I'm working with Commvault and need some advice on how to make sure that when we roll back data or VMs, we don't inadvertently restore a version that's infected with malware or has known vulnerabilities. Do teams typically scan their backups or snapshots before restoring them? What processes are in place to validate these backups prior to recovery?
5 Answers
Taking backups more frequently is a practical approach to mitigating risks. This way, you’ll often have a fresher backup to recover from, decreasing the likelihood of it containing known unpatched vulnerabilities. Including a vulnerability scan in your backup testing procedures can also pay off; that way, even if access to older backups is needed, you can check for known issues before a restore.
If you want to be thorough, you should roll back further than you might initially think and perform a scan on that version.
Let’s be real; scanning a full backup before restoration can take forever, and every minute counts when downtime affects a client. With Commvault, you can mount the VM and scan with an antivirus before copying it to production. I find that restoring in an isolated VLAN without access to the internet is the safest and quickest procedure. First, bring up the VM in a sandbox environment, install your up-to-date EDR agent, then do a quick scan. If you’re restoring after a known vulnerability incident, make sure to apply the patches before reconnecting to the network.
It’s tough to guarantee a complete safety check. You can only really consider it if you have a staging environment set up. Here, you could spin up a backup in isolation, run all your checks, and only then do the actual restore to production. Without that, there's no way to detect malware or vulnerabilities in non-running images.
All of our backups undergo scanning with Veeam before being restored. It's a key step for us.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures