One method for resilience is to take daily or frequent backups. If machines are compromised, they can then be wiped or destroyed and data restored to new ones.

The problem is threefold once a machine is compromised:

  • You may have backed up nothing
    • the attacker can compromise backups to make it look like they’re being done when they’re not.
  • You may have backed up malware
    • Depending on how long it’s taken to discover the compromise, the data may have backed up the malware that you will then reinstall onto the machines
  • The back up may not be correct
    • The backups may have been degraded. This can be checked with test restores.

Leave a Reply

Your email address will not be published. Required fields are marked *