The last few years have witnessed an increase in the number of ransomware attacks aimed at disrupting businesses to extract a ‘ransom’ from the victims. As a result, organizations have employed various measures to ensure their data is well protected from any such attacks and there are ways to recover effectively. Business Continuity and Disaster Recovery (BCDR) forms an important part of the overall ransomware & malware protection strategy to minimize data loss and allow affected systems to recover as quickly as possible. We had earlier released a solution that demonstrates integration of Azure Backup with Microsoft Defender for Cloud for detection and response to alerts to accelerate response.
In this article, we will see how Azure Site Recovery offers an automated way to help you ensure that all your DR data, to which you would fail over, is safe and free of any malware using Microsoft Defender for Cloud.
Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. After the primary location is running again, you can fail back to it. Azure Site Recovery provides Recovery Plans to impose order, and automate the actions needed at each step, using Azure Automation runbooks for failover to Azure, or scripts.
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities.
In this solution, an Azure Site Recovery (ASR) recovery plan is utilized to execute a at the time of failover to automatically initiate Microsoft Defender on the failed-over virtual machines. Microsoft Defender then scans the new virtual machine, which is created as a result of the failover, to ensure that it is free of malware. In case of issues like malware being detected in the newly failed over VM, an alert is created in Defender for further actions.
This solution also provides an optional mitigation which can help you to automatically fail over to an on older recovery point till a malware-free failed-over VM is achieved. Any malware infected (failed-over) virtual machines that are created in the process are also automatically deleted.
This solution can be used for Azure to Azure (A2A) or VMWare to Azure (V2A) scenarios.
For virtual machines protected using ASR, follow the steps mentioned below to recover your data from a recovery point which is free of malware.
Note: It is important to note that a key step of this process is to enable auto-provisioning of Defender, which enables Defender for all virtual machines in the subscription and scans them for malware.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.