The Difference Between Backup Solutions and Anti-Ransomware Solutions

The Difference Between Backup Solutions and Anti-Ransomware Solutions First let me say this – both solutions are extremely important and must both be implemented to protect data.  And I should also say that comparing one to the other is like comparing apples to oranges.  Neither solution is a solution for the other issue.  As an […]

January 7, 2022
by Matt Elvers

The Difference Between Backup Solutions and Anti-Ransomware Solutions

First let me say this – both solutions are extremely important and must both be implemented to protect data.  And I should also say that comparing one to the other is like comparing apples to oranges.  Neither solution is a solution for the other issue.  As an anti-ransomware vendor, I would never say that our software is a solution for backup.  And I am highly disappointed when a backup vendor says they are an anti-ransomware solution.  There are quite a few reasons why backup solutions are not anti-ransomware solutions, let’s look at them.

The 500-pound gorilla in the room is that backup solutions do not stop ransomware, in fact, many anti-ransomware solutions don’t “stop” ransomware (Spoiler alert, ProLion CryptoSpike DOES stop ransomware).  So, when ransomware attacks, the first thing you need to do is stop the attack.  How are you going to accomplish this with a backup solution?  Turn off the storage array?  Take away network access?  These two techniques only stop the ransomware from doing more damage, you still need to find where the attack is coming from.  Will your backup solution tell you where the attack originated from?

So, if your backup solution is not stopping ransomware, this brings us to the next function a ransomware product needs, monitoring.  How is does a backup solution monitor for ransomware?  This is where most anti-ransomware products start working.  When ransomware attacks, if you do not have a solution that is going to stop it, you need big red flags, sirens, bells, bull horns going off telling you that ransomware is attacking, and you need to stop it fast (Hint, ProLion has already STOPPED the attack and is giving you those alerts).  Now that you know ransomware is attacking, does your backup software, or for that matter your anti-ransomware software, tell you where the attack is coming from?  Or is this still your responsibility to go figure out?

Will your backup solution tell you the exact point in time you need to go back to?  Will your backup solution tell you which files were corrupted in the attack and allow you to recover just those damaged files?

The only thing a backup solution can do is help you recover from a ransomware attack, backup solutions do not stop, and rarely monitor for ransomware attacks.  So, when looking for an anti-ransomware solution make sure you are asking the correct questions:

  1. How does your anti-ransomware solution “STOP” ransomware attacks?
  2. Does your anti-ransomware solution tell you where the attack originated from?
  3. How does your anti-ransomware solution monitor for ransomware attacks?
  4. What actions are taken once ransomware is detected by your anti-ransomware solution?
  5. Does your anti-ransomware solution give you a full lossless recording of all files affected in the attack?
  6. Does your anti-ransomware solution integrate with a backup solution?
  7. Does your anti-ransomware solution allow you to restore only the files that were affected in the attack, or do you have to restore the entire backup?
  8. Does your anti-ransomware solution act as a layer in defense in depth?
  9. Does your anti-ransomware solution work well with other security measures?

ProLion’s CryptoSpike has a real answer for all these questions, but if you are not using CryptoSpike make sure you are using these questions for evaluating other anti-ransomware products.  I do not know of one backup product that can compare to an anti-ransomware product.  Just as I do not know one anti-ransomware product that can compete as a backup product.