Veeam Oxford Style Debate - Episode 1

I did videos for that course but was not involved in the actual production of the course material so can’t really comment. I can only do so much 🤣and with all of this travelling I need time for my beauty sleep 😂, ok well sleep 🤐

Hi ​@Madi.Cristil, before Geoff jumps in, I would argue that this exact certification question and explanation actually support the 'FOR' argument perfectly.

Look at the core requirement: 'Resilience requires architecture, immutability, and validation together.' Let’s run a simple thought experiment and take immutability entirely out of the picture.

Imagine an organization has every single defense-in-depth control active, but a breach still happens and their traditional backups are wiped out. What should they do next? ... negotiate, and pay the ransom probably!

The answer for most businesses! That is exactly why immutability is the foundational pillar of the entire recovery strategy. It is the one control that completely changes the outcome of a breach when everything else fails.

… I see where the the disagrement is coming from. The word only as ​pointed out in the recap. 

To wrap up my thoughts on this thread, I am glad we all agree that cyber resilience is not an 'either/or' proposition. It demands a robust, layered security strategy. No argument there.

But we must explicitly acknowledge the foundational role of immutability. While tools like MFA, segmentation, and EDR work tirelessly to prevent and detect attacks, immutability has one distinct, non-negotiable job: guaranteeing backup integrity when those front-line controls fail.

I think we should all get big pay raises because we are all so smart, who disagrees? 😄

Thant’s me! 😎

Hi ​@Madi.Cristil, before Geoff jumps in, I would argue that this exact certification question and explanation actually support the 'FOR' argument perfectly.

Look at the core requirement: 'Resilience requires architecture, immutability, and validation together.' Let’s run a simple thought experiment and take immutability entirely out of the picture.

Imagine an organization has every single defense-in-depth control active, but a breach still happens and their traditional backups are wiped out. What should they do next? ... negotiate, and pay the ransom probably!

The answer for most businesses! That is exactly why immutability is the foundational pillar of the entire recovery strategy. It is the one control that completely changes the outcome of a breach when everything else fails.

… I see where the the disagrement is coming from. The word only as ​pointed out in the recap. 

To wrap up my thoughts on this thread, I am glad we all agree that cyber resilience is not an 'either/or' proposition. It demands a robust, layered security strategy. No argument there.

But we must explicitly acknowledge the foundational role of immutability. While tools like MFA, segmentation, and EDR work tirelessly to prevent and detect attacks, immutability has one distinct, non-negotiable job: guaranteeing backup integrity when those front-line controls fail.

​@Iams3le really love how you keep bringing arguments ! 😉

Ah yes, I forgot about your beauty sleep 😂

I’m interested in judging if you need people. or participating. 

This was fun, I can’t wait for more of them, but maybe not something that is more opinion than fact as we all know Immutability is important, but only part of the solution.

Here are a few off the top of my head that might work.

Immutability vs air gap.

Snapshots vs Backups for an application upgrade.  

Fiber Channel VS iSCSI 

Object Vs Block Storage for repository

Linux vs Windows Veeam servers and repositories.

Is NVME worth the price for your backup storage?

Better to back up more frequently, or retain for longer periods?

Replication vs Backups for DR

I feel those topics I could argue points for either side. 

Hey ​@Scott ! I agree, we have to find more debatable topics 😉Have a nice Sunday! 

Ohhhhh…. ​@Scott ...wants to debate FC vs iSCSI???? GAME ON BUD! 😂🤣🤣💪🏻

If that sounds like a good, debatable topic , we can use it in the next months ! Will ask ​@Scott to put it in more words 😁

or Beer vs Wine 😉😎🙄😜

(Beer of course!)

Happy week to everyone!

“Immutable backups are the only effective defense against ransomware.”

Against.

Ransomware is not just about data destruction, but a threat involving initial access, lateral movement, privilege escalation, and data exfiltration. Other crucial components of the architecture are compromised after the ransomware incident. A recovery plan must address all stages of remediation and defense strengthening to prevent further attacks and business disruption.

Recommended reference: NIST Cybersecurity Framework 2.0 and NIST Special Publication SP 800-61 about Incident Response.

I´m challenging ​​@Dynamic 

Hi ​@Madi.Cristil, technology specific topics might not generate the volume of engagement as we have seen in this debate. Feel free to experiment that as well. 

… Here is another controversial topic that will generate a lot of FORs’ and Againsts’: Are frequent password rotations still necessary in environments protected by MFA? or “Should organizations abandon mandatory password expiration policies when MFA is enforced?

 

Joking, It could be a good debate ​@Iams3le  !

Hi ​@Madi.Cristil, technology specific topics might not generate the volume of engagement as we have seen in this debate. Feel free to experiment that as well. 

… Here is another controversial topic that will generate a lot of FORs’ and Againsts’: Are frequent password rotations still necessary in environments protected by MFA? or “Should organizations abandon mandatory password expiration policies when MFA is enforced?

 

Joking, It could be a good debate ​@Iams3le  !

🤣🤣

Luckily there are so many topics out there and you guys are very helpful, I am sure we can find some really good debatable ones 😉

Sorry for late response, busy times... just read the mention and thanks for challenging me Luiz! 
To be honest, I didn’t read every feedback/answer in this thread, but I really like this kind of conversation.
I’m on team AGAINST as well.

Immutable backups are one worthy pillar against ransomware, but for sure not the only one. Speaking of 3-2-1-1-0 it’s a main part of our golden rule to keep our customers business running! But keep in mind, there are some other factors in this rule as well.
Consider your whole restore points are protected by immutability, but not even a single backup would be able to recover.
Think about a regular restore plan, with features like SureBackup, VRO and stuff like this. You have to verify and also to document that your backups are also able to bring you back in business!
Ask yourself this: How good is an immutable backup if your recovery time is 72 hours, your SLAs are breached, your customers are gone - and the attacker maybe sold your data on the darknet?

