Nebulon time jumps ransomware recovery through smart-infra hack

The startups’s TimeJump tool leverages a proprietary infrastructure setup to speed up ransomware recovery that spans not only application data but also critical operating systems.

Conceptual cloud recovery image   >   Recovery gage with cloud overlay
Thinkstock

Nebulon has launched TimeJump, a ransomware recovery tool designed to restore a system in minutes after a breach. TimeJump is designed to reduce the time taken by enterprises and service providers to respond to a ransomware attack, bringing critical application infrastructure back online in minutes.

Founded in San Francisco in 2018 by four ex-HPE executives, Nebulon offers a cloud-hosted control plane for managing enterprise infrastructure called Nebulon ON.

Conventional ranswomware recovery techniques, including those provided by 3-tier and hyper-converged infrastructure (HCI) vendors, typically involve taking snapshots of customer data and using them for recovery.

This technique does not extend to the operating system and other critical infrastructure however, meaning security professionals must revert to backups. Also, in software-defined-storage (SDS) systems, the storage services are often running on the same set of disks compromised by the malware, making snapshot recovery difficult and time-consuming.

Nebulon is looking to solve these problems with TimeJump, through server-embedded services processing units (SPU), an infrastructure approach that installs and operates a separate security domain from the host’s CPU, memory, and network.

How Nebulon’s SPU works

Nebulon’s SPU is a peripheral component interconnect express (PCIe) card embedded in the application server that functions as an IoT endpoint. It performs a number of essential storage functions, including compression, encryption, deduplication, erasure coding, snapshots, and replication, without consuming the server’s processing, storage, or networking resources.

“Nebulon has the distinction of recovering both application and boot volume data since the SPU runs the storage services that host both the boot volumes and application data volumes,” says Siamak Nazari, CEO at Nebulon. “And because the SPU resides in a secure and isolated domain fenced off from the offending malware attack, snapshots for both boot and application data volumes can safely be taken and used to recover them.”

Nebulon captures and recovers the state of boot and data volumes from a single point in time at regularly scheduled snapshot intervals, offering different points in time that one can choose from to recover the state of the entire cluster. TimeJump has the snapshot technology and other enterprise data services run entirely on the SPU.

From an administration standpoint, the recovery process involves selecting the "Restore nPod" action from the Nebulon user interface, picking a restore point, and confirming the action. Nebulon’s nPods are the basic units of deployment and configuration, created via the user interface, API, or SDK by applying a configuration template to a group of SPU equipped servers.

“Under the covers, the SPU suspends the volumes, promotes the snapshot selected as the new volume, and then instructs the server to reboot itself and come online using the newly promoted boot and data volumes,” says Nazari.

TimeJump will be hosted on Nebulon ON, the company’s cloud control plane platform, which employs end-to-end hardware-based cryptographic authentication, with communications defaulted to always-on, end-to-end encryption.

Copyright © 2022 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022