[MUSIC PLAYING] One of the toughest things to come back from is a breach scenario because you don't know what you can trust from a hardware perspective. And a lot of times even if you have good backup in place, it's not obvious how far back you have to go in order to recover from there.
There have been attackers that have breached an environment, had full access to data for months, and then they drop ransomware into it as a smokescreen. So the environment thinks that the ransomware was the attack when there was other things happening before that. So what do they do, they restore from just before the ransomware. And they think they're completely clean.
Or lets go the other way and say that ransom has come in and compromised and has locked down that environment. What does the organization do? They pay the ransom. They are able to get the data back. But the issue that caused the ransomware to take hold and get into that environment in the first place is still there. The issue is still there. It's difficult to know what was there beforehand.
So if you're trying to get back to a pre-breach scenario, or pre-breach configuration, it's very difficult to understand and be able to extract from that environment without some detailed forensics because of the nature of the different levels and sophistication of attacks. Oftentimes in a breach scenario, the real approach or the safe approach is to burn it all to the ground and start over.
Which is not realistic for most organizations. I'd say for pretty much all because the largest organizations which would have the resources, have the most interconnected systems and legacy systems where if they're down for a period of time, they're losing millions of dollars, if not billions of dollars. The smallest organizations don't have the staff or resources even if they could go through and completely restore from a breach scenario.
I think for many of the organizations that I work with, thinking about disaster recovery planning for AD, one of the first things they think about, is this something that we could even actually execute if we had to? I think that's for many of them the biggest challenge.
I think some of the roadblocks are just a sheer complication. If you read Microsoft's guidance on this, there's dozens, maybe hundreds of pages of steps that you would need to follow on if you think about a disaster situation where maybe everyone's hair is on fire to actually execute on that plan. It is pretty hard probably, when you've got a million other things going on and not to mention just the complexity of trying to test that in an isolated kind of test environment for example. It is really difficult.
So there's a couple of challenges with recovering from a breach or a ransomware. One comes from known good scenario, known good last configuration and that restoration point. And the second one is, how valid or how true is your environment after this has happened?
Can you trust it? Can you trust the hardware? Can you trust the VMware environment? Hopefully, that virtual environment gets reinstalled, gets reconfigured and spun up from a fresh environment, especially if you're just dropping VMs back on it.
I think that whether it's full force recovery or starting from bare metal, you're probably effectively doing the same steps for a large enterprise customer where they need to orchestrate that at scale. Just the sheer magnitude of the number of steps and how many times that needs to occur is probably a little daunting at best.
I think with everything that's been in the news maturity wise, a lot of people are waking up. And we certainly get a lot more questions about DR for AD and for many other things that we probably weren't getting two or three years ago before people were seeing what was going on. But probably by and large, those maturity levels are still on the lower end of the spectrum.
As far as best practices, it's got to be a plan that's achievable. And maybe it's also, you have to start somewhere whether like any other large IT project, you can't boil the ocean and expect to be successful.
But thinking to how do you break down the different types of disasters that we might run into. What are the relative likelihoods or risks and impacts and trying to solve for each of those individually as opposed to trying to solve everything at once. It will probably make for a much more achievable outcome.
[MUSIC PLAYING]
04:15