Sebastian Świgoń is a project manager at Talex S.A. He is involved in managing projects related to cybersecurity, particularly with the Dell Isolated Recovery solution. In our conversation, he talked about cyber threats and explained what CyberBunker is.
Why did you decide on the Dell Isolated Recovery solution?
Talex has two data processing centers and is actively interested in effectively protecting the resources of its clients stored in the Talex Data Center.
Data security has become one of the key challenges for modern businesses. We observe an increasing number of intrusions and cyber attacks leading to the loss of access to data, which, in turn, hinders business continuity. In response to these challenges, we decided to implement a solution from our long-standing, trusted partner – Dell Technology.
After analyzing the capabilities of Dell Isolated Recovery, we concluded that it is a solution that we can recommend to our clients with a clear conscience as an effective line of defense against the loss of critical data.
In the face of growing threats, CyberBunker becomes an essential tool that effectively isolates data. For our team, it is not only a business mission but also a way to provide peace of mind and assurance to clients in the face of the dynamically changing cyber landscape.
What exactly is this solution, and why is it called CyberBunker?
Dell Isolated Recovery serves as the ultimate line of defense in the security system for our clients. It functions as a digital fortress where we store crucial backup copies of critical data.
In essence, this mechanism acts like a “digital lock” that we use to secure transmitted resources. It’s important to note that, thanks to this, even if there is a potential threat (“worm”) in the data that is still inactive, there is no concern that it will affect the data stored in the digital bunker. As long as the “lock” is in place, any potential attack will not compromise the integrity of the resources.
What is truly significant is that our clients have access to protected data at any time. They can view and test it in a sandbox, as well as restore it to life from any available backup version. I emphasize once again that the digital bunker is the last resort – effectively protecting against the loss of critical information.
You’re talking about effective security. What does it entail? Can you highlight the key components of the Dell Isolated Recovery solution?
“CyberBunker” sounds robust, but in reality, it’s not a complex solution, especially when you understand the underlying concept. In the Dell Isolated Recovery solution, we can distinguish seven crucial elements. Let’s start with physical isolation. CyberBunker is located in a place with highly restricted access to network infrastructure. Access to resources is granted only to specified and identified individuals by name. In the case of the Talex Data Center, we also provide physical protection, access control, and monitoring using cameras.
The second element is DataDomain, a mass storage system used for backup, archiving, and data protection.
Another crucial element is AirGap. This solution allows the opening of a network connection on a specific port only at a designated time and in a specified location, according to a predetermined schedule. This makes the cyber bunker practically invisible on the network, significantly reducing potential threats to production infrastructure.
Another important element is establishing what is known as “Compliance” – a mechanism that guarantees the immutability of data protection within a specified timeframe, preventing their deletion or modification. Unfortunately, once compliance is set in the Cyber Recovery management console, it cannot be changed. This requires restoring the device to factory settings, which, unfortunately, results in data loss. Why? For a simple reason – remotely or from the management console, changing the compliance period could expose the data to the risk of manipulation. This mechanism ensures that transmitted data remains unchanged in the specified location.
Of course, we must not forget about analytics, or the analysis of backed-up data using Cyber Sense software, which allows checking whether the backup is free from malicious software.
Another very important element is the Backup software, which enables the restoration of environments after a failure or reviewing created backup copies in a special test environment called the Sandbox.
The Sandbox is a place where you can safely test and review data without exposing the rest of the infrastructure to risk.
All the elements I mentioned contribute to the Dell Isolated Recovery solution. And, as I mentioned, they are all interconnected, collectively forming what we call the digital bunker.
You mentioned isolation. Could you please explain how this separate space for data is created?
Production data is doubly secured. First, backups are made on DataDomain in the primary data center. Then, according to a predefined schedule, this data is replicated to the digital bunker, where another DataDomain with the Compliance feature enabled is located. The transmitted data is essentially locked, following our precise security rules. In more complex scenarios, we may even have two or more geographically dispersed data centers, providing an additional layer of security.
Does Isolated Recovery utilize virtualization technology?
There is a virtual version of the digital bunker, but as integrators, we do not recommend such a solution. Why? Because it contradicts the fundamental principles of the digital bunker, namely physical isolation. We have no control over who and when interferes with the environment. Cloud administrators are entirely unfamiliar to us. It can be assumed that in the event of data loss, responsibility would be minimal, and communication with the provider would be very challenging.
