The importance of two-factor authentication.
As children, knock-knock jokes are funny. They are silly. They still make me chuckle, or at least groan at the bad ones.
But the premise of not knowing who is on the other side of the door can be scary! Think about IT security. The knock-knock is user authentication. Who are you letting into your network, and do you require more than just a knock-knock before you let them in?
Recent ransomware attacks exploit Active Directory
During the last week of September, several articles popped up from cybersecurity publishers detailing how a notable ransomware group is targeting backup data sets. The criminals attempt to gain control of the backup administrator passwords to remove or encrypt the backups, leaving organizations without a clean set of backups to restore their data. For the victim, this is a one-two knockout punch to their organization. Their data is encrypted, and they no longer have clean or available backup copies. The result is forcing the organization to pay the ransom to de-encrypt their data.
The primary technique used to inflict damage for this attack is privileged access/escalation (gaining access to privileged credentials). Any time a threat actor can obtain administrator credentials – your organization is at risk. This would put any platform at risk, including appliance-based ones, unless the proper security controls are in place.
The need for multi-factor authentication
A multi-layered security framework that includes Authentication, Authorization, and Accounting (AAA) is critical to protect against this type of ransomware attack. AAA Security Framework includes secure authentication with a choice of multi-factor controls, and granular role-based access to lock-down capabilities and systems within their scope. Data is encrypted and has external key management support.
The authentication process is based on each user having a unique set of criteria for gaining access. Commvault enables multi-factor authentication (MFA) methods that make it highly unlikely for a valid user account to be impersonated. This allows organizations to incorporate Commvault into their zero trust architecture strategies fully.
How Commvault delivers multi-factor authentication
Commvault leverages security controls such as multi-factor authentication for everyday administrative tasks, privacy locks, and data encryption. User access can be compartmentalized, explicitly denying access while applying roles to micro-segmented groups of resources through multi-tenant configurations. For more information, see this video.
Enabling multi-factor authentication in your Commvault environment
In a Commvault environment, you can enable pin-based multi-factor authentication at the CommCell (Administrator) Level. This will prevent compromised Active Directory accounts from gaining unauthorized CommCell administrator access and protect local Commvault administrative accounts. To implement, follow these easy steps:
- For local or Active Directory logins, go to Control Panel > System > Security tab, select ‘Enable Two Factor Authentication.’ For additional details, you can read: Enabling Two-Factor Authentication at the CommCell Level (Administrator).
- For external Identity providers like Azure AD, ADFS, OKTA, and more – enable multi-factor authentication with the provider for seamless integration with Commvault. This allows organizations to use many pin and passwordless-based MFA features (such as hardware keys from Yubikey) to lock down authentication requests.
That’s it, simple.
Multi-factor authentication is an important component to multi-layered security and protecting against ransomware. Ransomware protection and recovery does not have to be scary. To learn more about how you can protect, detect, and recover from ransomware, visit: www.commvault.com/ransomware