Cyber Security

The protection of internet-connected systems, including hardware, software and data, from cyberattacks

Quest Disaster Recovery Innovation Protects Active Directory Backups from Malware Infection

Quest Software, a global systems management, data protection and security software provider, announced innovation in the latest release of Recovery Manager for Active Directory Disaster Recovery Edition that will help organizations eliminate the risk of malware re-infection throughout the Active Directory recovery process to minimize the impact of ransomware attacks. Quest Recovery Manager for Active Directory (RMAD) Disaster Recovery Edition (DRE) 10.2 introduces a new Secure Storage solution to protect Active Directory (AD) backups from malware, as well as the ability to restore AD to a clean Microsoft Azure virtual machine in the cloud. Both new capabilities will give organizations more control and confidence to prepare for and quickly recover AD from any destructive corruption or cyberattacks.

“Ransomware is the number one security threat today, with 69 percent of businesses suffering an attack in 2020 alone, and an average downtime of 21 days. Following an attack, business operations cannot be restored until Active Directory is functional again. Therefore, we believe all organizations must ensure their ransomware risk mitigation strategies include a dedicated AD recovery plan to be able to get their business back up and running as quickly and safely as possible,” said Michael Tweddle, President and General Manager, Quest Microsoft Platform Management. “RMAD DRE 10.2 allows us to continue our commitment to providing customers more flexibility, control and confidence to ensure a fast and secure recovery in the event of a worst-case scenario.”

Many headline-grabbing cyberattacks have shown that when ransomware strikes, it’s critical to restore AD first prior to restoring any business-critical databases and applications. According to one Gartner report, “The restore process from many well-documented ransomware attacks has been hindered by not having an intact Active Directory restore process1.” This is because many ransomware strains like SaveTheQueen and DopplePaymer compromise AD and leverage it to spread throughout the target organization’s systems.

Another Gartner report cited that “Increasingly sophisticated ransomware attacks are specifically targeting backup data and administrator functions.” But with Quest RMAD DRE 10.2, now generally available, organizations can protect AD backups from malware infection with the new Secure Storage solution, a hardened server that is isolated from the network according to IPSec rules with regular checks to confirm backup integrity.

And then during the recovery process, RMAD DRE 10.2 enables IT staff to create Microsoft Azure resources including virtual machines quickly and easily during AD forest recovery. This gives organizations more confidence that they are restoring AD to a readily available, secure and cost-effective machine that they can trust is clean from malware.

“This solution is more complete and met more of our needs than any other tool — others didn’t have nearly as many features, and Recovery Manager is rated much higher by reviewers,” said Johan Lindahl, IT Infrastructure Specialist at Skandia. “We did a test restore of our main Active Directory and got that working, so we feel confident that we’re prepared for an actual incident.”

 

1Gartner, Inc., “How to Recover From a Ransomware Attack Using Modern Backup Infrastructure,” Fintan Quinn, June 4, 2021.

2Gartner, Inc., “Detect, Protect, Recover: How Modern Backup Applications Can Protect You From Ransomware,” Nik Simpson, Ron Blair, January 6, 2021.