The new Cyber Recovery software is an orchestration add-on to Data Domain software, and is offered at no cost with it. While the main interest is from the high end of the customer pyramid, Dell EMC expects there will be a significant channel play.
Dell EMC has strengthened their data protection portfolio with the announcement of Dell EMC Cyber Recovery software and Dell EMC Cyber Recovery Services. As a component of a Data Domain solution, the new Cyber Recovery software manages and automates the isolation and recovery of critical data backups, to both protect against ransomware and destructive cyber attacks, and to ensure that business processes can be resumed as quickly as possible after a cyber attack takes place.
“The trigger event for this offering was really the Sony breach,” said Stefan Voss, Director of Product Management at Dell EMC. “It was an extremely sophisticated attack on storage systems, and it naturally got a lot of our enterprise customers concerned. They came to our account managers, and said that we had a legacy in business continuity and that we should provide some additional protection here.”
Voss indicated that the core development work on the software came from the engineering resources around data protection, and the elements of the DNA from RSA and Secureworks were also involved.
“We worked with our counterparts with RSA and Secureworks, but the core piece is the recovery piece,” Voss said. “It’s not just the technology that’s involved. It’s also a process.”
That process has been ‘productized’ here for the first time with the Cyber Recovery software.
“This is the first time that we have offered something like this,” Voss said. “Earlier, we did consulting-driven deployments involving scripts to orchestrate workflow, but we have never productized anything to this extent as we have here. We have also emphasized putting the user experience first in designing the software.”
The Cyber Recovery software provides automation, workflow and security analytics tools to ensure gold copies of critical data are isolated within a Cyber Recovery Vault, to be removed from the attack surface. The CR Vault lets customers perform security analytics on the retained data without having to perform a restore, which could activate malware that may be present in the protected dataset.
“Our new REST API automation framework is the centerpiece here, which lets us integrate with analytics packages seamlessly,” Voss said. These integrations with software packages like Index Engines CyberSense apply over 40 heuristics to determine indicators of compromise.
Dell EMC Cyber Recovery software is provided at no-cost with a Dell EMC Data Domain purchase and upgraded to DDOS 6.0.x and higher. Voss stressed however, that this is an enterprise product designed to provide another layer of protection, and not some free add-on.
“It’s not really free,” he said. “The Cyber Recovery software is the orchestration add-on element, but you still need the dedicated network and the management software, and the Data Domain software. Our job from a software perspective is to make it easy to get data in the vault, and to make the decisions you want based on policies.”
In addition to the software, Dell EMC is also offering new Cyber Recovery Services that can be tailored to the customer’s exact data protection needs.
“When you buy Data Domain, you now get the orchestration software and can build the vault, but the services allow you to customize,” Voss said. “That’s especially important if you have non-standard configurations. The services also do a lot of the upfront work around understanding how the data best maps to get more granularity.”
The services include a one-day Workshop around Dell EMC best practices for business resiliency with a strong focus on cyber recovery. There is also an advisory service that builds on the Workshop by adding development of a high-level cyber recovery strategy customized for the customer. A third service, Advisory and Roadmap, in turn builds on the advisory service with recommendations for an optimized implementation roadmap. This includes developing a cyber recovery maturity model report, which benchmarks the customer’s current state against industry best practices, and a critical materials workshop and information session to collect data on the customer’s applications to understand criticality to the business.
Two other sets of services, around Deployment and Implementation are also available. The Deployment services can be added to the ProDeploy Enterprise Suite or purchased separately and are available in two variations to fit customer needs. The Implementation services can include hardening of additional Dell EMC technology, developing detailed operational procedures and implementing custom dashboards and reporting.
“These two services are available in multiple configurations, depending on the amount of work involved,” Voss said.
Dell EMC expects that large customers will show the most interest in the new software and services, but that the market will be broader than that.
“We are seeing the most demand from the top of the pyramid – the large enterprise customers, particularly in financial services and regulated industries, but we are seeing an interest in the Commercial market as well,” Voss said.
Similarly, while this will be a logical offering for Dell’s direct business, Dell EMC also expects a significant channel component.
“Some of our specialized partners have a lot of capabilities in this area, and customer concerns about recovery issues are very relevant to them,” Voss said. “We have enabled partners and done workshops with them as part of this productization, and have provided an enablement kit, training and documentation. While there is a strong direct consulting play, the only way to scale this is through partners.”