Goodbye to Ransomware: 2-Step Protection for Kubernetes Applications
While ransomware attacks have had a huge impact on traditional applications for years, Kubernetes environments are also at risk. As the number and magnitude of Kubernetes applications increase, so do malicious attacks on those applications.
Ransomware is a serious problem for enterprises — and getting more serious by the minute. In 2020 alone, there were 304 million ransomware attacks worldwide — a 62% increase from 2019. The average amount of ransom demanded? $178,000.
With the recent release of Kasten K10 4.0, Kasten by Veeam is the first industry player to introduce a Ransomware Protection solution, aimed at protecting cloud-native applications that run in Kubernetes environments. In this post, l explain the unique characteristics of cloud-native applications that require a purpose-built solution, and how Kasten’s Ransomware Protection Solution makes it easy to protect your Kubernetes clusters from an attack.
Deployment Patterns and Scale Call Require a Unique Approach
Kubernetes applications have some unique characteristics that must be addressed in a ransomware protection solution.
First of all, deployment patterns are different. Whereas traditional hypervisor-based applications are self-contained — there’s the application, the operating system, and the config files — a cloud-native application is made up of multiple microservices that are stored on different nodes, which may or may not be running hypervisors. To add to the complexity, the microservices are constantly getting rescheduled between different nodes.
Second, cloud-native applications not only include microservices, but also Kubernetes objects that contain the networking compute and storage information (i.e. config maps or secrets). As a result, the number of objects that you need to protect is much larger.
In other words, you’re working in a brand new DevOps environment with a different ecosystem, at an unprecedented scale. This requires not only a technology shift but an operational shift, as well, and the ability to implement the right protection policies without slowing down development or deployment cycles.
Why Kubernetes Applications are Vulnerable
Developing Kubernetes applications often involve open-source libraries of code. Sometimes, bugs in the code or misconfigured access permissions can be exploited upon installation or runtime, either accidentally or maliciously, and criminals may seize control of your entire cluster or application. What’s more, as Kubernetes is updated every quarter, and if you don’t stay on top of those updates and patches, your applications may contain vulnerabilities.
At Kasten, we reach out to customers frequently and post content to ensure they’re aware of any available upgrades and patches and help DevOps teams keep their environments up to date.
Surprisingly, many organizations that use Kubernetes don’t yet have a backup and recovery solution in place — which is a last line of defense against an attack. As ransomware becomes more sophisticated, clusters and applications are at risk of being destroyed, and without a means to restore them, you could suffer devastating data and application loss in the case of an attack.
Key Requirements for Protecting Kubernetes Applications from Ransomware
Let’s explore four key requirements for effective Ransomware Protection in Kubernetes environments:
Backup integrity: Since backup is your last line of defense, it’s important that your backup solution is reliable, whether data is lost or corrupted accidentally or maliciously.
Accelerated recovery: When you’re being held for ransom, the ability to work quickly to recover resources is critical, as the cost of ransom typically increases over time.
Easy operations: Operations teams must work at scale across multiple clusters in hybrid environments that span cloud and on-premises locations, and contain infrastructure from different vendors providing storage, Kubernetes distributions and data services.
Cost-effective: The solution needs to work across multiple storage, distributions and locations to make sense from a budget perspective. Locking teams into one vendor doesn’t really take the ransom out of the ransomware!
Kasten’s unique approach addresses these four key requirements with a unique approach that provides immutability, automation, simplicity and freedom of choice:
Immutability: It’s critical to be confident that your backup target storage locations contain the information you need to recover applications in case of an attack. Through S3 integrations, we have included object store backup with WORM support (i.e. write once, read many) to enable immutability and customizable retention policies that define how long an application will be protected. In the case that a new administrator takes over, they can’t overwrite the application.
Policy-based automation: Kasten’s solution enables you to define policies for various operations such as backup frequency or target storage. The policies can be forward-looking, meaning as soon as an application is introduced into a cluster, the policies automatically discover it, determine the dependency map and back up everything on an ongoing basis.
Simplicity: The solution is fast and simple, enabling recovery in under 10 minutes and the ability to work at scale across multiple locations and clusters. This is a huge benefit when you’re working in a high-pressure environment following a ransomware attack.
Freedom of choice: Kasten’s solution is vendor-agnostic, providing maximum flexibility and helping you to optimize storage costs and architectures. In addition, we have integrations into Kubernetes distributions, whether public cloud providers such as Amazon EKS or on-premises providers such as Red Hat OpenShift.
Under the hood, Kasten’s next-generation data engine provides an additional level of efficiency and security, including restricted permissions, so the data stays with you or wherever you want it to be backed up.
Easy as 1, 2
Setting up Kasten’s Ransomware Protection is a simple 2-step process. Once you've installed Kasten K10, simply enable immutability when you surrender your target store, then set a protection period to ensure no one can touch your application within your chosen timeframe:
In a recent webinar, I provided a quick demo of how to set up the solution, which can be viewed on-demand here. As you will see, implementing our industry-first Ransomware Protection solution is simple and takes under 5 minutes to complete.
To get started, download a full-featured version of Kasten K10 that enables you to run 10 Kubernetes nodes for free.
Gaurav Rishi is the VP of Product and Partnerships at Kasten by Veeam. He is at the forefront of several Kubernetes ecosystem partnerships and has been a frequent speaker and author on cloud-native innovations. He previously led Strategy and Product Management for Cisco's Cloud Media Processing business. In addition to launching multiple products and growing them to >$100M in revenues, he was also instrumental in several M&A transactions. Gaurav is a computer science graduate and has an MBA from the Wharton School.
Kasten, Inc. 8800 Lyra Drive, Suite 450 Columbus, Ohio 43240
We value the critical role that the security community plays in helping us protect the confidentiality, integrity, and availability of our software, services, and information. If you have information about security vulnerabilities that affect Kasten software, services, or information, please report it to us via our HackerOne Vulnerability Disclosure Program, or anonymously via this form.