Ransomware doesn't only care about your backup repositories. It targets also your production environment, your AD, your credentials and your trust... An immutable backup doesn't stop the attacker to settle in your environment for weeks/months before you even notice. It doesn't prevent data exfiltration. It doesn't stop double extortion.
Effective ransomware defense is a layered strategy: network segmentation, MFA, XDR, privileged access management, regular patching, security awareness training - and yes, also immutable backups!

Let me know your thoughts ​@lukas.k!

🤷

🤷

🤣

“Immutable backups are the only effective defense against ransomware.”

Against.

 

….

I´m challenging ​​@Dynamic 

 

 

Sorry for late response, busy times... just read the mention and thanks for challenging me Luiz! 
To be honest, I didn’t read every feedback/answer in this thread, but I really like this kind of conversation.
I’m on team AGAINST as well.

Immutable backups are one worthy pillar against ransomware, but for sure not the only one. Speaking of 3-2-1-1-0 it’s a main part of our golden rule to keep our customers business running! But keep in mind, there are some other factors in this rule as well.
Consider your whole restore points are protected by immutability, but not even a single backup would be able to recover.
Think about a regular restore plan, with features like SureBackup, VRO and stuff like this. You have to verify and also to document that your backups are also able to bring you back in business!
Ask yourself this: How good is an immutable backup if your recovery time is 72 hours, your SLAs are breached, your customers are gone - and the attacker maybe sold your data on the darknet?

Ransomware doesn't only care about your backup repositories. It targets also your production environment, your AD, your credentials and your trust... An immutable backup doesn't stop the attacker to settle in your environment for weeks/months before you even notice. It doesn't prevent data exfiltration. It doesn't stop double extortion.
Effective ransomware defense is a layered strategy: network segmentation, MFA, XDR, privileged access management, regular patching, security awareness training - and yes, also immutable backups!

 

Let me know your thoughts ​@lukas.k!

I like that POV, Markus! And mostly really liked the image - this time AI did a good job , it makes it super visual !

🤷

🤣

… to approach that exam, one needs to think differently. I see your question in this light as well.

I am challenging ​@HunterLAFR :) 

challenge accepted"
dificulty level up! AGAINST!!
Change my mind!
 

 

I tend to agree with this point.

Immutable backups can still be compromised — just not in the usual way people think about.

I’m not talking about someone hacking or deleting your data. I mean something much simpler: physical damage to the hardware.

If your storage system or tape library stops working due to accidental or deliberate damage, it doesn’t really matter how well you’ve configured immutability — you can’t recover what you can’t access.

Yes, best practice says you should have copies on different media, ideally stored in another location , but what if chaos theory happens as totally random events happen at the exact moment to the backup copy too. Now what do you do? 

But honestly, how many people actually test restoring from their offsite backups?

Thanks ​@HunterLAFR! 

I am also against the statement. and since I am already late with my response ​@Scott has a very valid answer on this topic.

Thank you for the nomination ​@Dynamic. Since you look look extremely sexy on the photo you created, I will not steal the show by creating my own picture. 😊

“Immutable backups are the only effective defense against ransomware.”

That is true. And that is false. Here’s why:

What is defense? What do you declare as defense? I had the opportunity (which is very valuable for me) to work with customer on cyber incidents. Good for me to lear, of course, bad for the customers.

It should never happen, that you just start restoring workloads from any kind of backup after a cyber incident. As a German, I’m not only talking about regulations, involving the police, crying (just kidding), pushing forward with law enforcement, more crying (again kidding) and discussing how to process - you should have a defense strategy. This should not only include backups - with backups and their availability alone, you will never be able to recover from incidents. You should - from my pov - focus on the restore more, because this matters most.

But yes, immutability plays a significant role in this. Without proper immutability, you can end up having nothing. Nothing to restore, no more data, no more business. Immutability is crucial, but alongside that, having a strategy is crucial on the same level - but on a different “path”.

This is what makes this complex. From my previously generated experience, I haven’t seen companies recovery from successful ransomware attacks completely in less than 1 year. Of course, I can only talk for the German customer market, but however, resilience starts with communication, plans and having set-in-stone strategies, ready to pull up when it matters most and when time is money.

Let’s face the reality: Backups are like an insurance. Ideally, you’ll never need it, but there only has to be a single issue and you’ll be more than glad you have it. Talking about mathematical possibilities - it’s no longer a matter of “does it happen”, but of “when does it happen”.

Long story short (no AI involved here, so let’s play hide & seek with typos 😊): I’m on team against as well. I’ve always been a friend of “whole pictures”.

What’s your call ​@leaha?

Hochachtungsvoll (faithfully)

Lukas

Im gunna have to go with Against, as much as it feels almost a little wrong

Yes, immutability plays a huge part on defending against ransomware, having been called in for a customer who lost literally everything in an attack, and I really mean everything, and the only thing left standing that actually saved their bacon was their Veeam immutable repository, it is super important for ensuring backups cant be changed after the backup window

However, attackers are clever, and its not enough, you need robust security tools to detect when the enter your environment
Why? Because attackers enter the environment, often undetected, and the wait, VERY patiently, working out your backup strategy, what your GFS policies are, compromising machines so they have a back door, but not now, for when they need it, and it often goes un-noticed

Then they wait the backup window out so your last backup that was clean has been aged out, thats when the strike, now, they dont care if you restore or recover anything, the second it touched the network its immediately compromised again

You need tools to help remove that back door if its too late, or ideally, detect changes in the system so you can see when they entered the systems and remove them