Acronis engineers made it possible to inspect not only one big backup but also archived slices for malware. We can mount the first slice of a plurality of slices in a backup archive to a disk, wherein the first slice is an image of user data for the first time. Acronis technology can detect a modified block of the mounted slice, identify files in the mounted first slice that correspond to the detected modified block, and scan specific files for viruses and other malicious software. This approach also allows Acronis to generate a cured slice that comprises the user data of the mounted first slice without the inclusion of malicious files. By scanning in centralised locations, Acronis Cyber Protect allows users to:
• Reduce loads on client endpoints
• Restore only clean data
•Increasethepotentialofrootkitandbootkitdetections(whicharenoteasilydetectedduringthefirst on-access or on-demand scans)
That means admins can perform a regular backup scan and each of their clients’ backup increments can be scanned for malware in a centralised location. For the first release of Acronis Cyber Protect only Acronis Cloud storage is supported as a centralised location. In future iterations, support will expand to Amazon, Google, Microsoft, and other popular cloud storage environments.
This done, an admin not only has points of recovery but indicated “safe recovery points” where no malware was detected.
An admin can use the Acronis Cyber Protect management console to see in detail what infected files were found and when they appeared. From there they can eliminate the malware from backup slices and restore a clean copy of their data. All backup scans performed through Acronis Cyber Protect use the latest malware definitions, so even if unknown malware wasn’t detected initially, it will be identified during the next full backup scan.
Backups can also be scanned locally if needed. For example, when a network share is used for backup volume storage in a small company. File storage can be covered without an Acronis Cyber Protect agent. In this case, it can be scanned from any machine in the network that has access to the storage and has an Acronis Cyber Protect agent installed. The next step is to get rid of potential vulnerabilities inside the software in the full disk/volume backup. There are many real cases when malware spread over a local network and infected machines through a single unpatched vulnerability. Machines were reinfected after restoration simply because malware quickly infected again as soon as the OS working environment was back online. To avoid such dangerous situations software can be patched during the full machine restore operation, thus eliminating the opportunity for malware to exploit the vulnerability. Acronis Cyber Protect will be able to do so soon, the functionality is now in development, going through testing and quality assurance.
Stop compromising. Trust in top-level anti-malware protection
Malware infects backups quite often. Some companies can scan backups in a centralised location but it takes a lot of time to perform consecutive regular scans. Active malware can also infect unpatched disk images all over again. Daily or even weekly full disk on-demand scans take a lot of time and often can’t be done in non-working time, meaning employees are constantly disturbed by scans and can lose productivity.
But there is a better way to provide anti-malware protection: do quick scans of endpoints and the remaining scan in the centralised location after backup. This ensures you don’t need to compromise between performance and security with Acronis Cyber Protect. In this new innovative product from Acronis, cybersecurity and top backup technologies are integrated into one agent. As a result, we can cover both of these essential aspects of cyber protection and eliminate modern threats. Admins gain the ability to scan backups much faster than with other solutions and the confidence that their system can be restored without any malware or reported vulnerabilities.