The digital bunker is not just a slogan but a physically isolated networked place, access to which is enabled only during specific time slots via AirGap. This makes it difficult for hackers to notice this place. On the other hand, physical access to the cyber bunker is limited to carefully selected individuals from the team, organization, or possibly technological partners, such as Talex S.A. It is a space under strict supervision, monitored using physical protection, access control, and cameras. Without these measures, one cannot speak of a cyber bunker.
In a few words, what do clients gain by opting for CyberBunker?
In colloquial terms, the solution allows for a peaceful sleep. It is a real Plan B for a crisis situation. Even if the primary and backup data centers are destroyed, access to the backups in CyberBunker always remains, and they cannot be removed or changed in any way until a “lock” is applied.
Since you say CyberBunker means a peaceful sleep, can you explain why on a specific example?
Let’s imagine a situation where our main production environment is compromised, and hidden ransomware appears on the servers. It patiently waits for several days before starting to encrypt data. We only discover this when the phones in the IT support department start ringing almost simultaneously. We lose access even to backups, which have also fallen victim to encryption. The consequences for the organization can be very serious.
But what if crucial data for the company’s security is protected by CyberBunker? Even if the data contains ransomware, thanks to the established Compliance mechanism, the worm becomes powerless. When analytics mechanisms detect it, we can precisely identify infected files, securing ourselves from their accidental reactivation in the restored environment. We assess the scale of the attack, test our environment in a secure Sandbox, and recover important files or databases, allowing for the rebuilding of our infrastructure. Our data is secure, the organization’s reputation is secure. And that’s why clients gain peace of mind.
You’ve already presented a certain threat and related security procedures. How does Isolated Recovery identify these threats? And are all these processes automated and require no intervention?
Yes and no.
No – because CyberBunker’s task is to protect our data and is not monitoring or indicating threats.
Yes – because it is possible to purchase software like Cyber Sense. This tool scans the backed-up data in the bunker, checking for any “worms.” Thanks to this cyclic review by Cyber Sense, we can receive early notifications of potential threats before our infrastructure suffers serious damage. It’s like an additional guard watching over the security of our data. Even if the production environment is encrypted, we can identify the source of the threat and isolate it when restoring the environment.
Who is this solution created for? In which industries and sectors can it bring the greatest benefits?
The CyberBunker environment is universal and works in various industries. The decision to invest in CyberBunker does not depend on a specific industry but rather on how long a company can operate in the market without its IT environment in case of its loss. If the systems we use are critical to business operations, and their loss would halt or significantly impede activities, considering the CyberBunker option is justified. It is worth contemplating this solution while there is still time and safeguarding against potential threats to business continuity.
Let’s talk about Talex S.A. What does placing CyberBunker in Talex Data Center offer to companies?
Primarily, security and assurance that the environment is in good hands, with all operations conducted according to established procedures. Talex Data Center holds certificates EN 50600 and ISO 22237, confirming the highest class in each category of these standards. Our data centers are located in Poznań and Wrocław, providing environmental, fire, energy, communication security, as well as physical protection, access control, and access monitoring using cameras. In both centers, we offer the “remote hands” service. If you want a trusted person to verify CyberBunker logs and statuses, potential administrators are defined, and their access is monitored by access control and camera monitoring. We allow viewing environment logs using CCTV cameras, meaning remote, isolated monitoring of CyberBunker. Remember that the environment is meant to be as isolated as possible.
Every company has different needs. Is Dell Isolated Recovery easily adaptable to these needs?
Yes, absolutely. The solution is flexible and can be adjusted to the amount of stored data. It’s essential to emphasize that the digital bunker aims to protect the most crucial and critical data. Therefore, it is not necessary to store all resources in it, only those essential for the company’s operation. We focus on those without which recreating the production environment would be impossible, ensuring effective protection and access to the most critical resources. This approach allows optimizing the use of CyberBunker according to the company’s real needs and priorities.
Sebastian, thank you for the comprehensive conversation and for shedding light on the topic of CyberBunker.
I also thank you. CyberBunker is one of our key tools in dealing with data security challenges. In today’s world, where cyber attacks are becoming more advanced, our priority is to provide clients with effective protection against the loss of critical information. I’m glad I could provide a broader perspective on this topic, and I hope that in the future, we will hear less about successful cyber attacks.