciting about this partnership between the three of us is being able to extend what we've been able to do in our own data centers into AWS. This is a very strategic opportunity for 1111 and all of our customers. And i think what we're also noticing is that as the the operating environment gets more and more complex people leveraging thing in their things in their own data center, various different SAS applications, things in AWS, other hyperscale clouds. The point is data protection is still critical and to be able to actually rely on, on a third party that can wrap their hands around that and enforce policy for you is where we provide a lot of value today.
So we're gonna talk a little bit about the design here. First, we're gonna talk about is managed backup Tim. I think you wanted to start here.
Yeah. Yeah, i'd love to. So this illustrates probably the most common use case we see at VAM um and a great one for the new partnership on AWS. So starting from the left hand part of the slide, VAM s bread and butter historically has been on prem capabilities. Now we we have a native AWS uh solution. But for this illustration, a traditional customer will of course back up locally.
Ho hopefully to some immutable capable repository um locally, but that's never enough protection, right? if your uh physical infrastructure is compromised through natural disaster, bad actors, so on and so forth, we have to have a backup copy off site, right? It's the the the industry standard 321 rule, right, three copies of our data, two different media, one of them being off site.
So here with this particular new offering, we'll be placing this backup copy data on uh Amazon storage. In particular S3, we'll be able to make this immutable by default leveraging S3 capabilities natively. And then also speaking to the ability to recover into a clean room, we can go ahead and take that capability um or, or we can go ahead and take this data and recover it to these particular clean rooms.
Uh what i love about this from a simplicity standpoint is that all this happens in a customer account, meaning they have control, they have visi visibility, they have an understanding of what's going on. You can see that in the managed AWS account uh boxes. So i want to ask you Avi what benefit can you speak to, to store this data in something like S3 as opposed to an on prem maybe traditional block storage type solution.
So i think there's two main benefits. The first one is the resiliency with S3, you get multiple copies of the data in S3. So in different availability zones, so even if something happens to one availability zone, you have multiple copies as you already mentioned in different availability zones. So you get that added extra resiliency as well as with immutability, you get the security and versioning in place as well.
The second main thing that you just mentioned Him is that it's in your own separate account. It's not a shared account, it's not an account that where you have data with other customers. It's your account where you have access to and you can put other resources and other workloads into that account as well.
Absolutely. Best durability, best scale best availability globally, right? These are the reasons why we partnered with AWS to deliver this service. If we if we carry on here, you know, one of the other big use cases we've seen a lot of is is the adoption of Microsoft 365. Again, a lot of gap analysis where people realize that we're responsible for the data, we being the customer, right? They're responsible to keep the service live. And this is an area where we see a lot of gaps where folks have, have really started to identify that. Wait a minute, you know, for legal reasons, accidental deletion, insider threats. I have to have a another copy of the data and we chose to actually deliver this service on AWS for a reason because AD being a global service, if it goes down, right? And you're relying on them to deliver collaboration for you, then you're simply not gonna have a path to recover, not until they restore the entire service, right?
So it makes sense to store another copy of this data outside of that platform. Tim. Do you want to talk a bit about it?
Yeah. Yeah, i'd love to speak to this solution. I mean, what i like about this solution is it shows um the change in mindset from 1111 running their VAM infrastructure instead of in a traditional on premise data center to AWS. So they receive as the managing party all the benefits that we were talking about in terms of scale capacity and so on and so forth.
So the actual infrastructure running this uh this uh backup solution living in a w gets all those benefits. We have the same scenario from a storage footprint that Avi mentioned living in a customer account, global redundancies, global footprint. In order to store data, we get the redundancy of reliability of S3.
Now with the Microsoft 365 scenario, we might not, i mean, we're not restoring this back to AWS, right? This is email, onedrive sharepoint data type things, but we still have the ability to export. We still have the ability to restore back to m 365 in a, in a, in a expeditious uh fashion. All right, that's about us. Done.
So again, thanks for your time. We really appreciate it. And again, if there's anything that we can leave with you, it's to understand the criticality of ensuring that you've got the proper data protection and the proper strategy to recover post event that takes consulting, that takes know how that takes tabletop exercises, that takes understanding what the most vital data assets are in your business today, right?
So if you're not confident in that, please give us a shout. We'd love to help. And uh i remiss if i didn't say it, you know, if you thought this is valuable or you hated us, make your opinion heard. Thanks so much. Have a great show. Thank you.
916
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
